Show X.509 extensions in certificate output #831

micahmo · 2023-05-31T16:17:47Z

Pull request type

Please check the type of change your PR introduces:

Bugfix
New feature or enhancement
UI change (please include screenshot!)
Code style update (formatting, renaming)
Refactoring (no functional changes, no api changes)
Build related changes
Documentation content changes
Internationalization and localization
Other (please describe):

What is the current behavior?

Issue Number: #828

What is the new behavior?

When decoding a certificate, also iterate through the extensions and add them to the output

Other information

Screenshot (everything under Thumbprint is new)

Full Input

Full Output

[Subject]
  CN=*.google.com

[Issuer]
  CN=GTS CA 1C3, O=Google Trust Services LLC, C=US

[Serial Number]
  4DB1AAC7ABB13B72105BCCEB8CC73751

[Not Before]
  5/8/2023 4:20:09 AM

[Not After]
  7/31/2023 4:20:08 AM

[Thumbprint]
  5DBA19A5812505327213A718CF678CD66F13B3EF

[Key Usage]
  Digital Signature (80)
  
[Enhanced Key Usage]
  Server Authentication (1.3.6.1.5.5.7.3.1)
  
[Basic Constraints]
  Subject Type=End Entity
  Path Length Constraint=None
  
[Subject Key Identifier]
  cc647b7653b06e10907740a7ae9856b1107ef727
  
[Authority Key Identifier]
  KeyID=8a747faf85cdee95cd3d9cd0e24614f371351d27
  
[Authority Information Access]
  [1]Authority Info Access
       Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1)
       Alternative Name:
            URL=http://ocsp.pki.goog/gts1c3
  [2]Authority Info Access
       Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
       Alternative Name:
            URL=http://pki.goog/repo/certs/gts1c3.der
  
[Subject Alternative Name]
  DNS Name=*.google.com
  DNS Name=*.appengine.google.com
  DNS Name=*.bdn.dev
  DNS Name=*.origin-test.bdn.dev
  DNS Name=*.cloud.google.com
  DNS Name=*.crowdsource.google.com
  DNS Name=*.datacompute.google.com
  DNS Name=*.google.ca
  DNS Name=*.google.cl
  DNS Name=*.google.co.in
  DNS Name=*.google.co.jp
  DNS Name=*.google.co.uk
  DNS Name=*.google.com.ar
  DNS Name=*.google.com.au
  DNS Name=*.google.com.br
  DNS Name=*.google.com.co
  DNS Name=*.google.com.mx
  DNS Name=*.google.com.tr
  DNS Name=*.google.com.vn
  DNS Name=*.google.de
  DNS Name=*.google.es
  DNS Name=*.google.fr
  DNS Name=*.google.hu
  DNS Name=*.google.it
  DNS Name=*.google.nl
  DNS Name=*.google.pl
  DNS Name=*.google.pt
  DNS Name=*.googleadapis.com
  DNS Name=*.googleapis.cn
  DNS Name=*.googlevideo.com
  DNS Name=*.gstatic.cn
  DNS Name=*.gstatic-cn.com
  DNS Name=googlecnapps.cn
  DNS Name=*.googlecnapps.cn
  DNS Name=googleapps-cn.com
  DNS Name=*.googleapps-cn.com
  DNS Name=gkecnapps.cn
  DNS Name=*.gkecnapps.cn
  DNS Name=googledownloads.cn
  DNS Name=*.googledownloads.cn
  DNS Name=recaptcha.net.cn
  DNS Name=*.recaptcha.net.cn
  DNS Name=recaptcha-cn.net
  DNS Name=*.recaptcha-cn.net
  DNS Name=widevine.cn
  DNS Name=*.widevine.cn
  DNS Name=ampproject.org.cn
  DNS Name=*.ampproject.org.cn
  DNS Name=ampproject.net.cn
  DNS Name=*.ampproject.net.cn
  DNS Name=google-analytics-cn.com
  DNS Name=*.google-analytics-cn.com
  DNS Name=googleadservices-cn.com
  DNS Name=*.googleadservices-cn.com
  DNS Name=googlevads-cn.com
  DNS Name=*.googlevads-cn.com
  DNS Name=googleapis-cn.com
  DNS Name=*.googleapis-cn.com
  DNS Name=googleoptimize-cn.com
  DNS Name=*.googleoptimize-cn.com
  DNS Name=doubleclick-cn.net
  DNS Name=*.doubleclick-cn.net
  DNS Name=*.fls.doubleclick-cn.net
  DNS Name=*.g.doubleclick-cn.net
  DNS Name=doubleclick.cn
  DNS Name=*.doubleclick.cn
  DNS Name=*.fls.doubleclick.cn
  DNS Name=*.g.doubleclick.cn
  DNS Name=dartsearch-cn.net
  DNS Name=*.dartsearch-cn.net
  DNS Name=googletraveladservices-cn.com
  DNS Name=*.googletraveladservices-cn.com
  DNS Name=googletagservices-cn.com
  DNS Name=*.googletagservices-cn.com
  DNS Name=googletagmanager-cn.com
  DNS Name=*.googletagmanager-cn.com
  DNS Name=googlesyndication-cn.com
  DNS Name=*.googlesyndication-cn.com
  DNS Name=*.safeframe.googlesyndication-cn.com
  DNS Name=app-measurement-cn.com
  DNS Name=*.app-measurement-cn.com
  DNS Name=gvt1-cn.com
  DNS Name=*.gvt1-cn.com
  DNS Name=gvt2-cn.com
  DNS Name=*.gvt2-cn.com
  DNS Name=2mdn-cn.net
  DNS Name=*.2mdn-cn.net
  DNS Name=googleflights-cn.net
  DNS Name=*.googleflights-cn.net
  DNS Name=admob-cn.com
  DNS Name=*.admob-cn.com
  DNS Name=googlesandbox-cn.com
  DNS Name=*.googlesandbox-cn.com
  DNS Name=*.safenup.googlesandbox-cn.com
  DNS Name=*.gstatic.com
  DNS Name=*.metric.gstatic.com
  DNS Name=*.gvt1.com
  DNS Name=*.gcpcdn.gvt1.com
  DNS Name=*.gvt2.com
  DNS Name=*.gcp.gvt2.com
  DNS Name=*.url.google.com
  DNS Name=*.youtube-nocookie.com
  DNS Name=*.ytimg.com
  DNS Name=android.com
  DNS Name=*.android.com
  DNS Name=*.flash.android.com
  DNS Name=g.cn
  DNS Name=*.g.cn
  DNS Name=g.co
  DNS Name=*.g.co
  DNS Name=goo.gl
  DNS Name=www.goo.gl
  DNS Name=google-analytics.com
  DNS Name=*.google-analytics.com
  DNS Name=google.com
  DNS Name=googlecommerce.com
  DNS Name=*.googlecommerce.com
  DNS Name=ggpht.cn
  DNS Name=*.ggpht.cn
  DNS Name=urchin.com
  DNS Name=*.urchin.com
  DNS Name=youtu.be
  DNS Name=youtube.com
  DNS Name=*.youtube.com
  DNS Name=youtubeeducation.com
  DNS Name=*.youtubeeducation.com
  DNS Name=youtubekids.com
  DNS Name=*.youtubekids.com
  DNS Name=yt.be
  DNS Name=*.yt.be
  DNS Name=android.clients.google.com
  DNS Name=developer.android.google.cn
  DNS Name=developers.android.google.cn
  DNS Name=source.android.google.cn
  
[Certificate Policies]
  [1]Certificate Policy:
       Policy Identifier=2.23.140.1.2.1
  [2]Certificate Policy:
       Policy Identifier=1.3.6.1.4.1.11129.2.5.3
  
[CRL Distribution Points]
  [1]CRL Distribution Point
       Distribution Point Name:
            Full Name:
                 URL=http://crls.pki.goog/gts1c3/moVDfISia2k.crl
  
[SCT List]
  v1
  adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a
  ‎Monday, ‎May ‎8, ‎2023 5:20:14 AM
  SHA256
  ECDSA
  30450220326578a391d15d3453dfc7b65a5523f93e7c040fbac24e924c0e31c9a9e64d92022100f1605b0926d37260a36c6b42f708dbbfb22674f5d42b9035fa31d4baf69a2d83
  
  v1
  b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a
  ‎Monday, ‎May ‎8, ‎2023 5:20:14 AM
  SHA256
  ECDSA
  3045022100ea299e6fe87d94ae1249fa7a0f7f27900bccd7bfc410d905d1e8412157fe6986022073e35f59403a424c96abfc3e326de74456533b48f1027e9ae62a80c6c8380646

Question: Since the certificate decoder output uses CustomTextBox instead of the Monaco editor, it doesn't respect WordWrap. I hope that's ok.

Quality check

Before creating this PR:

Did you follow the code style guideline as described in CONTRIBUTING.md
Did you build the app and test your changes?
Did you check for accessibility? On Windows, you can use Accessibility Insights for this.
Did you verify that the change work in Release build configuration
Did you verify that all unit tests pass
If necessary and if possible, did you verify your changes on:
- Windows
- macOS (DevToys 2.0)
- Linux (DevToys 2.0)

src/dev/impl/DevToys/Helpers/CertificateHelper.cs

micahmo · 2023-06-02T15:05:57Z

I believe I've addressed all the comments if you want to take another peek.

veler · 2023-06-04T21:57:24Z

It looks all good to me! Thank you very much for this pull request, much appreciated! :D

Show X.509 extensions in certificate output

e0f0a41

micahmo mentioned this pull request May 31, 2023

Show additional fields from decoded certificates #828

Closed

jlevier reviewed Jun 1, 2023

View reviewed changes

src/dev/impl/DevToys/Helpers/CertificateHelper.cs Outdated Show resolved Hide resolved

src/dev/impl/DevToys/Helpers/CertificateHelper.cs Outdated Show resolved Hide resolved

src/dev/impl/DevToys/Helpers/CertificateHelper.cs Outdated Show resolved Hide resolved

Clean up usage of StringBuilder

457bd32

veler reviewed Jun 2, 2023

View reviewed changes

src/dev/impl/DevToys/Helpers/CertificateHelper.cs Show resolved Hide resolved

micahmo added 3 commits June 2, 2023 08:41

Refactor certificate extension decoding method

23c2d9c

Add unit tests for certificate extensions

7cefd81

Improve timezone handling in certificate tests

1ef11a8

micahmo requested review from veler and jlevier June 2, 2023 15:05

veler approved these changes Jun 4, 2023

View reviewed changes

veler merged commit 5d5e6ee into DevToys-app:main Jun 4, 2023

micahmo deleted the feature/cert-extensions branch June 5, 2023 01:18

veler linked an issue Jun 5, 2023 that may be closed by this pull request

Show additional fields from decoded certificates #828

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Show X.509 extensions in certificate output #831

Show X.509 extensions in certificate output #831

micahmo commented May 31, 2023 •

edited

Loading

micahmo commented Jun 2, 2023

veler commented Jun 4, 2023

Show X.509 extensions in certificate output #831

Show X.509 extensions in certificate output #831

Conversation

micahmo commented May 31, 2023 • edited Loading

Pull request type

What is the current behavior?

What is the new behavior?

Other information

Quality check

micahmo commented Jun 2, 2023

veler commented Jun 4, 2023

micahmo commented May 31, 2023 •

edited

Loading