From a5b5434ea2a97af1bb44c5a4b106733430d8abbe Mon Sep 17 00:00:00 2001
From: Selva Nair <selva.nair@gmail.com>
Date: Mon, 27 Jun 2022 17:33:06 -0400
Subject: [PATCH] Show certificate details on double-clicking pkcs11 list
 entries

- For mingw builds, currently this works only for x64 target
  due to missing library for i686 target.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
---
 CMakeLists.txt |  1 +
 configure.ac   |  2 ++
 pkcs11.c       | 32 ++++++++++++++++++++++++++++++--
 3 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 150dc86..8e56f1c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -50,6 +50,7 @@ target_link_libraries(${PROJECT_NAME} PRIVATE
     Gdi32.lib
     Comdlg32.lib
     Ole32.lib
+    Cryptui.lib
     Wininet.lib)
 
 target_include_directories(${PROJECT_NAME} PUBLIC ${CMAKE_CURRENT_BINARY_DIR})
diff --git a/configure.ac b/configure.ac
index 117a09e..f99965a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -76,6 +76,8 @@ case "$host" in
 		;;
 esac
 
+AC_CHECK_LIB(cryptui, CryptUIDlgViewContext)
+
 AC_PROG_CPP
 AC_PROG_INSTALL
 AC_PROG_LN_S
diff --git a/pkcs11.c b/pkcs11.c
index 692c21e..7cf8357 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -33,6 +33,7 @@
 #include "openvpn-gui-res.h"
 #include "localization.h"
 #include <commctrl.h>
+#include <cryptuiapi.h>
 #include <shlwapi.h>
 #include <assert.h>
 
@@ -49,6 +50,7 @@ struct cert_info
     wchar_t *commonname;
     wchar_t *issuer;
     wchar_t *notAfter;
+    const CERT_CONTEXT *ctx;
 };
 
 struct pkcs11_entry
@@ -65,6 +67,7 @@ certificate_free(struct cert_info *cert)
         free(cert->commonname);
         free(cert->issuer);
         free(cert->notAfter);
+        CertFreeCertificateContext(cert->ctx);
     }
 }
 
@@ -151,8 +154,7 @@ decode_certificate(struct cert_info *cert, const char *b64)
     cert->commonname = extract_name_entry(ctx, 0);
     cert->issuer = extract_name_entry(ctx, CERT_NAME_ISSUER_FLAG);
     cert->notAfter = LocalizedFileTime(&ctx->pCertInfo->NotAfter);
-    CertFreeCertificateContext(ctx);
-
+    cert->ctx = ctx;
     ret = true;
 
 out:
@@ -528,6 +530,27 @@ pkcs11_listview_reset(HWND parent)
     SetTimer(parent, 0, 100, pkcs11_listview_fill);
 }
 
+void
+display_certificate(HWND parent, connection_t *c, UINT i)
+{
+    struct pkcs11_list *l = &c->pkcs11_list;
+    if (i < l->count)
+    {
+/* Currently cryptui.lib is missing in mingw for i686
+ * Remove this and corresponding check in configure.ac
+ * when that changes.
+ */
+#if defined(HAVE_LIBCRYPTUI) || defined (_MSC_VER)
+        CryptUIDlgViewContext(CERT_STORE_CERTIFICATE_CONTEXT, l->pe[i].cert.ctx,
+                               parent, L"Certificate", 0, NULL);
+#else
+        (void) i;
+        (void) parent;
+        WriteStatusLog(c, L"GUI> ", L"Certificate display not supported in this build", false);
+#endif
+    }
+}
+
 /* Dialog proc for querying pkcs11 */
 static INT_PTR CALLBACK
 QueryPkcs11DialogProc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
@@ -603,6 +626,7 @@ QueryPkcs11DialogProc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
             return FALSE;
 
         case WM_NOTIFY:
+            c = (connection_t *) GetProp(hwndDlg, cfgProp);
             if (((NMHDR *)lParam)->idFrom == ID_LVW_PKCS11)
             {
                 NMITEMACTIVATE *ln = (NMITEMACTIVATE *) lParam;
@@ -611,6 +635,10 @@ QueryPkcs11DialogProc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
                     /* remove the no-selection warning */
                     SetDlgItemTextW(hwndDlg, ID_TXT_WARNING, L"");
                 }
+                if (ln->hdr.code == NM_DBLCLK && ln->iItem >= 0)
+                {
+                   display_certificate(hwndDlg, c, (UINT) ln->iItem);
+                }
             }
             break;