diff options
Diffstat (limited to 'content/technical/introspecting-certificates.md')
| -rw-r--r-- | content/technical/introspecting-certificates.md | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/content/technical/introspecting-certificates.md b/content/technical/introspecting-certificates.md new file mode 100644 index 0000000..501a40f --- /dev/null +++ b/content/technical/introspecting-certificates.md @@ -0,0 +1,53 @@ +Title: Introspecting Certificates +Date: 2011-09-29 +Tags: technical, security, gnome +Slug: introspecting-certificates + +Today I merged in a contribution from Evan Nemerson for GObject +introspection support into the Gcr and Gck libraries. I ended up +tweaking thousands of lines of comments and code, +[filed][] [some][] [bugs][] and so forth. + +But the end result is you use PKCS\#11 and stuff like the [Gcr +certificate widgets][], from languages like python and javascript +(although not your browser). For example this: + + + :::javascript + const Gck = imports.gi.Gck; + const Gcr = imports.gi.Gcr; + const Gtk = imports.gi.Gtk; + + /* TODO: From pkcs11.h */ + const CKA_CLASS = 0; + const CKO_CERTIFICATE = 1; + const CKA_VALUE = 17; + const URI = "pkcs11:object-type=cert"; + + Gtk.init(null, null); + var dialog = new Gtk.Dialog(); + + var viewer = new Gcr.ViewerWidget(); + dialog.get_content_area().pack_start(viewer, true, true, 0); + + var modules = Gck.modules_initialize_registered(null); + var objects = Gck.modules_objects_for_uri(modules, URI, Gck.SessionOptions.READ_ONLY); + + objects.forEach(function(object) { + viewer.load_data(null, object.get_data(CKA_VALUE, null)); + }); + + viewer.show(); + dialog.run(); + + +... will pop up a window show up with every certificate on every smart +card and key storage [you have configured][]. All of this goodness is in +[gnome-keyring git master][]. + + [filed]: https://bugzilla.gnome.org/show_bug.cgi?id=660436 + [some]: https://bugzilla.gnome.org/show_bug.cgi?id=581525 + [bugs]: https://bugzilla.gnome.org/show_bug.cgi?id=660352 + [Gcr certificate widgets]: http://developer.gnome.org/gcr/unstable/gcr-GcrCertificateWidget.html + [you have configured]: http://p11-glue.freedesktop.org/doc/p11-kit/config-example.html + [gnome-keyring git master]: http://git.gnome.org/browse/gnome-keyring/?h=master |