Merge pull request #7917 from voidbridge/feature/expose-cert-chain

Expose whole certificate chain to verify proc

atom/common/native_mate_converters/net_converter.cc

@@ -45,8 +45,11 @@ v8::Local<v8::Value> Converter<scoped_refptr<net::X509Certificate>>::ToV8(
   std::string encoded_data;
   net::X509Certificate::GetPEMEncoded(
       val->os_cert_handle(), &encoded_data);
+
   dict.Set("data", encoded_data);
+  dict.Set("issuer", val->issuer());
   dict.Set("issuerName", val->issuer().GetDisplayName());
+  dict.Set("subject", val->subject());
   dict.Set("subjectName", val->subject().GetDisplayName());
   dict.Set("serialNumber", base::HexEncode(val->serial_number().data(),
                                            val->serial_number().size()));
@@ -56,6 +59,32 @@ v8::Local<v8::Value> Converter<scoped_refptr<net::X509Certificate>>::ToV8(
            net::HashValue(
               val->CalculateFingerprint256(val->os_cert_handle())).ToString());
 
+  if (!val->GetIntermediateCertificates().empty()) {
+    net::X509Certificate::OSCertHandles issuer_intermediates(
+        val->GetIntermediateCertificates().begin() + 1,
+        val->GetIntermediateCertificates().end());
+    const scoped_refptr<net::X509Certificate>& issuer_cert =
+        net::X509Certificate::CreateFromHandle(
+            val->GetIntermediateCertificates().front(),
+            issuer_intermediates);
+    dict.Set("issuerCert", issuer_cert);
+  }
+
+  return dict.GetHandle();
+}
+
+// static
+v8::Local<v8::Value> Converter<net::CertPrincipal>::ToV8(
+    v8::Isolate* isolate, const net::CertPrincipal& val) {
+  mate::Dictionary dict(isolate, v8::Object::New(isolate));
+
+  dict.Set("commonName", val.common_name);
+  dict.Set("organizations", val.organization_names);
+  dict.Set("organizationUnits", val.organization_unit_names);
+  dict.Set("locality", val.locality_name);
+  dict.Set("state", val.state_or_province_name);
+  dict.Set("country", val.country_name);
+
   return dict.GetHandle();
 }
 

atom/common/native_mate_converters/net_converter.h

@@ -18,6 +18,7 @@ class AuthChallengeInfo;
 class URLRequest;
 class X509Certificate;
 class HttpResponseHeaders;
+struct CertPrincipal;
 }
 
 namespace mate {
@@ -34,6 +35,12 @@ struct Converter<scoped_refptr<net::X509Certificate>> {
       const scoped_refptr<net::X509Certificate>& val);
 };
 
+template<>
+struct Converter<net::CertPrincipal> {
+  static v8::Local<v8::Value> ToV8(v8::Isolate* isolate,
+                                   const net::CertPrincipal& val);
+};
+
 template <>
 struct Converter<net::HttpResponseHeaders*> {
   static v8::Local<v8::Value> ToV8(v8::Isolate* isolate,

docs/api/structures/certificate-principal.md

@@ -0,0 +1,8 @@
+# CertificatePrincipal Object
+
+* `commonName` String - Common Name
+* `organizations` String[] - Organization names
+* `organizationUnits` String[] - Organization Unit names
+* `locality` String - Locality
+* `state` String - State or province
+* `country` String - Country or region

docs/api/structures/certificate.md

@@ -1,7 +1,10 @@
 # Certificate Object
 
 * `data` String - PEM encoded data
+* `issuer` [CertificatePrincipal](structures/certificate-principal.md) - Issuer principal
 * `issuerName` String - Issuer's Common Name
+* `issuerCert` Certificate - Issuer certificate (if not self-signed)
+* `subject` [CertificatePrincipal](structures/certificate-principal.md) - Subject principal
 * `subjectName` String - Subject's Common Name
 * `serialNumber` String - Hex value represented string
 * `validStart` Number - Start date of the certificate being valid in seconds

spec/api-app-spec.js

@@ -207,6 +207,9 @@ describe('app module', function () {
       app.on('select-client-certificate', function (event, webContents, url, list, callback) {
         assert.equal(list.length, 1)
         assert.equal(list[0].issuerName, 'Intermediate CA')
+        assert.equal(list[0].subjectName, 'Client Cert')
+        assert.equal(list[0].issuer.commonName, 'Intermediate CA')
+        assert.equal(list[0].subject.commonName, 'Client Cert')
         callback(list[0])
       })
 

spec/api-session-spec.js

@@ -553,6 +553,14 @@ describe('session module', function () {
       session.defaultSession.setCertificateVerifyProc(function (hostname, certificate, callback) {
         assert.equal(hostname, '127.0.0.1')
         assert.equal(certificate.issuerName, 'Intermediate CA')
+        assert.equal(certificate.subjectName, 'localhost')
+        assert.equal(certificate.issuer.commonName, 'Intermediate CA')
+        assert.equal(certificate.subject.commonName, 'localhost')
+        assert.equal(certificate.issuerCert.issuer.commonName, 'Root CA')
+        assert.equal(certificate.issuerCert.subject.commonName, 'Intermediate CA')
+        assert.equal(certificate.issuerCert.issuerCert.issuer.commonName, 'Root CA')
+        assert.equal(certificate.issuerCert.issuerCert.subject.commonName, 'Root CA')
+        assert.equal(certificate.issuerCert.issuerCert.issuerCert, undefined)
         callback(false)
       })