VirtualBox

Browse Source

Changeset 60341 in vbox for trunk

Timestamp:

Apr 5, 2016 11:37:57 PM (9 years ago)

Author:

vboxsync

Message:

ICertificate, Import wizard: Some adjustments to make it do and show what comment 22 indicated. Note that the 3rd case (mismatching signature) is handled via errors set by Appliance::i_readTailProcessing.

Location:

Files:

: 6 edited

Frontends/VirtualBox/src/wizards/importappliance/UIWizardImportAppPageBasic2.cpp (modified) (9 diffs)
Frontends/VirtualBox/src/wizards/importappliance/UIWizardImportAppPageBasic2.h (modified) (4 diffs)
Main/idl/VirtualBox.xidl (modified) (3 diffs)
Main/include/CertificateImpl.h (modified) (3 diffs)
Main/src-server/ApplianceImplImport.cpp (modified) (2 diffs)
Main/src-server/CertificateImpl.cpp (modified) (10 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/Frontends/VirtualBox/src/wizards/importappliance/UIWizardImportAppPageBasic2.cpp

-              r60339
+              r60341
 /*********************************************************************************************************************************
 *   Class UIApplianceCertificateViewer implementation.                                                                           *
+*   Class UIApplianceCertificateViewer.                                                                                          *
 *********************************************************************************************************************************/
 UIApplianceCertificateViewer::UIApplianceCertificateViewer(QWidget *pParent, const CCertificate &certificate)
+UIApplianceUnverifiedCertificate::UIApplianceUnverifiedCertificate(QWidget *pParent, const CCertificate &certificate)
     : QIWithRetranslateUI<QIDialog>(pParent)
     , m_certificate(certificate)
     , m_pTextLabel(0)
     , m_pTextBrowser(0)
+    , m_pTextLabel(NULL)
+    , m_pTextBrowser(NULL)
+{
     /* Prepare: */
 …
+}
 void UIApplianceCertificateViewer::prepare()
+void UIApplianceUnverifiedCertificate::prepare()
+{
     /* Create layout: */
 …
             pLayout->addWidget(m_pTextLabel);
+        }
         /* Create text-browser: */
         m_pTextBrowser = new QTextBrowser;
 …
             pLayout->addWidget(m_pTextBrowser);
+        }
         /* Create button-box: */
         QIDialogButtonBox *pButtonBox = new QIDialogButtonBox;
 …
+        {
             /* Configure button-box: */
+            pButtonBox->setStandardButtons(QDialogButtonBox::Ok);
+            pButtonBox->button(QDialogButtonBox::Ok)->setShortcut(Qt::Key_Enter);
+            pButtonBox->setStandardButtons(QDialogButtonBox::Yes | QDialogButtonBox::No);
+            pButtonBox->button(QDialogButtonBox::Yes)->setShortcut(Qt::Key_Enter);
             connect(pButtonBox, SIGNAL(accepted()), this, SLOT(close()));
+            //pButtonBox->button(QDialogButtonBox::No)->setShortcut(Qt::Key_Esc);
+            connect(pButtonBox, SIGNAL(rejected()), this, SLOT(close()));
             /* Add button-box into layout: */
             pLayout->addWidget(pButtonBox);
 …
+}
 void UIApplianceCertificateViewer::retranslateUi()
+void UIApplianceUnverifiedCertificate::retranslateUi()
+{
     /* Translate dialog title: */
+    setWindowTitle(tr("Certificate Information"));
+    setWindowTitle(tr("Unverifiable Certificate! Continue?"));
     /* Translate text-label caption: */
+    m_pTextLabel->setText(tr("<b>The X509 certificate exists but hasn't been verified or trusted. "
+                             "You can proceed with the importing but should understand the risks. "
+                             "If you are not sure - just stop here and interrupt the importing process.</b>"));
+    if (m_certificate.GetSelfSigned())
+        m_pTextLabel->setText(tr("<b>The appliance is signed by an unverified self signed certificate issued by '%1'. "
+                                 "We recommend to only proceed with the importing if you are sure you should trust this entity.</b>"
+                                 ).arg(m_certificate.GetFriendlyName()));
+    else
+        m_pTextLabel->setText(tr("<b>The appliance is signed by an unverified certificate issued to '%1'. "
+                                 "We recommend to only proceed with the importing if you are sure you should trust this entity.</b>"
+                                 ).arg(m_certificate.GetFriendlyName()));
     /* Translate text-browser contents: */
     QStringList info;
+    KCertificateVersion ver = (m_certificate.GetVersionNumber());
+    info << tr("Certificate Version Number: %1").arg(ver);
+    info << tr("Certificate Serial Number: 0x%1").arg(m_certificate.GetSerialNumber());
+    info << tr("Certificate Authority (CA): %1").arg(m_certificate.GetCertificateAuthority() ? tr("True") : tr("False"));
+    info << tr("Certificate Self-Signed: %1").arg(m_certificate.GetSelfSigned() ? tr("True") : tr("False"));
+    info << tr("Certificate Trusted: %1").arg(m_certificate.GetTrusted() ? tr("True") : tr("False"));
+    info << tr("Certificate Issuer: %1").arg(QStringList(m_certificate.GetIssuerName().toList()).join(", "));
+    info << tr("Certificate Subject: %1").arg(QStringList(m_certificate.GetSubjectName().toList()).join(", "));
+    info << tr("Certificate Public Algorithm: %1").arg(m_certificate.GetPublicKeyAlgorithm());
+    info << tr("Certificate Signature Algorithm: %1").arg(m_certificate.GetSignatureAlgorithmName());
+    info << tr("Certificate Signature Algorithm OID: %1").arg(m_certificate.GetSignatureAlgorithmOID());
+    info << tr("Certificate Validity Period Not Before: %1").arg(m_certificate.GetValidityPeriodNotBefore());
+    info << tr("Certificate Validity Period Not After: %1").arg(m_certificate.GetValidityPeriodNotAfter());
+    m_pTextBrowser->setText(info.join("<br><br>"));
+    KCertificateVersion ver = m_certificate.GetVersionNumber();
+    info << tr("Issuer:               %1").arg(QStringList(m_certificate.GetIssuerName().toList()).join(", "));
+    info << tr("Subject:              %1").arg(QStringList(m_certificate.GetSubjectName().toList()).join(", "));
+    info << tr("Not Valid Before:     %1").arg(m_certificate.GetValidityPeriodNotBefore());
+    info << tr("Not Valid After:      %1").arg(m_certificate.GetValidityPeriodNotAfter());
+    info << tr("Serial Number:        %1").arg(m_certificate.GetSerialNumber());
+    info << tr("Self-Signed:          %1").arg(m_certificate.GetSelfSigned() ? tr("True") : tr("False"));
+    info << tr("Authority (CA):       %1").arg(m_certificate.GetCertificateAuthority() ? tr("True") : tr("False"));
+    //info << tr("Trusted:              %1").arg(m_certificate.GetTrusted() ? tr("True") : tr("False")); - no, that's why we're here
+    info << tr("Public Algorithm:     %1 (%1)").arg(m_certificate.GetPublicKeyAlgorithm()).arg(m_certificate.GetPublicKeyAlgorithmOID());
+    info << tr("Signature Algorithm:  %1 (%1)").arg(m_certificate.GetSignatureAlgorithmName()).arg(m_certificate.GetSignatureAlgorithmOID());
+    info << tr("X.509 Version Number: %1").arg(ver);
+    m_pTextBrowser->setText(info.join("<br>"));
+}
 …
 UIWizardImportAppPageBasic2::UIWizardImportAppPageBasic2(const QString &strFileName)
+    : m_enmCertText(kCertText_Uninitialized)
+{
     /* Create widgets: */
 …
             m_pApplianceWidget->setFile(strFileName);
+        }
+        m_pCertLabel = new QLabel("<cert label>", this);
         pMainLayout->addWidget(m_pLabel);
         pMainLayout->addWidget(m_pApplianceWidget);
+        pMainLayout->addWidget(m_pCertLabel);
+    }
 …
                                             "You can change many of the properties shown by double-clicking "
                                             "on the items and disable others using the check boxes below."));
+    switch (m_enmCertText)
+    {
+        case kCertText_Unsigned:
+            m_pCertLabel->setText(UIWizardImportApp::tr("Appliance is not signed"));
+            break;
+        case kCertText_IssuedTrusted:
+            m_pCertLabel->setText(UIWizardImportApp::tr("Appliance signed by %1 (trusted)").arg(m_strSignedBy));
+            break;
+        case kCertText_IssuedExpired:
+            m_pCertLabel->setText(UIWizardImportApp::tr("Appliance signed by %1 (expired!)").arg(m_strSignedBy));
+            break;
+        case kCertText_IssuedUnverified:
+            m_pCertLabel->setText(UIWizardImportApp::tr("Unverified signature by %1!").arg(m_strSignedBy));
+            break;
+        case kCertText_SelfSignedTrusted:
+            m_pCertLabel->setText(UIWizardImportApp::tr("Self signed by %1 (trusted)").arg(m_strSignedBy));
+            break;
+        case kCertText_SelfSignedExpired:
+            m_pCertLabel->setText(UIWizardImportApp::tr("Self signed by %1 (expired!)").arg(m_strSignedBy));
+            break;
+        case kCertText_SelfSignedUnverified:
+            m_pCertLabel->setText(UIWizardImportApp::tr("Unverified self signed signature by %1!").arg(m_strSignedBy));
+            break;
+        default:
+            AssertFailed();
+        case kCertText_Uninitialized:
+            m_pCertLabel->setText("<uninitialized page>");
+            break;
+    }
+}
 void UIWizardImportAppPageBasic2::initializePage()
+{
-    /* Translate page: */
-    retranslateUi();
     /* Acquire appliance and certificate: */
     CAppliance *pAppliance = m_pApplianceWidget->appliance();
     CCertificate certificate = pAppliance->GetCertificate();
+    if (!certificate.isNull())
+    {
+        if(!certificate.GetTrusted() || certificate.GetSelfSigned())
+        {
+            /* Create certificate viewer to notify user about it is not verified: */
+            QPointer<UIApplianceCertificateViewer> pDialog =
+                new UIApplianceCertificateViewer(this, certificate);
+            AssertPtrReturnVoid(pDialog.data());
+            {
+                /* Show viewer in modal mode: */
+                pDialog->exec();
+                /* Leave if destroyed prematurely: */
+                if (!pDialog)
+                    return;
+                /* Delete viewer finally: */
+                delete pDialog;
+                pDialog = 0;
+            }
+        }
+    }
+    if (certificate.isNull())
+        m_enmCertText = kCertText_Unsigned;
     else
+    {
+        /* Translate page: */
+        retranslateUi();
+        /* Create dialog: */
+        QDialog *pDialog = new QDialog(this, Qt::Dialog);
+        AssertPtrReturnVoid(pDialog);
+        /* Create layout: */
+        QVBoxLayout *pLayout = new QVBoxLayout(pDialog);
+        AssertPtrReturnVoid(pLayout);
+        {
+            /* Prepare dialog: */
+            pDialog->resize(500, 100);
+            /*todo: show an error message and prohibit OVF import */
+            {
+                /* Create text-label: */
+                QLabel *m_pTextLabel = new QLabel;
+                AssertPtrReturnVoid(m_pTextLabel);
+                {
+                    /* Configure text-label: */
+                    m_pTextLabel->setWordWrap(true);
+                    m_pTextLabel->setText(tr("<b>The X509 certificate exists but hasn't been verified."
+                             "You should stop here and interrupt the importing process.</b>"));
+                    /* Add text-label into layout: */
+                    pLayout->addWidget(m_pTextLabel);
+                }
+                pLayout->addStretch();
+                /* Create button-box: */
+                QIDialogButtonBox *pButtonBox = new QIDialogButtonBox;
+                AssertPtrReturnVoid(pButtonBox);
+                {
+                    /* Configure button-box: */
+                    pButtonBox->setStandardButtons(QDialogButtonBox::Ok);
+                    pButtonBox->button(QDialogButtonBox::Ok)->setShortcut(Qt::Key_Enter);
+                    connect(pButtonBox, SIGNAL(accepted()), this, SLOT(close()));
+                    /* Add button-box into layout: */
+                    pLayout->addWidget(pButtonBox);
+                }
+            }
+            /* Show dialog in modal mode: */
+        /* Pick a 'signed-by' name. */
+        m_strSignedBy = certificate.GetFriendlyName();
+        /*
+         * If trusted, just select the right message.
+         */
+        if (certificate.GetTrusted())
+        {
+            if (certificate.GetSelfSigned())
+                m_enmCertText = !certificate.GetExpired() ? kCertText_SelfSignedTrusted : kCertText_SelfSignedExpired;
+            else
+                m_enmCertText = !certificate.GetExpired() ? kCertText_IssuedTrusted     : kCertText_IssuedExpired;
+        }
+        else
+        {
+            /*
+             * Not trusted!  Must ask the user whether to continue in this case.
+             */
+            m_enmCertText = !certificate.GetExpired() ? kCertText_SelfSignedUnverified : kCertText_SelfSignedUnverified;
+            retranslateUi();
+            /* Instantiate the dialog: */
+            QPointer<UIApplianceUnverifiedCertificate> pDialog = new UIApplianceUnverifiedCertificate(this, certificate);
+            AssertPtrReturnVoid(pDialog.data());
+            /* Show viewer in modal mode: */
             pDialog->exec();
+            /* Delete dialog finally: */
+/** @todo
+ *
+ * Must dismiss the wizard if dialog was rejected!
+ * Must dismiss the wizard if dialog was rejected!
+ * Must dismiss the wizard if dialog was rejected!
+ *
+ * Someone with clue try figure out how.
+ *
+ */
+            /* Leave if destroyed prematurely: */
+            if (!pDialog)
+                return; /** @todo r=bird: what happened to this dialog in that case?? */
+            /* Delete viewer finally: */
             delete pDialog;
             pDialog = 0;
+            pDialog = NULL;
+        }
+    }
+    /* Translate page: */
+    retranslateUi();
+}

trunk/src/VBox/Frontends/VirtualBox/src/wizards/importappliance/UIWizardImportAppPageBasic2.h

-              r60276
+              r60341
  */
 #ifndef __UIWizardImportAppPageBasic2_h__
 #define __UIWizardImportAppPageBasic2_h__
+#ifndef ___UIWizardImportAppPageBasic2_h___
+#define ___UIWizardImportAppPageBasic2_h___
 /* GUI includes: */
 …
+/** QIDialog extension providing user with the information
+  * about the appliance certificate which validation failed. */
+class UIApplianceCertificateViewer : public QIWithRetranslateUI<QIDialog>
+{
+    Q_OBJECT;
+public:
+    /** Constructs appliance @a certificate viewer for passed @a pParent. */
+    UIApplianceCertificateViewer(QWidget *pParent, const CCertificate &certificate);
+protected:
+    /** Prepares all. */
+    void prepare();
+    /** Handles translation event. */
+    virtual void retranslateUi() /* override */;
+private:
+    /** Holds the certificate reference. */
+    const CCertificate &m_certificate;
+    /** Holds the text-label instance. */
+    QLabel *m_pTextLabel;
+    /** Holds the text-browser instance. */
+    QTextBrowser *m_pTextBrowser;
+};
+/* 2nd page of the Import Appliance wizard (base part): */
+/** 2nd page of the Import Appliance wizard (base part): */
 class UIWizardImportAppPage2 : public UIWizardPageBase
+{
 …
 };
 /* 2nd page of the Import Appliance wizard (basic extension): */
+/** 2nd page of the Import Appliance wizard (basic extension): */
 class UIWizardImportAppPageBasic2 : public UIWizardPage, public UIWizardImportAppPage2
+{
 …
     /* Widgets: */
     QIRichTextLabel *m_pLabel;
+    QLabel *m_pCertLabel;       /**< Signature/certificate info label. */
+    enum {
+        kCertText_Uninitialized = 0, kCertText_Unsigned,
+        kCertText_IssuedTrusted,     kCertText_IssuedExpired,     kCertText_IssuedUnverified,
+        kCertText_SelfSignedTrusted, kCertText_SelfSignedExpired, kCertText_SelfSignedUnverified
+    } m_enmCertText;
+    QString m_strSignedBy;
 };
+#endif /* __UIWizardImportAppPageBasic2_h__ */
+/**
+ * Dialog for asking consent to continue with unverifiable certificate.
+ */
+class UIApplianceUnverifiedCertificate : public QIWithRetranslateUI<QIDialog>
+{
+    Q_OBJECT;
+public:
+    /** Constructs appliance @a certificate viewer for passed @a pParent. */
+    UIApplianceUnverifiedCertificate(QWidget *pParent, const CCertificate &certificate);
+protected:
+    /** Prepares all. */
+    void prepare();
+    /** Handles translation event. */
+    virtual void retranslateUi() /* override */;
+private:
+    /** Holds the certificate reference. */
+    const CCertificate &m_certificate;
+    /** Holds the text-label instance. */
+    QLabel *m_pTextLabel;
+    /** Holds the text-browser instance. */
+    QTextBrowser *m_pTextBrowser;
+};
+#endif /* !___UIWizardImportAppPageBasic2_h___ */

trunk/src/VBox/Main/idl/VirtualBox.xidl

-              r60334
+              r60341
   <interface
     name="ICertificate" extends="$unknown"
     uuid="c85f71ef-dd7f-4b9c-aa58-5c186a95d7f9"
+    uuid="392f1de4-80e1-4a8a-93a1-67c5f92a838a"
     wsmap="managed"
     reservedAttributes="12" reservedMethods="2"
 …
       <desc>Subject name.  Same format as issuerName.</desc>
     </attribute>
+    <attribute name="friendlyName" type="wstring" readonly="yes">
+      <desc>Friendly subject name or similar.</desc>
+    </attribute>
     <attribute name="validityPeriodNotBefore" type="wstring" readonly="yes">
       <desc>Certificate not valid before ISO time stamp.</desc>
 …
       <desc>Set if self signed certificate.</desc>
     </attribute>
+    <!-- The following is subject to the parent object views. -->
     <attribute name="trusted" type="boolean" readonly="yes">
+      <desc>Set if the certificate is trusted.</desc>
+    </attribute>
+      <desc>Set if the certificate is trusted (by the parent object).</desc>
+    </attribute>
+    <attribute name="expired" type="boolean" readonly="yes"> <!-- isCurrentlyExpired is clearer than isCurrentlyValid. -->
+      <desc>Set if the certificate has expired (relevant to the parent object)/</desc>
+    </attribute>
+    <method name="isCurrentlyExpired">
+      <desc>
+        Tests if the certificate has expired at the present time according to
+        the X.509 validity of the certificate.</desc>
+      <param name="result" type="boolean" dir="return" />
+    </method>
     <method name="queryInfo">

trunk/src/VBox/Main/include/CertificateImpl.h

-              r60334
+              r60341
     DECLARE_EMPTY_CTOR_DTOR(Certificate)
     HRESULT initCertificate(PCRTCRX509CERTIFICATE a_pCert, bool a_fTrusted);
+    HRESULT initCertificate(PCRTCRX509CERTIFICATE a_pCert, bool a_fTrusted, bool a_fExpired);
     void uninit();
 …
     HRESULT getIssuerName(std::vector<com::Utf8Str> &aIssuerName);
     HRESULT getSubjectName(std::vector<com::Utf8Str> &aSubjectName);
+    HRESULT getFriendlyName(com::Utf8Str &aFriendlyName);
     HRESULT getValidityPeriodNotBefore(com::Utf8Str &aValidityPeriodNotBefore);
     HRESULT getValidityPeriodNotAfter(com::Utf8Str &aValidityPeriodNotAfter);
 …
     HRESULT getSelfSigned(BOOL *aSelfSigned);
     HRESULT getTrusted(BOOL *aTrusted);
+    HRESULT getExpired(BOOL *aExpired);
     // wrapped ICertificate methods
+    HRESULT isCurrentlyExpired(BOOL *aResult);
     HRESULT queryInfo(LONG aWhat, com::Utf8Str &aResult);

trunk/src/VBox/Main/src-server/ApplianceImplImport.cpp

-              r60334
+              r60341
              * is acceptible.  But, first make sure it makes internal sense.
              */
             m->fCertificateMissingPath = false; /** @todo need to check if the certificate is trusted by the system! */
+            m->fCertificateMissingPath = true; /** @todo need to check if the certificate is trusted by the system! */
             vrc = RTCrX509Certificate_VerifySignatureSelfSigned(&m->SignerCert, RTErrInfoInitStatic(&StaticErrInfo));
             if (RT_SUCCESS(vrc))
 …
+    {
         m->ptrCertificateInfo.createObject();
+        m->ptrCertificateInfo->initCertificate(&m->SignerCert, m->fCertificateValid && !m->fCertificateMissingPath);
+        m->ptrCertificateInfo->initCertificate(&m->SignerCert,
+                                               m->fCertificateValid && !m->fCertificateMissingPath,
+                                               !m->fCertificateValidTime);
+    }

trunk/src/VBox/Main/src-server/CertificateImpl.cpp

-              r60334
+              r60341
     CertificateData()
         : fTrusted(false)
+        , fExpired(false)
         , fValidX509(false)
+    {
 …
     /** Whether the certificate is trusted.  */
     bool fTrusted;
+    /** Whether the certificate is trusted.  */
+    bool fExpired;
     /** Valid data in mX509. */
     bool fValidX509;
 …
  * @param   a_pCert         The certificate.
  * @param   a_fTrusted      Whether the caller trusts the certificate or not.
+ */
+HRESULT Certificate::initCertificate(PCRTCRX509CERTIFICATE a_pCert, bool a_fTrusted)
+ * @param   a_fExpired      Whether the caller consideres the certificate to be
+ *                          expired.
+ */
+HRESULT Certificate::initCertificate(PCRTCRX509CERTIFICATE a_pCert, bool a_fTrusted, bool a_fExpired)
+{
     HRESULT rc = S_OK;
 …
+    {
         mData->m->fValidX509 = true;
+        mData->m->fTrusted  = a_fTrusted;
+        mData->m->fTrusted   = a_fTrusted;
+        mData->m->fExpired   = a_fExpired;
         autoInitSpan.setSucceeded();
+    }
 …
     mData = NULL;
+}
+/** @name wrapped ICertificate properties
+ * @{
+ */
 /**
 …
+}
+HRESULT Certificate::getFriendlyName(com::Utf8Str &aFriendlyName)
+{
+    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
+    Assert(mData->m->fValidX509);
+    PCRTCRX509NAME pName = &mData->m->X509.TbsCertificate.Subject;
+    /*
+     * Enumerate the subject name and pick interesting attributes we can use to
+     * form a name more friendly than the RTCrX509Name_FormatAsString output.
+     */
+    const char *pszOrg       = NULL;
+    const char *pszOrgUnit   = NULL;
+    const char *pszGivenName = NULL;
+    const char *pszSurname   = NULL;
+    const char *pszEmail     = NULL;
+    for (uint32_t i = 0; i < pName->cItems; i++)
+    {
+        PCRTCRX509RELATIVEDISTINGUISHEDNAME pRdn = &pName->paItems[i];
+        for (uint32_t j = 0; j < pRdn->cItems; j++)
+        {
+            PCRTCRX509ATTRIBUTETYPEANDVALUE pComponent = &pRdn->paItems[j];
+            AssertContinue(pComponent->Value.enmType == RTASN1TYPE_STRING);
+            /* Select interesting components based on the short RDN prefix
+               string (easier to read and write than OIDs, for now). */
+            const char *pszPrefix = RTCrX509Name_GetShortRdn(&pComponent->Type);
+            if (pszPrefix)
+            {
+                const char *pszUtf8;
+                int vrc = RTAsn1String_QueryUtf8(&pComponent->Value.u.String, &pszUtf8, NULL);
+                if (RT_SUCCESS(vrc) && *pszUtf8)
+                {
+                    if (!strcmp(pszPrefix, "Email"))
+                        pszEmail = pszUtf8;
+                    else if (!strcmp(pszPrefix, "O"))
+                        pszOrg = pszUtf8;
+                    else if (!strcmp(pszPrefix, "OU"))
+                        pszOrgUnit = pszUtf8;
+                    else if (!strcmp(pszPrefix, "S"))
+                        pszSurname = pszUtf8;
+                    else if (!strcmp(pszPrefix, "G"))
+                        pszGivenName = pszUtf8;
+                }
+            }
+        }
+    }
+    if (pszGivenName && pszSurname)
+    {
+        if (pszEmail)
+            aFriendlyName = Utf8StrFmt("%s, %s <%s>", pszSurname, pszGivenName, pszEmail);
+        else if (pszOrg)
+            aFriendlyName = Utf8StrFmt("%s, %s (%s)", pszSurname, pszGivenName, pszOrg);
+        else if (pszOrgUnit)
+            aFriendlyName = Utf8StrFmt("%s, %s (%s)", pszSurname, pszGivenName, pszOrgUnit);
+        else
+            aFriendlyName = Utf8StrFmt("%s, %s", pszSurname, pszGivenName);
+    }
+    else if (pszOrg && pszOrgUnit)
+        aFriendlyName = Utf8StrFmt("%s, %s", pszOrg, pszOrgUnit);
+    else if (pszOrg)
+        aFriendlyName = Utf8StrFmt("%s", pszOrg);
+    else if (pszOrgUnit)
+        aFriendlyName = Utf8StrFmt("%s", pszOrgUnit);
+    else
+    {
+        /*
+         * Fall back on unfriendly but accurate.
+         */
+        char szTmp[_8K];
+        RT_ZERO(szTmp);
+        RTCrX509Name_FormatAsString(pName, szTmp, sizeof(szTmp) - 1, NULL);
+        aFriendlyName = szTmp;
+    }
+    return S_OK;
+}
 /**
  * Private method implementation.
 …
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
+    Assert(mData->m->fValidX509);
     *aTrusted = mData->m->fTrusted;
 …
+}
+/**
+ * Private method implementation.
+ * @param aWhat
+ * @param aResult
+ * @return
+ */
+HRESULT Certificate::getExpired(BOOL *aExpired)
+{
+    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
+    Assert(mData->m->fValidX509);
+    *aExpired = mData->m->fExpired;
+    return S_OK;
+}
+/** @} */
+/** @name Wrapped ICertificate methods
+ * @{
+ */
+HRESULT Certificate::isCurrentlyExpired(BOOL *aResult)
+{
+    AssertReturnStmt(mData->m->fValidX509, *aResult = TRUE, E_UNEXPECTED);
+    RTTIMESPEC Now;
+    *aResult = RTCrX509Validity_IsValidAtTimeSpec(&mData->m->X509.TbsCertificate.Validity, RTTimeNow(&Now)) ? FALSE : TRUE;
+    return S_OK;
+}
 HRESULT Certificate::queryInfo(LONG aWhat, com::Utf8Str &aResult)
+{
 …
     return setError(E_FAIL, "Unknown item %u", aWhat);
+}
+/** @} */
+/** @name Methods extracting COM data from the certificate object
+ * @{
+ */
 HRESULT Certificate::i_getAlgorithmName(PCRTCRX509ALGORITHMIDENTIFIER a_pAlgId, com::Utf8Str &a_rReturn)
 …
+}
+/** @} */

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats:

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette