Index ¦ Archives ¦ Atom

Introspecting Certificates

Today I merged in a contribution from Evan Nemerson for GObject introspection support into the Gcr and Gck libraries. I ended up tweaking thousands of lines of comments and code, filed¬†some¬†bugs and so forth.

But the end result is you use PKCS#11 and stuff like the Gcr certificate widgets, from languages like python and javascript (although not your browser). For example this:

const Gck = imports.gi.Gck;
const Gcr = imports.gi.Gcr;
const Gtk = imports.gi.Gtk;

/* TODO: From pkcs11.h */
const CKA_CLASS = 0;
const CKO_CERTIFICATE = 1;
const CKA_VALUE = 17;
const URI = "pkcs11:object-type=cert";

Gtk.init(null, null);
var dialog = new Gtk.Dialog();

var viewer = new Gcr.ViewerWidget();
dialog.get_content_area().pack_start(viewer, true, true, 0);

var modules = Gck.modules_initialize_registered(null);
var objects = Gck.modules_objects_for_uri(modules, URI, Gck.SessionOptions.READ_ONLY);

objects.forEach(function(object) {
    viewer.load_data(null, object.get_data(CKA_VALUE, null));
});

viewer.show();
dialog.run();

… will pop up a window show up with every certificate on every smart card and key storage you have configured. All of this goodness is in gnome-keyring git master.

© Stef Walter. Built using Pelican. Theme by Giulio Fidente on github. .