From 191dfa4366ccd007df4e86f0fe415d70517dde62 Mon Sep 17 00:00:00 2001 From: "raman%netscape.com" Date: Wed, 14 Oct 1998 05:01:12 +0000 Subject: [PATCH] Backing out my previous check-in. I was told my changes built ok on Mac, But I wasn't given complete information. Sorry for trouble. --- caps/include/nsPrincipal.h | 26 ++--- caps/src/nsCCertPrincipal.cpp | 4 +- caps/src/nsCCodeSourcePrincipal.cpp | 13 +-- caps/src/nsPrincipal.cpp | 167 +++------------------------- 4 files changed, 33 insertions(+), 177 deletions(-) diff --git a/caps/include/nsPrincipal.h b/caps/include/nsPrincipal.h index b3f6cc4530bf..34a66b421b54 100755 --- a/caps/include/nsPrincipal.h +++ b/caps/include/nsPrincipal.h @@ -76,11 +76,6 @@ public: PRBool isSecurePrincipal(void); - /* The following method is used by Javasoft JVM to verify their - * code signing certificates against our security DB files - */ - PRBool isTrustedCertChainPrincipal(void); - PRBool isFileCodeBase(void); PRBool isCert(void); @@ -101,22 +96,21 @@ private: /* Private Field Accessors */ nsPrincipalType itsType; - void* itsZig; + void * itsZig; + + char * itsKey; - char* itsKey; PRUint32 itsKeyLen; - nsVector* itsCertArray; - PRInt32 itsHashCode; - char* itsCompanyName; - char* itsCertAuth; - char* itsSerialNo; - char* itsExpDate; - char* itsAsciiFingerPrint; - char* itsNickname; - char* itsString; + char * itsCompanyName; + char * itsCertAuth; + char * itsSerialNo; + char * itsExpDate; + char * itsAsciiFingerPrint; + char * itsNickname; + char * itsString; /* Private Methods */ void init(nsPrincipalType type, void * key, PRUint32 key_len); diff --git a/caps/src/nsCCertPrincipal.cpp b/caps/src/nsCCertPrincipal.cpp index c72cb38c5219..bc3b8dbfda39 100644 --- a/caps/src/nsCCertPrincipal.cpp +++ b/caps/src/nsCCertPrincipal.cpp @@ -42,7 +42,7 @@ nsCCertPrincipal::IsTrusted(char* scope, PRBool *pbIsTrusted) *pbIsTrusted = PR_FALSE; return NS_ERROR_ILLEGAL_VALUE; } - *pbIsTrusted = m_pNSPrincipal->isTrustedCertChainPrincipal(); + *pbIsTrusted = m_pNSPrincipal->isSecurePrincipal(); return NS_OK; } @@ -183,7 +183,7 @@ nsCCertPrincipal::nsCCertPrincipal(const unsigned char **certChain, PRUint32 noOfCerts, nsresult *result) { - m_pNSPrincipal = new nsPrincipal(nsPrincipalType_CertChain, certChain, + m_pNSPrincipal = new nsPrincipal(nsPrincipalType_Cert, certChain, certChainLengths, noOfCerts); if(m_pNSPrincipal == NULL) { diff --git a/caps/src/nsCCodeSourcePrincipal.cpp b/caps/src/nsCCodeSourcePrincipal.cpp index 223a6c3105ae..a1181892077f 100644 --- a/caps/src/nsCCodeSourcePrincipal.cpp +++ b/caps/src/nsCCodeSourcePrincipal.cpp @@ -39,17 +39,10 @@ NS_IMPL_QUERY_INTERFACE(nsCCodeSourcePrincipal, kICodeSourcePrincipalIID); NS_METHOD nsCCodeSourcePrincipal::IsTrusted(char* scope, PRBool *pbIsTrusted) { - if(m_pNSICertPrincipal == NULL) + if(m_pNSICertPrincipal == NULL) { - if(m_pNSICodebasePrincipal == NULL) - { - *pbIsTrusted = PR_FALSE; - return NS_ERROR_ILLEGAL_VALUE; - } - else - { - return m_pNSICodebasePrincipal->IsTrusted(scope, pbIsTrusted); - } + *pbIsTrusted = PR_FALSE; + return NS_ERROR_ILLEGAL_VALUE; } return m_pNSICertPrincipal->IsTrusted(scope, pbIsTrusted); } diff --git a/caps/src/nsPrincipal.cpp b/caps/src/nsPrincipal.cpp index 70df8b13ae7c..6285682a0039 100755 --- a/caps/src/nsPrincipal.cpp +++ b/caps/src/nsPrincipal.cpp @@ -16,12 +16,6 @@ * Reserved. */ -/* TODO: - * - * + Remove all XXX's. - * - */ - #include "nsPrincipal.h" #include "nsPrivilegeManager.h" @@ -29,12 +23,6 @@ #include "xp_mem.h" #include "prmem.h" #include "zig.h" -#include "secnav.h" - -#ifndef NO_SECURITY -#include "navhook.h" -#include "jarutil.h" -#endif /* NO_SECURITY */ /* XXX: Hack to determine the system principal */ @@ -46,11 +34,6 @@ PR_BEGIN_EXTERN_C #include "fe_proto.h" #include "nsLoadZig.h" -static void destroyCertificates(nsVector* certArray); -static nsVector* getTempCertificates(const unsigned char **certChain, - PRUint32 *certChainLengths, - PRUint32 noOfCerts); - /* XXX: Create an error object with all arguments except errorText, instead pass error enum, This will be a method on caps consumer interface. */ PR_PUBLIC_API(int) @@ -152,70 +135,6 @@ PR_END_EXTERN_C /* XXX: end of hack to determine the system principal */ -static void destroyCertificates(nsVector* certArray) -{ - if (certArray == NULL) - return; - - for (PRUint32 i = certArray->GetSize(); i-- > 0; ) { - CERTCertificate *cert = (CERTCertificate *)certArray->Get(i); - if (cert != NULL) { - CERT_DestroyCertificate(cert); - certArray->Set(i, NULL); - } - } - delete certArray; -} - - -static nsVector* getTempCertificates(const unsigned char **certChain, - PRUint32 *certChainLengths, - PRUint32 noOfCerts) -{ -#ifdef NO_SECURITY - return NULL; -#else - CERTCertificate *cert; - CERTCertDBHandle *handle = CERT_GetDefaultCertDB(); - SECStatus rv; - - nsVector* certArray = new nsVector(); - certArray->SetSize(noOfCerts, 1); - if (certArray == NULL) { - return NULL; - } - - for (PRUint32 i = noOfCerts; i-- > 0; ) { - SECItem derCert; - - derCert.data = (unsigned char *)certChain[i]; - derCert.len = certChainLengths[i]; - - cert = CERT_NewTempCertificate(handle, &derCert, NULL, - PR_FALSE, PR_TRUE); - - if (cert != NULL) { - certArray->Set(i, (void*)cert); - } else { - // unable to add cert to the temp database - certArray->Set(i, NULL); - } - } - - cert = (CERTCertificate *)certArray->Get(0); - rv = CERT_VerifyCert(handle, cert, PR_TRUE, - certUsageObjectSigner, - PR_FALSE, NULL, NULL); - if (rv != SECSuccess) { - // Free the certificates and mark this principal as not trusted. - destroyCertificates(certArray); - return NULL; - } - return certArray; -#endif /* NO_SECURITY */ -} - - // // PUBLIC METHODS // @@ -244,9 +163,15 @@ nsPrincipal::nsPrincipal(nsPrincipalType type, { /* We will store the signers certificate as the key */ init(type, (void*)certChain[0], certChainLengths[0]); - itsCertArray = getTempCertificates(certChain, - certChainLengths, - noOfCerts); + for (PRUint32 i = noOfCerts; i < noOfCerts; i--) { + void* cert = (void*)certChain[i]; + PRUint32 cert_len = certChainLengths[i]; + /* + SOB_ImportCert(cert, cert_len); + SOB_ValidateCert(cert, cert_len); + SOB_GetCertAttributes(cert, cert_len); + */ + } } nsPrincipal::~nsPrincipal(void) @@ -275,31 +200,13 @@ nsPrincipal::~nsPrincipal(void) if (itsNickname) { delete []itsNickname; } - if (itsCertArray) { - destroyCertificates(itsCertArray); - } } - PRBool nsPrincipal::equals(nsPrincipal *prin) { if (prin == this) return PR_TRUE; - /* Deal with CertChain principal specially */ - if ((itsType == nsPrincipalType_CertChain) || - (prin->itsType == nsPrincipalType_CertChain)) { - /* Because we have full certificate for the CertChain - * we will compare different attributes of the principal - * and if all the attributes match, then we return TRUE - */ - if ((XP_STRCMP(getSerialNo(), prin->getSerialNo()) == 0) && - (XP_STRCMP(getSecAuth(), prin->getSecAuth()) == 0) && - (XP_STRCMP(getExpDate(), prin->getExpDate()) == 0) && - (XP_STRCMP(getFingerPrint(), prin->getFingerPrint()) == 0)) - return PR_TRUE; - } - if ((itsType != prin->itsType) || (itsKeyLen != prin->itsKeyLen)) return PR_FALSE; @@ -328,7 +235,6 @@ char * nsPrincipal::getVendor(void) } // XXX copyied from ns/lib/libjar/zig.h -// RAMAN: Why?? #ifndef ZIG_C_COMPANY #define ZIG_C_COMPANY 1 #endif @@ -413,8 +319,12 @@ char * nsPrincipal::getNickname(void) return "Classes for whom we don't the principal"; } - if ((nsPrincipalType_CertKey != itsType) || - (nsPrincipalType_CertChain != itsType)) + if (nsPrincipalType_CertChain == itsType) { + /* XXX: We should get the first certificate's nickname */ + return "Javasoft's principal"; + } + + if (nsPrincipalType_CertKey != itsType) return itsKey; if (itsNickname == NULL) @@ -489,16 +399,6 @@ PRBool nsPrincipal::isSecurePrincipal(void) return PR_FALSE; } -PRBool nsPrincipal::isTrustedCertChainPrincipal(void) -{ - /* We destroy the cert array if cert chain didn't verify */ - if ((itsType != nsPrincipalType_CertChain) || - (itsCertArray == NULL)) - return PR_FALSE; - return PR_TRUE; -} - - /* * This method is introduced to check the whether a given url base * is a file based or any other type. Returns TRUE if the key is a @@ -665,7 +565,6 @@ void nsPrincipal::init(nsPrincipalType type, void * key, PRUint32 key_len) itsKeyLen = key_len; itsHashCode = computeHashCode(); itsZig = NULL; - itsCertArray = NULL; itsString = NULL; itsCompanyName = NULL; itsCertAuth = NULL; @@ -707,9 +606,7 @@ PRInt32 nsPrincipal::computeHashCode(void) char * nsPrincipal::saveCert(void) { int result; - if (itsType == nsPrincipalType_CertChain) { - return NULL; - } + /* XXX: Implement CertChain principal */ if ((!itsZig) || (!itsKey)) { return NULL; } @@ -735,36 +632,8 @@ nsPrincipal::getCertAttribute(int attrib) } if (itsType == nsPrincipalType_CertChain) { - char *attributeStr; - CERTCertificate *cert = (CERTCertificate *)itsCertArray->Get(0); - switch (attrib) { -#ifndef NO_SECURITY - case ZIG_C_COMPANY: - attributeStr = SECNAV_GetJarCertInfo(cert, snjSubjectName); - break; - case ZIG_C_CA: - attributeStr = SECNAV_GetJarCertInfo(cert, snjIssuerName); - break; - case ZIG_C_SERIAL: - attributeStr = SECNAV_GetJarCertInfo(cert, snjSerialNumber); - break; - case ZIG_C_EXPIRES: - attributeStr = SECNAV_GetJarCertInfo(cert, snjExpirationDate); - break; - case ZIG_C_NICKNAME: - attributeStr = SECNAV_GetJarCertInfo(cert, snjNickname); - break; - case ZIG_C_FP: - attributeStr = SECNAV_GetJarCertInfo(cert, snjFingerprint); - break; -#endif /* NO_SECURITY */ - default: - return NULL; - } - attrStr = new char[strlen(attributeStr)+1]; - XP_STRCPY(attrStr, attributeStr); - PR_FREEIF(attributeStr); - return attrStr; + /* XXX: Implement CertChain Principal */ + return "Javasoft's cert chain principal"; } if (SOB_cert_attribute(attrib, zig,