Add SubjectAlternativeName info to Android certificate viewer

Screenshot: https://drive.google.com/file/d/1XkId1WTLiQJ2kvHcC7s0mvNYsWuHE3s3/view?usp=sharing Bug: 167770 Change-Id: Ief385060da9d8bbcde9bbed7786b216472f7e8ef Reviewed-on: https://chromium-review.googlesource.com/777480 Commit-Queue: Mustafa Emre Acer <meacer@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Reviewed-by: Maria Khomenko <mariakhomenko@chromium.org> Cr-Commit-Position: refs/heads/master@{#518501}
cbchan · Nov 22, 2017 · 5a5ed98 · 5a5ed98
1 parent 8085bb1
commit 5a5ed98
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 8 deletions.
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/page_info/CertificateViewer.java b/chrome/android/java/src/org/chromium/chrome/browser/page_info/CertificateViewer.java
@@ -28,15 +28,21 @@
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
 import java.text.DateFormat;
 import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
 
 /**
  * UI component for displaying certificate information.
  */
 class CertificateViewer implements OnItemSelectedListener {
     private static final String X_509 = "X.509";
+    private static final int SUBJECTALTERNATIVENAME_DNSNAME_ID = 2;
+    private static final int SUBJECTALTERNATIVENAME_IPADDRESS_ID = 7;
+
     private final Context mContext;
     private final ArrayList<LinearLayout> mViews;
     private final ArrayList<String> mTitles;
@@ -179,8 +185,16 @@ private void addCertificateDetails(Certificate cert, byte[] sha256Digest, byte[]
         addSectionTitle(certificateView, nativeGetCertFingerprintsText());
         addItem(certificateView, nativeGetCertSHA256FingerprintText(),
                 formatBytes(sha256Digest, ' '));
-        addItem(certificateView, nativeGetCertSHA1FingerprintText(),
-                formatBytes(sha1Digest, ' '));
+        addItem(certificateView, nativeGetCertSHA1FingerprintText(), formatBytes(sha1Digest, ' '));
+
+        List<String> subjectAltNames = getSubjectAlternativeNames(x509);
+        if (!subjectAltNames.isEmpty()) {
+            addSectionTitle(certificateView, nativeGetCertExtensionText());
+            addLabel(certificateView, nativeGetCertSANText());
+            for (String name : subjectAltNames) {
+                addValue(certificateView, name);
+            }
+        }
     }
 
     private void addSectionTitle(LinearLayout certificateView, String label) {
@@ -238,6 +252,31 @@ private static byte[] getDigest(byte[] bytes, String algorithm) {
         }
     }
 
+    private static List<String> getSubjectAlternativeNames(X509Certificate x509) {
+        List<String> result = new ArrayList<>();
+        Collection<List<?>> subjectAltNameList = null;
+        try {
+            subjectAltNameList = x509.getSubjectAlternativeNames();
+        } catch (CertificateParsingException e) {
+            // Ignore exception.
+        }
+        if (subjectAltNameList != null && !subjectAltNameList.isEmpty()) {
+            for (List<?> names : subjectAltNameList) {
+                if (names == null || names.size() != 2 || names.get(0) == null
+                        || names.get(0).getClass() != Integer.class || names.get(1) == null
+                        || names.get(1).getClass() != String.class) {
+                    continue;
+                }
+                int id = ((Integer) names.get(0)).intValue();
+                if ((id == SUBJECTALTERNATIVENAME_DNSNAME_ID
+                            || id == SUBJECTALTERNATIVENAME_IPADDRESS_ID)) {
+                    result.add(names.get(1).toString());
+                }
+            }
+        }
+        return result;
+    }
+
     @Override
     public void onItemSelected(AdapterView<?> parent, View view, int position, long id) {
         for (int i = 0; i < mViews.size(); ++i) {
@@ -262,4 +301,6 @@ public void onNothingSelected(AdapterView<?> parent) {
     private static native String nativeGetCertFingerprintsText();
     private static native String nativeGetCertSHA256FingerprintText();
     private static native String nativeGetCertSHA1FingerprintText();
+    private static native String nativeGetCertExtensionText();
+    private static native String nativeGetCertSANText();
 }
diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
@@ -2358,6 +2358,14 @@ From <ph name="DOWNLOAD_DOMAIN">$3<ex>example.com</ex></ph>
       <message name="IDS_CERT_INFO_SHA1_FINGERPRINT_LABEL" desc="The label of the SHA-1 Fingerprint field in the general page of the certificate info dialog">
         SHA-1 Fingerprint
       </message>
+
+      <message name="IDS_CERT_DETAILS_EXTENSIONS" desc="The label of the Extensions element in the details page of the certificate info dialog.">
+        Extensions
+      </message>
+      <message name="IDS_CERT_X509_SUBJECT_ALT_NAME" desc="description of extension Certificate Subject Alternative Name">
+        Certificate Subject Alternative Name
+      </message>
+
       <message name="IDS_CERT_EXPORT_TYPE_BASE64" desc="The description of saving a single certificate in base64 encoding.">
         Base64-encoded ASCII, single certificate
       </message>
@@ -2474,9 +2482,6 @@ From <ph name="DOWNLOAD_DOMAIN">$3<ex>example.com</ex></ph>
   Public Exponent (<ph name="PUBLIC_EXPONENT_NUM_BITS">$3<ex>24</ex></ph> bits):
   <ph name="EXPONENT_HEX_DUMP">$4<ex>01 00 01</ex></ph>
         </message>
-        <message name="IDS_CERT_DETAILS_EXTENSIONS" desc="The label of the Extensions element in the details page of the certificate info dialog.">
-          Extensions
-        </message>
         <message name="IDS_CERT_DETAILS_CERTIFICATE_SIG_VALUE" desc="The label of the Certificate Signature Value element in the details page of the certificate info dialog.">
           Certificate Signature Value
         </message>
@@ -2642,9 +2647,6 @@ From <ph name="DOWNLOAD_DOMAIN">$3<ex>example.com</ex></ph>
         <message name="IDS_CERT_X509_KEY_USAGE" desc="description of extension Certificate Key Usage">
           Certificate Key Usage
         </message>
-        <message name="IDS_CERT_X509_SUBJECT_ALT_NAME" desc="description of extension Certificate Subject Alternative Name">
-          Certificate Subject Alternative Name
-        </message>
         <message name="IDS_CERT_X509_ISSUER_ALT_NAME" desc="description of extension Certificate Issuer Alternative Name">
           Certificate Issuer Alternative Name
         </message>

diff --git a/chrome/browser/ui/android/page_info/certificate_viewer_android.cc b/chrome/browser/ui/android/page_info/certificate_viewer_android.cc
@@ -106,3 +106,17 @@ JNI_CertificateViewer_GetCertSHA1FingerprintText(JNIEnv* env,
   return ConvertUTF8ToJavaString(
       env, l10n_util::GetStringUTF8(IDS_CERT_INFO_SHA1_FINGERPRINT_LABEL));
 }
+
+static ScopedJavaLocalRef<jstring> JNI_CertificateViewer_GetCertExtensionText(
+    JNIEnv* env,
+    const JavaParamRef<jclass>&) {
+  return ConvertUTF8ToJavaString(
+      env, l10n_util::GetStringUTF8(IDS_CERT_DETAILS_EXTENSIONS));
+}
+
+static ScopedJavaLocalRef<jstring> JNI_CertificateViewer_GetCertSANText(
+    JNIEnv* env,
+    const JavaParamRef<jclass>&) {
+  return ConvertUTF8ToJavaString(
+      env, l10n_util::GetStringUTF8(IDS_CERT_X509_SUBJECT_ALT_NAME));
+}