Bug 307319 - Certificate details show incorrect public key information
r=rrelyea
--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@@ -125,16 +125,17 @@ CertDumpValidity=Validity
CertDumpNotBefore=Not Before
CertDumpNotAfter=Not After
CertDumpSPKI=Subject Public Key Info
CertDumpSPKIAlg=Subject Public Key Algorithm
CertDumpAlgID=Algorithm Identifier
CertDumpParams=Algorithm Parameters
CertDumpRSAEncr=PKCS #1 RSA Encryption
CertDumpRSATemplate=Modulus (%S bits):\n%S\nExponent (%S bits):\n%S
+CertDumpECTemplate=Key size: %S bits\nBase point order length: %S bits\nPublic value:\n%S
CertDumpIssuerUniqueID=Issuer Unique ID
CertDumpSubjPubKey=Subject's Public Key
CertDumpSubjectUniqueID=Subject Unique ID
CertDumpExtensions=Extensions
CertDumpCertType=Netscape Certificate Type
CertDumpNSCertExtBaseUrl=Netscape Certificate Extension Base URL
CertDumpNSCertExtRevocationUrl=Netscape Certificate Revocation URL
CertDumpNSCertExtCARevocationUrl=Netscape Certificate Authority Revocation URL
--- a/security/manager/ssl/src/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/src/nsNSSCertHelper.cpp
@@ -42,16 +42,17 @@
#include "prerror.h"
#include "prprf.h"
#include "nsNSSCertHelper.h"
#include "nsCOMPtr.h"
#include "nsNSSCertificate.h"
#include "cert.h"
#include "keyhi.h"
+#include "secder.h"
#include "nsNSSCertValidity.h"
#include "nsNSSASN1Object.h"
#include "nsNSSComponent.h"
#include "nsNSSCertTrust.h"
#include "nsIDateTimeFormat.h"
#include "nsDateTimeFormatCID.h"
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
@@ -607,35 +608,48 @@ GetOIDText(SECItem *oid, nsINSSComponent
#define SEPARATOR "\n"
static nsresult
ProcessRawBytes(nsINSSComponent *nssComponent, SECItem *data,
nsAString &text, PRBool wantHeader = PR_TRUE)
{
// This function is used to display some DER bytes
// that we have not added support for decoding.
- // It prints the value of the byte out into a
- // string that can later be displayed as a byte
- // string. We place a new line after 24 bytes
- // to break up extermaly long sequence of bytes.
+ // If it's short, let's display as an integer, no size header.
+
+ if (data->len <= 4) {
+ int i_pv = DER_GetInteger(data);
+ nsAutoString value;
+ value.AppendInt(i_pv);
+ text.Append(value);
+ text.Append(NS_LITERAL_STRING(SEPARATOR).get());
+ return NS_OK;
+ }
+
+ // Else produce a hex dump.
if (wantHeader) {
nsAutoString bytelen, bitlen;
bytelen.AppendInt(data->len);
bitlen.AppendInt(data->len*8);
const PRUnichar *params[2] = {bytelen.get(), bitlen.get()};
nsresult rv = nssComponent->PIPBundleFormatStringFromName("CertDumpRawBytesHeader",
params, 2, text);
if (NS_FAILED(rv))
return rv;
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
+ // This prints the value of the byte out into a
+ // string that can later be displayed as a byte
+ // string. We place a new line after 24 bytes
+ // to break up extermaly long sequence of bytes.
+
PRUint32 i;
char buffer[5];
for (i=0; i<data->len; i++) {
PR_snprintf(buffer, 5, "%02x ", data->data[i]);
AppendASCIItoUTF16(buffer, text);
if ((i+1)%16 == 0) {
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
@@ -1797,21 +1811,42 @@ ProcessSubjectPublicKeyInfo(CERTSubjectP
ProcessRawBytes(nssComponent, &key->u.rsa.publicExponent, data2,
PR_FALSE);
const PRUnichar *params[4] = {length1.get(), data1.get(),
length2.get(), data2.get()};
nssComponent->PIPBundleFormatStringFromName("CertDumpRSATemplate",
params, 4, text);
break;
}
+ case ecKey: {
+ displayed = true;
+ SECKEYECPublicKey &ecpk = key->u.ec;
+ int fieldSizeLenAsBits =
+ SECKEY_ECParamsToKeySize(&ecpk.DEREncodedParams);
+ int basePointOrderLenAsBits =
+ SECKEY_ECParamsToBasePointOrderLen(&ecpk.DEREncodedParams);
+ nsAutoString s_fsl, s_bpol, s_pv;
+ s_fsl.AppendInt(fieldSizeLenAsBits);
+ s_bpol.AppendInt(basePointOrderLenAsBits);
+
+ if (ecpk.publicValue.len > 4) {
+ ProcessRawBytes(nssComponent, &ecpk.publicValue, s_pv, PR_FALSE);
+ } else {
+ int i_pv = DER_GetInteger(&ecpk.publicValue);
+ s_pv.AppendInt(i_pv);
+ }
+ const PRUnichar *params[] = {s_fsl.get(), s_bpol.get(), s_pv.get()};
+ nssComponent->PIPBundleFormatStringFromName("CertDumpECTemplate",
+ params, 3, text);
+ break;
+ }
case dhKey:
case dsaKey:
case fortezzaKey:
case keaKey:
- case ecKey:
/* Too many parameters, to rarely used to bother displaying it */
break;
case nullKey:
default:
/* Algorithm unknown */
break;
}
SECKEY_DestroyPublicKey (key);