Bug 307319 - Certificate details show incorrect public key information

r=rrelyea
2024-09-13 09:24:08 -07:00 · 2008-07-17 13:14:54 -04:00 · 2008-07-17 13:14:54 -04:00 · d39c2d2778
commit d39c2d2778
parent 733d125c90
2 changed files with 41 additions and 5 deletions
--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@ -130,6 +130,7 @@ CertDumpAlgID=Algorithm Identifier
 CertDumpParams=Algorithm Parameters
 CertDumpRSAEncr=PKCS #1 RSA Encryption
 CertDumpRSATemplate=Modulus (%S bits):\n%S\nExponent (%S bits):\n%S
+CertDumpECTemplate=Key size: %S bits\nBase point order length: %S bits\nPublic value:\n%S
 CertDumpIssuerUniqueID=Issuer Unique ID
 CertDumpSubjPubKey=Subject's Public Key
 CertDumpSubjectUniqueID=Subject Unique ID
--- a/security/manager/ssl/src/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/src/nsNSSCertHelper.cpp
@ -47,6 +47,7 @@
 #include "nsNSSCertificate.h"
 #include "cert.h"
 #include "keyhi.h"
+#include "secder.h"
 #include "nsNSSCertValidity.h"
 #include "nsNSSASN1Object.h"
 #include "nsNSSComponent.h"
@ -612,10 +613,18 @@ ProcessRawBytes(nsINSSComponent *nssComponent, SECItem *data,
 {
  // This function is used to display some DER bytes
  // that we have not added support for decoding.
-  // It prints the value of the byte out into a 
-  // string that can later be displayed as a byte
-  // string.  We place a new line after 24 bytes
-  // to break up extermaly long sequence of bytes.
+  // If it's short, let's display as an integer, no size header.
+
+  if (data->len <= 4) {
+    int i_pv = DER_GetInteger(data);
+    nsAutoString value;
+    value.AppendInt(i_pv);
+    text.Append(value);
+    text.Append(NS_LITERAL_STRING(SEPARATOR).get());
+    return NS_OK;
+  }
+
+  // Else produce a hex dump.

  if (wantHeader) {
    nsAutoString bytelen, bitlen;
@ -631,6 +640,11 @@ ProcessRawBytes(nsINSSComponent *nssComponent, SECItem *data,
    text.Append(NS_LITERAL_STRING(SEPARATOR).get());
  }

+  // This prints the value of the byte out into a 
+  // string that can later be displayed as a byte
+  // string.  We place a new line after 24 bytes
+  // to break up extermaly long sequence of bytes.
+
  PRUint32 i;
  char buffer[5];
  for (i=0; i<data->len; i++) {
@ -1802,11 +1816,32 @@ ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki,
                                                     params, 4, text);
         break;
      }
+      case ecKey: {
+        displayed = true;
+        SECKEYECPublicKey &ecpk = key->u.ec;
+        int fieldSizeLenAsBits = 
+              SECKEY_ECParamsToKeySize(&ecpk.DEREncodedParams);
+        int basePointOrderLenAsBits = 
+              SECKEY_ECParamsToBasePointOrderLen(&ecpk.DEREncodedParams);
+        nsAutoString s_fsl, s_bpol, s_pv;
+        s_fsl.AppendInt(fieldSizeLenAsBits);
+        s_bpol.AppendInt(basePointOrderLenAsBits);
+
+        if (ecpk.publicValue.len > 4) {
+          ProcessRawBytes(nssComponent, &ecpk.publicValue, s_pv, PR_FALSE);
+        } else {
+          int i_pv = DER_GetInteger(&ecpk.publicValue);
+          s_pv.AppendInt(i_pv);
+        }
+        const PRUnichar *params[] = {s_fsl.get(), s_bpol.get(), s_pv.get()};
+        nssComponent->PIPBundleFormatStringFromName("CertDumpECTemplate",
+                                                    params, 3, text);
+        break;
+      }
      case dhKey:
      case dsaKey:
      case fortezzaKey:
      case keaKey:
-      case ecKey:
         /* Too many parameters, to rarely used to bother displaying it */
         break;
      case nullKey: