From cf377db60e94ddd28729c12c52452bcb06a93d6e Mon Sep 17 00:00:00 2001
From: Tor Lillqvist <tml@collabora.com>
Date: Thu, 19 May 2016 20:27:55 +0300
Subject: Add column displaying intended usage to certificate chooser

The names for the KeyUsage bits defined in RFC3280 are stored in the
.ui file for localisation

Change-Id: Ia2cbfd28c8a5df6c94d4926fe98ea7048ff41dde
---
 xmlsecurity/inc/xmlsecurity/certificatechooser.hxx |  3 ++
 xmlsecurity/source/dialogs/certificatechooser.cxx  | 42 ++++++++++++++--
 xmlsecurity/uiconfig/ui/selectcertificatedialog.ui | 56 +++++++++++++++++++++-
 3 files changed, 97 insertions(+), 4 deletions(-)

(limited to 'xmlsecurity')

diff --git a/xmlsecurity/inc/xmlsecurity/certificatechooser.hxx b/xmlsecurity/inc/xmlsecurity/certificatechooser.hxx
index f37638066cd0..8617d058cc3d 100644
--- a/xmlsecurity/inc/xmlsecurity/certificatechooser.hxx
+++ b/xmlsecurity/inc/xmlsecurity/certificatechooser.hxx
@@ -63,6 +63,9 @@ private:
     void ImplShowCertificateDetails();
     void ImplInitialize();
 
+    void HandleOneUsageBit(OUString& string, int& bits, int bit, const char *name);
+    OUString UsageInClearText(int bits);
+
 public:
     CertificateChooser(vcl::Window* pParent, css::uno::Reference< css::uno::XComponentContext>& rxCtx, css::uno::Reference< css::xml::crypto::XSecurityEnvironment >& rxSecurityEnvironment);
     virtual ~CertificateChooser();
diff --git a/xmlsecurity/source/dialogs/certificatechooser.cxx b/xmlsecurity/source/dialogs/certificatechooser.cxx
index 214cdacce59d..6b253442a90b 100644
--- a/xmlsecurity/source/dialogs/certificatechooser.cxx
+++ b/xmlsecurity/source/dialogs/certificatechooser.cxx
@@ -55,7 +55,7 @@ CertificateChooser::CertificateChooser(vcl::Window* _pParent, uno::Reference<uno
     get(m_pViewBtn, "viewcert");
     get(m_pDescriptionED, "description");
 
-    Size aControlSize(275, 122);
+    Size aControlSize(475, 122);
     const long nControlWidth = aControlSize.Width();
     aControlSize = LogicToPixel(aControlSize, MAP_APPFONT);
     SvSimpleTableContainer *pSignatures = get<SvSimpleTableContainer>("signatures");
@@ -63,10 +63,10 @@ CertificateChooser::CertificateChooser(vcl::Window* _pParent, uno::Reference<uno
     pSignatures->set_height_request(aControlSize.Height());
 
     m_pCertLB = VclPtr<SvSimpleTable>::Create(*pSignatures);
-    static long nTabs[] = { 3, 0, 30*nControlWidth/100, 60*nControlWidth/100 };
+    static long nTabs[] = { 4, 0, 20*nControlWidth/100, 40*nControlWidth/100, 80*nControlWidth/100 };
     m_pCertLB->SetTabs( &nTabs[0] );
     m_pCertLB->InsertHeaderEntry(get<FixedText>("issuedto")->GetText() + "\t" + get<FixedText>("issuedby")->GetText()
-        + "\t" + get<FixedText>("expiration")->GetText());
+        + "\t" + get<FixedText>("usage")->GetText() + "\t" + get<FixedText>("expiration")->GetText());
     m_pCertLB->SetSelectHdl( LINK( this, CertificateChooser, CertificateHighlightHdl ) );
     m_pCertLB->SetDoubleClickHdl( LINK( this, CertificateChooser, CertificateSelectHdl ) );
     m_pViewBtn->SetClickHdl( LINK( this, CertificateChooser, ViewButtonHdl ) );
@@ -119,6 +119,41 @@ short CertificateChooser::Execute()
     return ModalDialog::Execute();
 }
 
+void CertificateChooser::HandleOneUsageBit(OUString& string, int& bits, int bit, const char *name)
+{
+    if (bits & bit)
+    {
+        if (!string.isEmpty())
+            string += ", ";
+        string += get<FixedText>(OString("STR_") + name)->GetText();
+        bits &= ~bit;
+    }
+}
+
+OUString CertificateChooser::UsageInClearText(int bits)
+{
+    OUString result;
+
+    HandleOneUsageBit(result, bits, 0x80, "DIGITAL_SIGNATURE");
+    HandleOneUsageBit(result, bits, 0x40, "NON_REPUDIATION");
+    HandleOneUsageBit(result, bits, 0x20, "KEY_ENCIPHERMENT");
+    HandleOneUsageBit(result, bits, 0x10, "DATA_ENCIPHERMENT");
+    HandleOneUsageBit(result, bits, 0x08, "KEY_AGREEMENT");
+    HandleOneUsageBit(result, bits, 0x04, "KEY_CERT_SIGN");
+    HandleOneUsageBit(result, bits, 0x02, "CRL_SIGN");
+    HandleOneUsageBit(result, bits, 0x01, "ENCIPHER_ONLY");
+
+    // Check for mystery leftover bits
+    if (bits != 0)
+    {
+        if (!result.isEmpty())
+            result += ", ";
+        result += OUString("0x") + OUString::number(bits, 16);
+    }
+
+    return result;
+}
+
 void CertificateChooser::ImplInitialize()
 {
     if ( !mbInitialized )
@@ -153,6 +188,7 @@ void CertificateChooser::ImplInitialize()
         {
             SvTreeListEntry* pEntry = m_pCertLB->InsertEntry( XmlSec::GetContentPart( maCerts[ nC ]->getSubjectName() )
                 + "\t" + XmlSec::GetContentPart( maCerts[ nC ]->getIssuerName() )
+                + "\t" + UsageInClearText( maCerts[ nC ]->getCertificateUsage() )
                 + "\t" + XmlSec::GetDateString( maCerts[ nC ]->getNotValidAfter() ) );
             pEntry->SetUserData( reinterpret_cast<void*>(nC) ); // missuse user data as index
         }
diff --git a/xmlsecurity/uiconfig/ui/selectcertificatedialog.ui b/xmlsecurity/uiconfig/ui/selectcertificatedialog.ui
index c9e5b42123fb..0d9d60152cb6 100644
--- a/xmlsecurity/uiconfig/ui/selectcertificatedialog.ui
+++ b/xmlsecurity/uiconfig/ui/selectcertificatedialog.ui
@@ -107,6 +107,17 @@
                     <property name="top_attach">0</property>
                   </packing>
                 </child>
+                <child>
+                  <object class="GtkLabel" id="usage">
+                    <property name="can_focus">False</property>
+                    <property name="hexpand">True</property>
+                    <property name="label" translatable="yes">Certificate usage</property>
+                  </object>
+                  <packing>
+                    <property name="left_attach">2</property>
+                    <property name="top_attach">0</property>
+                  </packing>
+                </child>
                 <child>
                   <object class="GtkLabel" id="expiration">
                     <property name="can_focus">False</property>
@@ -114,10 +125,53 @@
                     <property name="label" translatable="yes">Expiration date</property>
                   </object>
                   <packing>
-                    <property name="left_attach">2</property>
+                    <property name="left_attach">3</property>
                     <property name="top_attach">0</property>
                   </packing>
                 </child>
+                <!-- Just for localisation -->
+                <child>
+                  <object class="GtkLabel" id="STR_DIGITAL_SIGNATURE">
+                    <property name="can_focus">False</property>
+                    <property name="hexpand">True</property>
+                    <property name="label" translatable="yes">Digital signature</property>
+                  </object>
+                  <object class="GtkLabel" id="STR_NON_REPUDIATION">
+                    <property name="can_focus">False</property>
+                    <property name="hexpand">True</property>
+                    <property name="label" translatable="yes">Non-repudiation</property>
+                  </object>
+                  <object class="GtkLabel" id="STR_KEY_ENCIPHERMENT">
+                    <property name="can_focus">False</property>
+                    <property name="hexpand">True</property>
+                    <property name="label" translatable="yes">Key encipherment</property>
+                  </object>
+                  <object class="GtkLabel" id="STR_DATA_ENCIPHERMENT">
+                    <property name="can_focus">False</property>
+                    <property name="hexpand">True</property>
+                    <property name="label" translatable="yes">Data encipherment</property>
+                  </object>
+                  <object class="GtkLabel" id="STR_KEY_AGREEMENT">
+                    <property name="can_focus">False</property>
+                    <property name="hexpand">True</property>
+                    <property name="label" translatable="yes">Key Agreement</property>
+                  </object>
+                  <object class="GtkLabel" id="STR_KEY_CERT_SIGN">
+                    <property name="can_focus">False</property>
+                    <property name="hexpand">True</property>
+                    <property name="label" translatable="yes">Certificate signature verification</property>
+                  </object>
+                  <object class="GtkLabel" id="STR_CRL_SIGN">
+                    <property name="can_focus">False</property>
+                    <property name="hexpand">True</property>
+                    <property name="label" translatable="yes">CRL signature verification</property>
+                  </object>
+                  <object class="GtkLabel" id="STR_ENCIPHER_ONLY">
+                    <property name="can_focus">False</property>
+                    <property name="hexpand">True</property>
+                    <property name="label" translatable="yes">Only for encipherment</property>
+                  </object>
+                </child>
               </object>
               <packing>
                 <property name="left_attach">0</property>
-- 
cgit