mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 105526 - Initial landing of PSM S/MIME. Mailnews will land separately. See bug 106507 for that. r=javi, sr=blizzard

This commit is contained in:
ddrinan%netscape.com 2001-10-30 23:52:01 +00:00
Родитель fe66c878b4
Коммит 1a64376d9a
37 изменённых файлов: 2357 добавлений и 173 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

84
security/manager/pki/resources/content/OthersOverlay.xul Normal file
Просмотреть файл

@ -0,0 +1,84 @@
<?xml version="1.0"?>
<!-- ***** BEGIN LICENSE BLOCK *****
- Version: MPL 1.1/GPL 2.0/LGPL 2.1
-
- The contents of this file are subject to the Mozilla Public License Version
- 1.1 (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS IS" basis,
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- for the specific language governing rights and limitations under the
- License.
-
- The Original Code is Mozilla Communicator
-
- The Initial Developer of the Original Code is
- Netscape Communications Corp..
- Portions created by the Initial Developer are Copyright (C) 2001
- the Initial Developer. All Rights Reserved.
-
- Contributor(s): Kai Engert <kaie@netscape.com>
-
- Alternatively, the contents of this file may be used under the terms of
- either the GNU General Public License Version 2 or later (the "GPL"), or
- the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- in which case the provisions of the GPL or the LGPL are applicable instead
- of those above. If you wish to allow use of your version of this file only
- under the terms of either the GPL or the LGPL, and not to allow others to
- use your version of this file under the terms of the MPL, indicate your
- decision by deleting the provisions above and replace them with the notice
- and other provisions required by the LGPL or the GPL. If you do not delete
- the provisions above, a recipient may use your version of this file under
- the terms of any one of the MPL, the GPL or the LGPL.
-
- ***** END LICENSE BLOCK ***** -->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE window SYSTEM "chrome://pippki/locale/certManager.dtd">
<overlay id="WebSitesOverlay"
xmlns:html="http://www.w3.org/1999/xhtml"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:cert="http://netscape.com/rdf-cert#"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<vbox id="othersCerts">
<html>&certmgr.others;</html>
<separator class="thin"/>
<outliner id="email-outliner" multiple="true"
onselect="email_enableButtons()" flex="1">
<outlinercol id="certcol" label="&certmgr.certname;" primary="true"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<splitter class="tree-splitter"/>
<outlinercol id="emailcol" label="&certmgr.email;"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<splitter class="tree-splitter"/>
<outlinercol id="tokencol" label="&certmgr.tokenname;"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<!-- <outlinercol id="certdbkeycol" collapsed="true" flex="1"/> -->
<outlinerbody flex="1" ondblclick="viewCerts();"/>
</outliner>
<hbox>
<button id="email_viewButton" class="normal"
label="&certmgr.view.label;"
disabled="true" oncommand="viewCerts();"/>
<button id="email_editButton" class="normal"
label="&certmgr.edit.label;"
disabled="true" oncommand="editCerts();"/>
<!-- future - import a DER cert?
<button id="email_addButton" class="normal"
label="&certmgr.add.label;"
oncommand="addCerts();"/>
-->
<button id="email_deleteButton" class="normal"
label="&certmgr.delete.label;"
disabled="true" oncommand="deleteCerts();"/>
</hbox>
</vbox>
</overlay>

33
security/manager/pki/resources/content/certManager.js
Просмотреть файл

@ -42,7 +42,7 @@ var certdb;
var caOutlinerView;
var serverOutlinerView;
//var emailOutlinerView;
var emailOutlinerView;
var userOutlinerView;
function LoadCerts()
@ -61,13 +61,11 @@ function LoadCerts()
document.getElementById('server-outliner')
.outlinerBoxObject.view = serverOutlinerView;
/*
emailOutlinerView = Components.classes[nsCertOutliner]
.createInstance(nsICertOutliner);
emailOutlinerView.loadCerts(nsIX509Cert.EMAIL_CERT);
document.getElementById('email-outliner')
.outlinerBoxObject.view = emailOutlinerView;
*/
userOutlinerView = Components.classes[nsCertOutliner]
.createInstance(nsICertOutliner);
@ -90,7 +88,7 @@ function ReloadCerts()
{
caOutlinerView.loadCerts(nsIX509Cert.CA_CERT);
serverOutlinerView.loadCerts(nsIX509Cert.SERVER_CERT);
//emailOutlinerView.loadCerts(nsIX509Cert.EMAIL_CERT);
emailOutlinerView.loadCerts(nsIX509Cert.EMAIL_CERT);
userOutlinerView.loadCerts(nsIX509Cert.USER_CERT);
}
@ -100,6 +98,8 @@ function getSelectedTab()
var selTabID = selTab.getAttribute('id');
if (selTabID == 'mine_tab') {
key = "?my_certs";
} else if (selTabID == "others_tab") {
key = "?others_certs";
} else if (selTabID == "websites_tab") {
key = "?web_certs";
} else if (selTabID == "ca_tab") {
@ -120,17 +120,15 @@ function getSelectedCerts()
{
var ca_tab = document.getElementById("ca_tab");
var mine_tab = document.getElementById("mine_tab");
//var others_tab = document.getElementById("others_tab");
var others_tab = document.getElementById("others_tab");
var websites_tab = document.getElementById("websites_tab");
var items = null;
if (ca_tab.selected) {
items = caOutlinerView.selection;
} else if (mine_tab.selected) {
items = userOutlinerView.selection;
/*
} else if (others_tab.selected) {
items = emailOutlinerView.selection;
*/
} else if (websites_tab.selected) {
items = serverOutlinerView.selection;
}
@ -150,10 +148,8 @@ function getSelectedCerts()
cert = caOutlinerView.getCert(j);
} else if (mine_tab.selected) {
cert = userOutlinerView.getCert(j);
/*
} else if (others_tab.selected) {
cert = emailOutlinerView.getCert(j);
*/
} else if (websites_tab.selected) {
cert = serverOutlinerView.getCert(j);
}
@ -232,6 +228,21 @@ function websites_enableButtons()
enableDeleteButton.setAttribute("disabled",toggle);
}
function email_enableButtons()
{
var items = emailOutlinerView.selection;
var toggle="false";
if (items.getRangeCount() == 0) {
toggle="true";
}
var enableViewButton=document.getElementById('email_viewButton');
enableViewButton.setAttribute("disabled",toggle);
var enableEditButton=document.getElementById('email_editButton');
enableEditButton.setAttribute("disabled",toggle);
var enableDeleteButton=document.getElementById('email_deleteButton');
enableDeleteButton.setAttribute("disabled",toggle);
}
function backupCerts()
{
getSelectedCerts();
@ -312,6 +323,10 @@ function deleteCerts()
{
params.SetString(1,bundle.GetStringFromName("deleteCaCertFlag"));
}
else if (selTabID == "others_tab")
{
params.SetString(1,bundle.GetStringFromName("deleteEmailCertFlag"));
}
else
{
return;

8
security/manager/pki/resources/content/certManager.xul
Просмотреть файл

@ -26,9 +26,7 @@
<?xul-overlay href="chrome://global/content/dialogOverlay.xul"?>
<?xul-overlay href="chrome://pippki/content/MineOverlay.xul"?>
<!-- XXX
<?xul-overlay href="chrome://pippki/content/othercertsOverlay.xul"?>
-->
<?xul-overlay href="chrome://pippki/content/OthersOverlay.xul"?>
<?xul-overlay href="chrome://pippki/content/WebSitesOverlay.xul"?>
<?xul-overlay href="chrome://pippki/content/CAOverlay.xul"?>
@ -52,17 +50,13 @@
<tabbox flex="1" orient="vertical">
<tabs id="certMgrTabbox" orient="horizontal">
<tab id="mine_tab" label="&certmgr.tab.mine;"/>
<!--
<tab id="others_tab" label="&certmgr.tab.others;"/>
-->
<tab id="websites_tab" label="&certmgr.tab.websites;"/>
<tab id="ca_tab" label="&certmgr.tab.ca;" selected="true"/>
</tabs>
<tabpanels flex="1">
<vbox id="myCerts" flex="1"/>
<!--
<vbox id="othersCerts" flex="1"/>
-->
<vbox id="webCerts" flex="1"/>
<vbox id="CACerts" flex="1"/>
</tabpanels>

96
security/manager/pki/resources/content/certpicker.js Normal file
Просмотреть файл

@ -0,0 +1,96 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): Kai Engert <kaie@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
var dialogParams;
var itemCount = 0;
function onLoad()
{
dialogParams = window.arguments[0].QueryInterface(nsIDialogParamBlock);
var pickerTitle = dialogParams.GetString(1);
var mainwin = document.getElementById("certPicker");
mainwin.setAttribute("title", pickerTitle);
var pickerInfo = dialogParams.GetString(2);
setText("pickerInfo", pickerInfo);
var selectElement = document.getElementById("nicknames");
itemCount = dialogParams.GetInt(1);
for (var i=0; i < itemCount; i++) {
var menuItemNode = document.createElement("menuitem");
var nick = dialogParams.GetString(i+3);
menuItemNode.setAttribute("value", i);
menuItemNode.setAttribute("label", nick); // this is displayed
selectElement.firstChild.appendChild(menuItemNode);
if (i == 0) {
selectElement.selectedItem = menuItemNode;
}
}
dialogParams.SetInt(1,0); // set cancel return value
setDetails();
}
function setDetails()
{
var index = parseInt(document.getElementById("nicknames").value);
details = dialogParams.GetString(index+itemCount+3);
document.getElementById("details").setAttribute("value", details);
}
function onCertSelected()
{
setDetails();
}
function doOK()
{
dialogParams.SetInt(1,1);
var index = parseInt(document.getElementById("nicknames").value);
dialogParams.SetInt(2, index);
window.close();
}
function doCancel()
{
dialogParams.SetInt(1,0);
window.close();
}

82
security/manager/pki/resources/content/certpicker.xul Normal file
Просмотреть файл

@ -0,0 +1,82 @@
<?xml version="1.0"?>
<!-- ***** BEGIN LICENSE BLOCK *****
- Version: MPL 1.1/GPL 2.0/LGPL 2.1
-
- The contents of this file are subject to the Mozilla Public License Version
- 1.1 (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS IS" basis,
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- for the specific language governing rights and limitations under the
- License.
-
- The Original Code is Mozilla Communicator
-
- The Initial Developer of the Original Code is
- Netscape Communications Corp..
- Portions created by the Initial Developer are Copyright (C) 2001
- the Initial Developer. All Rights Reserved.
-
- Contributor(s): Kai Engert <kaie@netscape.com>
-
- Alternatively, the contents of this file may be used under the terms of
- either the GNU General Public License Version 2 or later (the "GPL"), or
- the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- in which case the provisions of the GPL or the LGPL are applicable instead
- of those above. If you wish to allow use of your version of this file only
- under the terms of either the GPL or the LGPL, and not to allow others to
- use your version of this file under the terms of the MPL, indicate your
- decision by deleting the provisions above and replace them with the notice
- and other provisions required by the LGPL or the GPL. If you do not delete
- the provisions above, a recipient may use your version of this file under
- the terms of any one of the MPL, the GPL or the LGPL.
-
- ***** END LICENSE BLOCK ***** -->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE window [
<!ENTITY % pippkiDTD SYSTEM "chrome://pippki/locale/pippki.dtd" >
%pippkiDTD;
]>
<window id="certPicker" title="&certPicker.defaultTitle;"
xmlns:html="http://www.w3.org/1999/xhtml"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
onload="onLoad();">
<script type="application/x-javascript" src="chrome://pippki/content/pippki.js"/>
<script type="application/x-javascript" src="chrome://pippki/content/certpicker.js"/>
<keyset id="keys">
<key id="enter-key" keycode="VK_ENTER" oncommand="doOK();"/>
<key id="return-key" keycode="VK_RETURN" oncommand="doOK();"/>
<key id="esc-key" keycode="VK_ESCAPE" oncommand="doCancel();"/>
</keyset>
<vbox style="margin: 5px;">
<groupbox orient="vertical">
<html id="pickerInfo" style="font-weight: bold;">&certPicker.defaultInfo;</html>
<broadcaster id="certSelected" oncommand="onCertSelected();"/>
<!-- The items in this menulist must never be sorted,
but remain in the order filled by the application
-->
<menulist id="nicknames" observes="certSelected">
<menupopup/>
</menulist>
<html>&certPicker.detailsLabel;</html>
<textbox readonly="true" id="details" multiline="true"
style="height: 11em; width=80em;"/>
</groupbox>
<separator class="thin"/>
<hbox>
<button id="ok-button" class="dialog" label="&ok.label;"
oncommand="doOK();" disabled="false"/>
<button id="cancel-button" class="dialog" label="&cancel.label;"
oncommand="doCancel();"/>
</hbox>
</vbox>
</window>

7
security/manager/pki/resources/content/deletecert.js
Просмотреть файл

@ -72,6 +72,13 @@ function setWindowName()
impact = bundle.GetStringFromName("deleteCaCertImpact");
helpUrl = "chrome://help/content/help.xul?delete_ca_certs"
}
else if(typeFlag == bundle.GetStringFromName("deleteEmailCertFlag"))
{
title = bundle.GetStringFromName("deleteEmailCertTitle");
confirm = bundle.GetStringFromName("deleteEmailCertConfirm");
impact = bundle.GetStringFromName("deleteEmailCertImpact");
helpUrl = "chrome://help/content/help.xul?delete_email_certs"
}
else
{
return;

3
security/manager/pki/resources/jar.mn
Просмотреть файл

@ -21,6 +21,7 @@ pippki.jar:
content/pippki/certManager.xul (content/certManager.xul)
content/pippki/CAOverlay.xul (content/CAOverlay.xul)
content/pippki/WebSitesOverlay.xul (content/WebSitesOverlay.xul)
content/pippki/OthersOverlay.xul (content/OthersOverlay.xul)
content/pippki/MineOverlay.xul (content/MineOverlay.xul)
content/pippki/viewCertDetails.xul (content/viewCertDetails.xul)
content/pippki/editcacert.xul (content/editcacert.xul)
@ -38,6 +39,8 @@ pippki.jar:
content/pippki/serverCertExpired.js (content/serverCertExpired.js)
content/pippki/clientauthask.xul (content/clientauthask.xul)
content/pippki/clientauthask.js (content/clientauthask.js)
content/pippki/certpicker.xul (content/certpicker.xul)
content/pippki/certpicker.js (content/certpicker.js)
content/pippki/certViewer.xul (content/certViewer.xul)
content/pippki/certDump.xul (content/certDump.xul)
content/pippki/device_manager.xul (content/device_manager.xul)

1
security/manager/pki/resources/locale/en-US/certManager.dtd
Просмотреть файл

@ -74,6 +74,7 @@
<!ENTITY certmgr.purpose "Purpose">
<!ENTITY certmgr.issued "Issued On">
<!ENTITY certmgr.expires "Expires On">
<!ENTITY certmgr.email "E-Mail Address">
<!ENTITY certmgr.help.label "Help">
<!ENTITY certmgr.ok.label "OK">

5
security/manager/pki/resources/locale/en-US/pippki.dtd
Просмотреть файл

@ -84,6 +84,11 @@
<!ENTITY clientAuthAsk.message2 "Choose a certificate to present as identification:">
<!ENTITY clientAuthAsk.message3 "Details of selected certificate:">
<!-- Strings for the cert picker dialog -->
<!ENTITY certPicker.defaultTitle "Select A Certificate">
<!ENTITY certPicker.defaultInfo "Please select the certificate you wish you use.">
<!ENTITY certPicker.detailsLabel "Details of selected certificate:">
<!ENTITY pkcs12.setpassword.title "Choose a Certificate Backup Password">
<!ENTITY pkcs12.setpassword.message "The certificate backup password you set here protects the backup file that you are about to create. You must set this password to proceed with the backup.">
<!ENTITY pkcs12.setpassword.label1 "Certificate backup password:">

4
security/manager/pki/resources/locale/en-US/pippki.properties
Просмотреть файл

@ -52,6 +52,10 @@ deleteCaCertConfirm=Are you sure you want to delete these CA certificates?
deleteCaCertImpact=If you delete a certificate authority (CA) certificate, your browser will no longer trust any certificates issued by that CA.
deleteCaCertTitle=Delete CA Certificates
deleteEmailCertFlag=deleteEmailFlag
deleteEmailCertConfirm=Are you sure you want to delete these people's e-mail certificates?
deleteEmailCertImpact=If you delete an e-mail certificate, your will no longer be able to send encrypted e-mail to those people.
deleteEmailCertTitle=Delete E-Mail Certificates
#PKCS#12 file dialogs

71
security/manager/pki/src/nsNSSDialogs.cpp
Просмотреть файл

@ -127,15 +127,16 @@ nsNSSDialogs::~nsNSSDialogs()
{
}
NS_IMPL_THREADSAFE_ISUPPORTS9(nsNSSDialogs, nsINSSDialogs,
nsITokenPasswordDialogs,
nsISecurityWarningDialogs,
nsIBadCertListener,
nsICertificateDialogs,
nsIClientAuthDialogs,
nsITokenDialogs,
nsIDOMCryptoDialogs,
nsIGeneratingKeypairInfoDialogs);
NS_IMPL_THREADSAFE_ISUPPORTS10(nsNSSDialogs, nsINSSDialogs,
nsITokenPasswordDialogs,
nsISecurityWarningDialogs,
nsIBadCertListener,
nsICertificateDialogs,
nsIClientAuthDialogs,
nsICertPickDialogs,
nsITokenDialogs,
nsIDOMCryptoDialogs,
nsIGeneratingKeypairInfoDialogs);
nsresult
nsNSSDialogs::Init()
@ -773,6 +774,58 @@ nsNSSDialogs::ChooseCertificate(nsIInterfaceRequestor *ctx, const PRUnichar *cn,
return rv;
}
NS_IMETHODIMP
nsNSSDialogs::PickCertificate(nsIInterfaceRequestor *ctx, const PRUnichar *title, const PRUnichar *infoPrompt, const PRUnichar **certNickList, const PRUnichar **certDetailsList, PRUint32 count, PRInt32 *selectedIndex, PRBool *canceled)
{
nsresult rv;
PRUint32 i;
*canceled = PR_FALSE;
// Get the parent window for the dialog
nsCOMPtr<nsIDOMWindowInternal> parent = do_GetInterface(ctx);
nsCOMPtr<nsIDialogParamBlock> block(do_CreateInstance("@mozilla.org/embedcomp/dialogparam;1"));
if (!block) return NS_ERROR_FAILURE;
rv = block->SetString(1, title);
if (NS_FAILED(rv)) return rv;
rv = block->SetString(2, infoPrompt);
if (NS_FAILED(rv)) return rv;
for (i = 0; i < count; i++) {
rv = block->SetString(i+3, certNickList[i]);
if (NS_FAILED(rv)) return rv;
}
for (i = 0; i < count; i++) {
rv = block->SetString(i+count+3, certDetailsList[i]);
if (NS_FAILED(rv)) return rv;
}
rv = block->SetInt(1, count);
if (NS_FAILED(rv)) return rv;
rv = nsNSSDialogHelper::openDialog(nsnull,
"chrome://pippki/content/certpicker.xul",
block);
if (NS_FAILED(rv)) return rv;
PRInt32 status;
rv = block->GetInt(1, &status);
if (NS_FAILED(rv)) return rv;
*canceled = (status == 0)?PR_TRUE:PR_FALSE;
if (!*canceled) {
rv = block->GetInt(2, selectedIndex);
}
return rv;
}
/*
* void setPKCS12FilePassword(in nsIInterfaceRequestor ctx,
* out wstring password,

2
security/manager/pki/src/nsNSSDialogs.h
Просмотреть файл

@ -42,6 +42,7 @@ class nsNSSDialogs
public nsISecurityWarningDialogs,
public nsICertificateDialogs,
public nsIClientAuthDialogs,
public nsICertPickDialogs,
public nsITokenDialogs,
public nsIDOMCryptoDialogs,
public nsIGeneratingKeypairInfoDialogs
@ -54,6 +55,7 @@ public:
NS_DECL_NSISECURITYWARNINGDIALOGS
NS_DECL_NSICERTIFICATEDIALOGS
NS_DECL_NSICLIENTAUTHDIALOGS
NS_DECL_NSICERTPICKDIALOGS
NS_DECL_NSITOKENDIALOGS
NS_DECL_NSIDOMCRYPTODIALOGS
NS_DECL_NSIGENERATINGKEYPAIRINFODIALOGS

Двоичные данные
security/manager/ssl/macbuild/PIPNSS.mcp
Просмотреть файл

Двоичный файл не отображается.

Двоичные данные
security/manager/ssl/macbuild/pipnssIDL.mcp
Просмотреть файл

Двоичный файл не отображается.

3
security/manager/ssl/public/Makefile.in
Просмотреть файл

@ -54,6 +54,9 @@ XPIDLSRCS = \
nsISSLStatus.idl \
nsICertOutliner.idl \
nsIKeygenThread.idl \
nsICMSSecureMessage.idl \
nsICMS.idl \
nsIUserCertPicker.idl \
$(NULL)
include $(topsrcdir)/config/rules.mk

3
security/manager/ssl/public/makefile.win
Просмотреть файл

@ -60,6 +60,9 @@ XPIDLSRCS= \
.\nsISSLStatus.idl \
.\nsICertOutliner.idl \
.\nsIKeygenThread.idl \
.\nsICMSSecureMessage.idl \
.\nsICMS.idl \
.\nsIUserCertPicker.idl \
$(NULL)

123
security/manager/ssl/public/nsICMS.idl Normal file
Просмотреть файл

@ -0,0 +1,123 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): David Drinan <ddrinan@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
interface nsISupportsArray;
interface nsIX509Cert;
%{ C++
typedef void (*NSSCMSContentCallback)(void *arg, const char *buf, unsigned long len);
%}
native NSSCMSContentCallback(NSSCMSContentCallback);
[ptr] native UnsignedCharPtr(unsigned char);
/*
* nsIHash
* Generic hashing interface
*/
[uuid(a31a3028-ae28-11d5-ba4b-00108303b117)]
interface nsIHash : nsISupports
{
const short HASH_AlgNULL = 0;
const short HASH_AlgMD2 = 1;
const short HASH_AlgMD5 = 2;
const short HASH_AlgSHA1 = 3;
const unsigned long MD2_LEN = 16;
const unsigned long MD5_LEN = 16;
const unsigned long SHA1_LEN = 20;
const unsigned long MAX_HASH_LEN = SHA1_LEN;
unsigned long resultLen(in short aAlg);
void create(in short aAlg);
void begin();
void update(in UnsignedCharPtr aBuf, in unsigned long aLen);
void end(in UnsignedCharPtr aHash, out unsigned long aLen, in unsigned long aMaxLen);
};
/**
* nsICMSMessage
* Interface to a CMS Message
*/
[uuid(a4557478-ae16-11d5-ba4b-00108303b117)]
interface nsICMSMessage : nsISupports
{
void contentIsSigned(out boolean aSigned);
void contentIsEncrypted(out boolean aEncrypted);
void getSignerCommonName(out string aName);
void getSignerEmailAddress(out string aEmail);
void verifySignature();
void verifyDetachedSignature(in UnsignedCharPtr aDigestData, in unsigned long aDigestDataLen);
void CreateEncrypted(in nsISupportsArray aRecipientCerts);
void CreateSigned(in nsIX509Cert scert, in nsIX509Cert ecert, in UnsignedCharPtr aDigestData, in unsigned long aDigestDataLen);
};
/**
* nsICMSDecoder
* Interface to decode an CMS message
*/
[uuid(65244a06-a342-11d5-ba47-00108303b117)]
interface nsICMSDecoder : nsISupports
{
void start(in NSSCMSContentCallback cb, in voidPtr arg);
void update(in string aBuf, in long aLen);
void finish(out nsICMSMessage msg);
};
/**
* nsICMSEncoder
* Interface to Encode an CMS message
*/
[uuid(a15789aa-8903-462b-81e9-4aa2cff4d5cb)]
interface nsICMSEncoder : nsISupports
{
void start(in nsICMSMessage aMsg, in NSSCMSContentCallback cb, in voidPtr arg);
void update(in string aBuf, in long aLen);
void finish();
void encode(in nsICMSMessage aMsg);
};
/**
* NS_CMSMESSAGE_CONTRACTID - contract id of a class that
* implements nsICMSMessage
*/
%{C++
#define NS_CMSDECODER_CONTRACTID "@mozilla.org/nsCMSDecoder;1"
#define NS_CMSENCODER_CONTRACTID "@mozilla.org/nsCMSEncoder;1"
#define NS_CMSMESSAGE_CONTRACTID "@mozilla.org/nsCMSMessage;1"
#define NS_HASH_CONTRACTID "@mozilla.org/nsHash;1"
%}

78
security/manager/ssl/public/nsICMSSecureMessage.idl Normal file
Просмотреть файл

@ -0,0 +1,78 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): Terry Hayes <thayes@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
interface nsIX509Cert;
/**
* nsICMSManager (service)
* Interface to access users certificate store
*/
[scriptable, uuid(14b4394a-1dd2-11b2-b4fd-ba4a194fe97e)]
interface nsICMSSecureMessage : nsISupports
{
/**
* getCertByPrefID - a BASE64 string representing a user's
* certificate (or NULL if there isn't one)
*/
string getCertByPrefID(in string certID);
/**
* decodeCert - decode a BASE64 string into an X509Certificate object
*/
nsIX509Cert decodeCert(in string value);
/**
* sendMessage - send a text message to the recipient indicated
* by the base64-encoded cert.
*/
string sendMessage(in string msg, in string cert);
/**
* receiveMessage - recieve an encrypted (enveloped) message
*/
string receiveMessage(in string msg);
};
/**
* NS_CMSMESSAGE_CONTRACTID - contract id of a class that
* implements nsICMSMessage
*/
%{C++
#define NS_CMSSECUREMESSAGE_CONTRACTID "@mozilla.org/nsCMSSecureMessage;1"
%}

21
security/manager/ssl/public/nsINSSDialogs.idl
Просмотреть файл

@ -171,6 +171,27 @@ interface nsIClientAuthDialogs : nsISupports
out boolean canceled);
};
/**
* nsICertPicker
* Provides generic UI for choosing a certificate
*/
[scriptable, uuid(51d59b08-1dd2-11b2-ad4a-a51b92f8a184)]
interface nsICertPickDialogs : nsISupports
{
/**
* PickCertificate
* General purpose certificate prompter
*/
void PickCertificate(in nsIInterfaceRequestor ctx,
in wstring title,
in wstring infoPrompt,
[array, size_is(count)] in wstring certNickList,
[array, size_is(count)] in wstring certDetailsList,
in PRUint32 count,
out PRInt32 selectedIndex,
out boolean canceled);
};
[scriptable, uuid(bb4bae9c-39c5-11d5-ba26-00108303b117)]
interface nsITokenDialogs : nsISupports
{

57
security/manager/ssl/public/nsIUserCertPicker.idl Normal file
Просмотреть файл

@ -0,0 +1,57 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): Kai Engert <kaie@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
interface nsIX509Cert;
interface nsIInterfaceRequestor;
[scriptable, uuid(06d018e0-d41b-4629-a4fc-daaa6029888e)]
interface nsIUserCertPicker : nsISupports {
nsIX509Cert pickByUsage(in nsIInterfaceRequestor ctx,
in wstring title,
in wstring infoPrompt,
in PRInt32 certUsage, // as defined by NSS enum SECCertUsage
in boolean allowInvalid,
in boolean allowDuplicateNicknames,
out boolean canceled);
};
%{C++
#define NS_CERT_PICKER_CONTRACTID "@mozilla.org/user_cert_picker;1"
#define NS_CERT_PICKER_CLASSNAME "Cert Picker Object"
%}

22
security/manager/ssl/public/nsIX509CertDB.idl
Просмотреть файл

@ -123,6 +123,16 @@ interface nsIX509CertDB : nsISupports {
in nsCertCompareFunc aCertCmpFn,
out nsISupportsArray certs);
/* Get the user encryption cert */
nsIX509Cert getEmailEncryptionCert(in wstring aNickname);
/* Get the user signing cert */
nsIX509Cert getEmailSigningCert(in wstring aNickname);
/* Get a cert by email address */
nsIX509Cert getCertByEmailAddress(in nsIPK11Token aToken,
in string aEmailAddress);
/*
* importCertificates
* Use this to import a stream sent down as a mime type into
@ -137,6 +147,9 @@ interface nsIX509CertDB : nsISupports {
in unsigned long type,
in nsIInterfaceRequestor ctx);
[noscript] void importEmailCertificate(in charPtr data,
in unsigned long length,
in nsIInterfaceRequestor ctx);
/*
* importCertificate
*
@ -244,5 +257,12 @@ interface nsIX509CertDB : nsISupports {
* values.
*/
void enableOCSP();
};
/*
* decode base64 certificate and return a new nsIX509Cert instance
*
*/
nsIX509Cert constructX509FromBase64(in string base64);
};

3
security/manager/ssl/src/Makefile.in
Просмотреть файл

@ -72,6 +72,9 @@ CPPSRCS = \
nsCrypto.cpp \
nsPKCS11Slot.cpp \
nsKeygenThread.cpp \
nsCMSSecureMessage.cpp \
nsCMS.cpp \
nsCertPicker.cpp \
$(NULL)
REQUIRES = nspr \

4
security/manager/ssl/src/makefile.win
Просмотреть файл

@ -81,6 +81,7 @@ LINCS = $(LINCS) \
SUB_LIBRARIES = \
$(DIST)/lib/smime.lib \
$(DIST)/lib/crmf.lib \
$(DIST)/lib/ssl.lib \
$(DIST)/lib/nss.lib \
@ -124,6 +125,9 @@ OBJS = \
.\$(OBJDIR)\nsCrypto.obj \
.\$(OBJDIR)\nsPKCS11Slot.obj \
.\$(OBJDIR)\nsKeygenThread.obj \
.\$(OBJDIR)\nsCMSSecureMessage.obj \
.\$(OBJDIR)\nsCMS.obj \
.\$(OBJDIR)\nsCertPicker.obj \
$(NULL)
include <$(DEPTH)\config\rules.mak>

458
security/manager/ssl/src/nsCMS.cpp Normal file
Просмотреть файл

@ -0,0 +1,458 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): David Drinan <ddrinan@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.h"
#include "nsCMS.h"
#include "nsNSSHelper.h"
#include "nsNSSCertificate.h"
#include "smime.h"
#include "cms.h"
NS_IMPL_THREADSAFE_ISUPPORTS1(nsHash, nsIHash)
nsHash::nsHash() : m_ctxt(nsnull)
{
NS_INIT_ISUPPORTS();
}
nsHash::~nsHash()
{
if (m_ctxt) {
HASH_Destroy(m_ctxt);
}
}
NS_IMETHODIMP nsHash::ResultLen(PRInt16 aAlg, PRUint32 * aLen)
{
*aLen = HASH_ResultLen((HASH_HashType)aAlg);
return NS_OK;
}
NS_IMETHODIMP nsHash::Create(PRInt16 aAlg)
{
m_ctxt = HASH_Create((HASH_HashType)aAlg);
if (m_ctxt == nsnull) {
return NS_ERROR_FAILURE;
}
return NS_OK;
}
NS_IMETHODIMP nsHash::Begin()
{
HASH_Begin(m_ctxt);
return NS_OK;
}
NS_IMETHODIMP nsHash::Update(unsigned char* aBuf, PRUint32 aLen)
{
HASH_Update(m_ctxt, (const unsigned char*)aBuf, aLen);
return NS_OK;
}
NS_IMETHODIMP nsHash::End(unsigned char* aBuf, PRUint32* aResultLen, PRUint32 aMaxResultLen)
{
HASH_End(m_ctxt, aBuf, aResultLen, aMaxResultLen);
return NS_OK;
}
NS_IMPL_THREADSAFE_ISUPPORTS1(nsCMSMessage, nsICMSMessage)
nsCMSMessage::nsCMSMessage()
{
NS_INIT_ISUPPORTS();
m_cmsMsg = nsnull;
}
nsCMSMessage::nsCMSMessage(NSSCMSMessage *aCMSMsg)
{
NS_INIT_ISUPPORTS();
m_cmsMsg = aCMSMsg;
}
nsCMSMessage::~nsCMSMessage()
{
if (m_cmsMsg) {
NSS_CMSMessage_Destroy(m_cmsMsg);
}
}
NS_IMETHODIMP nsCMSMessage::VerifySignature()
{
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsCMSMessage::GetSignerEmailAddress(char * * aEmail)
{
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsCMSMessage::GetSignerCommonName(char ** aName)
{
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsCMSMessage::ContentIsEncrypted(int *)
{
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsCMSMessage::ContentIsSigned(int *)
{
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsCMSMessage::VerifyDetachedSignature(unsigned char* aDigestData, PRUint32 aDigestDataLen)
{
NSSCMSContentInfo *cinfo = nsnull;
NSSCMSSignedData *sigd = nsnull;
NSSCMSSignerInfo *si;
SECItem digest;
PRInt32 nsigners;
nsresult rv = NS_ERROR_FAILURE;
digest.data = aDigestData;
digest.len = aDigestDataLen;
if (NSS_CMSMessage_IsSigned(m_cmsMsg) == PR_FALSE) {
return NS_ERROR_FAILURE;
}
cinfo = NSS_CMSMessage_ContentLevel(m_cmsMsg, 0);
sigd = (NSSCMSSignedData*)NSS_CMSContentInfo_GetContent(cinfo);
if (sigd == nsnull) {
goto loser;
}
if (NSS_CMSSignedData_SetDigestValue(sigd, SEC_OID_SHA1, &digest)) {
goto loser;
}
// Import certs //
if (NSS_CMSSignedData_ImportCerts(sigd, CERT_GetDefaultCertDB(), certUsageEmailSigner, PR_TRUE) != SECSuccess) {
goto loser;
}
nsigners = NSS_CMSSignedData_SignerInfoCount(sigd);
PR_ASSERT(nsigners > 0);
// We verify the first signer info, only //
if (NSS_CMSSignedData_VerifySignerInfo(sigd, 0, CERT_GetDefaultCertDB(), certUsageEmailSigner) != SECSuccess) {
goto loser;
}
// Save the profile //
si = NSS_CMSSignedData_GetSignerInfo(sigd, 0);
if (NSS_SMIMESignerInfo_SaveSMIMEProfile(si) != SECSuccess) {
goto loser;
}
rv = NS_OK;
loser:
return rv;
}
NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsISupportsArray * aRecipientCerts)
{
NSSCMSContentInfo *cinfo;
NSSCMSEnvelopedData *envd;
NSSCMSRecipientInfo *recipientInfo;
CERTCertificate **recipientCerts;
PLArenaPool *tmpPoolp = nsnull;
SECOidTag bulkAlgTag;
int keySize, i;
nsNSSCertificate *nssRecipientCert;
// Check the recipient certificates //
PRUint32 recipientCertCount;
aRecipientCerts->Count(&recipientCertCount);
PR_ASSERT(recipientCertCount > 0);
if ((tmpPoolp = PORT_NewArena(1024)) == nsnull) {
goto loser;
}
if ((recipientCerts = (CERTCertificate**)PORT_ArenaZAlloc(tmpPoolp,
(recipientCertCount+1)*sizeof(CERTCertificate*)))
== nsnull) {
goto loser;
}
for (i=0; i<recipientCertCount; i++) {
nssRecipientCert = NS_STATIC_CAST(nsNSSCertificate*, aRecipientCerts->ElementAt(i));
recipientCerts[i] = nssRecipientCert->GetCert();
}
recipientCerts[i] = nsnull;
// Find a bulk key algorithm //
if (NSS_SMIMEUtil_FindBulkAlgForRecipients(recipientCerts, &bulkAlgTag,
&keySize) != SECSuccess) {
goto loser;
}
m_cmsMsg = NSS_CMSMessage_Create(NULL);
if (m_cmsMsg == nsnull) {
goto loser;
}
if ((envd = NSS_CMSEnvelopedData_Create(m_cmsMsg, bulkAlgTag, keySize)) == nsnull) {
goto loser;
}
cinfo = NSS_CMSMessage_GetContentInfo(m_cmsMsg);
if (NSS_CMSContentInfo_SetContent_EnvelopedData(m_cmsMsg, cinfo, envd) != SECSuccess) {
goto loser;
}
cinfo = NSS_CMSEnvelopedData_GetContentInfo(envd);
if (NSS_CMSContentInfo_SetContent_Data(m_cmsMsg, cinfo, nsnull, PR_FALSE) != SECSuccess) {
goto loser;
}
// Create and attach recipient information //
for (i=0; recipientCerts[i] != nsnull; i++) {
if ((recipientInfo = NSS_CMSRecipientInfo_Create(m_cmsMsg, recipientCerts[i])) == nsnull) {
goto loser;
}
if (NSS_CMSEnvelopedData_AddRecipient(envd, recipientInfo) != SECSuccess) {
goto loser;
}
}
if (tmpPoolp) {
PORT_FreeArena(tmpPoolp, PR_FALSE);
}
return NS_OK;
loser:
if (m_cmsMsg) {
NSS_CMSMessage_Destroy(m_cmsMsg);
m_cmsMsg = nsnull;
}
if (tmpPoolp) {
PORT_FreeArena(tmpPoolp, PR_FALSE);
}
return NS_ERROR_FAILURE;
}
NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert* aEncryptCert, unsigned char* aDigestData, PRUint32 aDigestDataLen)
{
NSSCMSContentInfo *cinfo;
NSSCMSSignedData *sigd;
NSSCMSSignerInfo *signerinfo;
CERTCertificate *scert, *ecert;
/* Get the certs */
scert = NS_STATIC_CAST(nsNSSCertificate*, aSigningCert)->GetCert();
ecert = NS_STATIC_CAST(nsNSSCertificate*, aEncryptCert)->GetCert();
/*
* create the message object
*/
m_cmsMsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */
if (m_cmsMsg == NULL) {
goto loser;
}
/*
* build chain of objects: message->signedData->data
*/
if ((sigd = NSS_CMSSignedData_Create(m_cmsMsg)) == NULL) {
goto loser;
}
cinfo = NSS_CMSMessage_GetContentInfo(m_cmsMsg);
if (NSS_CMSContentInfo_SetContent_SignedData(m_cmsMsg, cinfo, sigd)
!= SECSuccess) {
goto loser;
}
cinfo = NSS_CMSSignedData_GetContentInfo(sigd);
/* we're always passing data in and detaching optionally */
if (NSS_CMSContentInfo_SetContent_Data(m_cmsMsg, cinfo, nsnull, PR_TRUE)
!= SECSuccess) {
goto loser;
}
/*
* create & attach signer information
*/
if ((signerinfo = NSS_CMSSignerInfo_Create(m_cmsMsg, scert, SEC_OID_SHA1))
== NULL) {
goto loser;
}
/* we want the cert chain included for this one */
if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChain,
certUsageEmailSigner)
!= SECSuccess) {
goto loser;
}
if (NSS_CMSSignerInfo_AddSigningTime(signerinfo, PR_Now())
!= SECSuccess) {
goto loser;
}
if (NSS_CMSSignerInfo_AddSMIMECaps(signerinfo) != SECSuccess) {
goto loser;
}
if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ecert,
CERT_GetDefaultCertDB())
!= SECSuccess) {
goto loser;
}
if (NSS_CMSSignedData_AddCertificate(sigd, ecert) != SECSuccess) {
goto loser;
}
if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) {
goto loser;
}
// Finally, add the pre-computed digest if passed in
if (aDigestData) {
SECItem digest;
digest.data = aDigestData;
digest.len = aDigestDataLen;
if (NSS_CMSSignedData_SetDigestValue(sigd, SEC_OID_SHA1, &digest)) {
goto loser;
}
}
return NS_OK;
loser:
if (m_cmsMsg) {
NSS_CMSMessage_Destroy(m_cmsMsg);
m_cmsMsg = nsnull;
}
return NS_ERROR_FAILURE;
}
NS_IMPL_THREADSAFE_ISUPPORTS1(nsCMSDecoder, nsICMSDecoder)
nsCMSDecoder::nsCMSDecoder()
{
NS_INIT_ISUPPORTS();
}
nsCMSDecoder::~nsCMSDecoder()
{
}
/* void start (in NSSCMSContentCallback cb, in voidPtr arg); */
NS_IMETHODIMP nsCMSDecoder::Start(NSSCMSContentCallback cb, void * arg)
{
m_ctx = new PipUIContext();
m_dcx = NSS_CMSDecoder_Start(0, cb, arg, 0, m_ctx, 0, 0);
if (!m_dcx) {
return NS_ERROR_FAILURE;
}
return NS_OK;
}
/* void update (in string bug, in long len); */
NS_IMETHODIMP nsCMSDecoder::Update(const char *buf, PRInt32 len)
{
NSS_CMSDecoder_Update(m_dcx, (char *)buf, len);
return NS_OK;
}
/* void finish (); */
NS_IMETHODIMP nsCMSDecoder::Finish(nsICMSMessage ** aCMSMsg)
{
NSSCMSMessage *cmsMsg;
cmsMsg = NSS_CMSDecoder_Finish(m_dcx);
if (cmsMsg) {
nsCOMPtr<nsICMSMessage> msg = new nsCMSMessage(cmsMsg);
*aCMSMsg = msg;
NS_ADDREF(*aCMSMsg);
}
return NS_OK;
}
NS_IMPL_THREADSAFE_ISUPPORTS1(nsCMSEncoder, nsICMSEncoder)
nsCMSEncoder::nsCMSEncoder()
{
NS_INIT_ISUPPORTS();
}
nsCMSEncoder::~nsCMSEncoder()
{
}
/* void start (); */
NS_IMETHODIMP nsCMSEncoder::Start(nsICMSMessage *aMsg, NSSCMSContentCallback cb, void * arg)
{
nsCMSMessage *cmsMsg = NS_STATIC_CAST(nsCMSMessage*, aMsg);
m_ctx = new PipUIContext();
m_ecx = NSS_CMSEncoder_Start(cmsMsg->getCMS(), cb, arg, 0, 0, 0, m_ctx, 0, 0, 0, 0);
if (m_ecx == nsnull) {
return NS_ERROR_FAILURE;
}
return NS_OK;
}
/* void update (in string aBuf, in long aLen); */
NS_IMETHODIMP nsCMSEncoder::Update(const char *aBuf, PRInt32 aLen)
{
if (NSS_CMSEncoder_Update(m_ecx, aBuf, aLen) != SECSuccess) {
return NS_ERROR_FAILURE;
}
return NS_OK;
}
/* void finish (); */
NS_IMETHODIMP nsCMSEncoder::Finish()
{
if (NSS_CMSEncoder_Finish(m_ecx) != SECSuccess) {
return NS_ERROR_FAILURE;
}
return NS_OK;
}
/* void encode (in nsICMSMessage aMsg); */
NS_IMETHODIMP nsCMSEncoder::Encode(nsICMSMessage *aMsg)
{
return NS_ERROR_NOT_IMPLEMENTED;
}

128
security/manager/ssl/src/nsCMS.h Normal file
Просмотреть файл

@ -0,0 +1,128 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): David Drinan <ddrinan@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef __NS_CMS_H__
#define __NS_CMS_H__
#include "nsISupports.h"
#include "nsCOMPtr.h"
#include "nsIInterfaceRequestor.h"
#include "nsICMS.h"
#include "sechash.h"
#include "cms.h"
#define NS_HASH_CLASSNAME "Hash Object"
#define NS_HASH_CID \
{ 0xa31a3028, 0xae28, 0x11d5, { 0xba, 0x4b, 0x00, 0x10, 0x83, 0x03, 0xb1, 0x17 } }
class nsHash : public nsIHash
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIHASH
nsHash();
virtual ~nsHash();
private:
HASHContext * m_ctxt;
};
#define NS_CMSMESSAGE_CLASSNAME "CMS Message Object"
#define NS_CMSMESSAGE_CID \
{ 0xa4557478, 0xae16, 0x11d5, { 0xba,0x4b,0x00,0x10,0x83,0x03,0xb1,0x17 } }
class nsCMSMessage : public nsICMSMessage
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICMSMESSAGE
nsCMSMessage();
nsCMSMessage(NSSCMSMessage* aCMSMsg);
virtual ~nsCMSMessage();
NSSCMSMessage* getCMS() {return m_cmsMsg;};
private:
NSSCMSMessage * m_cmsMsg;
};
// ===============================================
// nsCMSDecoder - implementation of nsICMSDecoder
// ===============================================
#define NS_CMSDECODER_CLASSNAME "CMS Decoder Object"
#define NS_CMSDECODER_CID \
{ 0x9dcef3a4, 0xa3bc, 0x11d5, { 0xba, 0x47, 0x00, 0x10, 0x83, 0x03, 0xb1, 0x17 } }
class nsCMSDecoder : public nsICMSDecoder
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICMSDECODER
nsCMSDecoder();
virtual ~nsCMSDecoder();
private:
nsCOMPtr<nsIInterfaceRequestor> m_ctx;
NSSCMSDecoderContext *m_dcx;
};
// ===============================================
// nsCMSEncoder - implementation of nsICMSEncoder
// ===============================================
#define NS_CMSENCODER_CLASSNAME "CMS Decoder Object"
#define NS_CMSENCODER_CID \
{ 0xa15789aa, 0x8903, 0x462b, { 0x81, 0xe9, 0x4a, 0xa2, 0xcf, 0xf4, 0xd5, 0xcb } }
class nsCMSEncoder : public nsICMSEncoder
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICMSENCODER
nsCMSEncoder();
virtual ~nsCMSEncoder();
private:
nsCOMPtr<nsIInterfaceRequestor> m_ctx;
NSSCMSEncoderContext *m_ecx;
};
#endif

293
security/manager/ssl/src/nsCMSSecureMessage.cpp Normal file
Просмотреть файл

@ -0,0 +1,293 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): Terry Hayes <thayes@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsMemory.h"
#include "nsXPIDLString.h"
#include "nsCOMPtr.h"
#include "nsISupports.h"
#include "nsIInterfaceRequestor.h"
#include "nsICMSSecureMessage.h"
#include "nsCMSSecureMessage.h"
#include "nsNSSCertificate.h"
#include "nsNSSHelper.h"
#include <string.h>
#include "plbase64.h"
#include "cert.h"
#include "cms.h"
#include "nsIServiceManager.h"
#include "nsIPref.h"
// Standard ISupports implementation
// NOTE: Should these be the thread-safe versions?
/*****
* nsCMSSecureMessage
*****/
// Standard ISupports implementation
NS_IMPL_ISUPPORTS1(nsCMSSecureMessage, nsICMSSecureMessage)
// nsCMSSecureMessage constructor
nsCMSSecureMessage::nsCMSSecureMessage()
{
// initialize superclass
NS_INIT_ISUPPORTS();
}
// nsCMSMessage destructor
nsCMSSecureMessage::~nsCMSSecureMessage()
{
}
/* string getCertByPrefID (in string certID); */
NS_IMETHODIMP nsCMSSecureMessage::
GetCertByPrefID(const char *certID, char **_retval)
{
nsresult rv = NS_OK;
CERTCertificate *cert = 0;
nsXPIDLCString nickname;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
*_retval = 0;
static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
nsCOMPtr<nsIPref> prefs = do_GetService(kPrefCID, &rv);
if (NS_FAILED(rv)) goto done;
rv = prefs->GetCharPref(certID,
getter_Copies(nickname));
if (NS_FAILED(rv)) goto done;
/* Find a good cert in the user's database */
cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), (char*)nickname.get(),
certUsageEmailRecipient, PR_TRUE, ctx);
if (!cert) { goto done; } /* Success, but no value */
/* Convert the DER to a BASE64 String */
encode(cert->derCert.data, cert->derCert.len, _retval);
done:
if (cert) CERT_DestroyCertificate(cert);
return rv;
}
// nsCMSSecureMessage::DecodeCert
nsresult nsCMSSecureMessage::
DecodeCert(const char *value, nsIX509Cert ** _retval)
{
nsresult rv = NS_OK;
PRInt32 length;
unsigned char *data = 0;
*_retval = 0;
if (!value) { return NS_ERROR_FAILURE; }
rv = decode(value, &data, &length);
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIX509Cert> cert = new nsNSSCertificate((char *)data, length);
*_retval = cert;
NS_IF_ADDREF(*_retval);
nsCRT::free((char*)data);
return rv;
}
// nsCMSSecureMessage::SendMessage
nsresult nsCMSSecureMessage::
SendMessage(const char *msg, const char *base64Cert, char ** _retval)
{
nsresult rv = NS_OK;
CERTCertificate *cert = 0;
NSSCMSMessage *cmsMsg = 0;
unsigned char *certDER = 0;
PRInt32 derLen;
NSSCMSEnvelopedData *env;
NSSCMSContentInfo *cinfo;
NSSCMSRecipientInfo *rcpt;
SECItem item;
SECItem output;
PLArenaPool *arena = PORT_NewArena(1024);
SECStatus s;
/* Step 0. Create a CMS Message */
cmsMsg = NSS_CMSMessage_Create(NULL);
if (!cmsMsg) { rv = NS_ERROR_FAILURE; goto done; }
/* Step 1. Import the certificate into NSS */
rv = decode(base64Cert, &certDER, &derLen);
if (NS_FAILED(rv)) goto done;
cert = CERT_DecodeCertFromPackage((char *)certDER, derLen);
if (!cert) { rv = NS_ERROR_FAILURE; goto done; }
#if 0
cert->dbhandle = CERT_GetDefaultCertDB(); /* work-around */
#endif
/* Step 2. Get a signature cert */
/* Step 3. Build inner (signature) content */
/* Step 4. Build outer (enveloped) content */
env = NSS_CMSEnvelopedData_Create(cmsMsg, SEC_OID_DES_EDE3_CBC, 0);
if (!env) { rv = NS_ERROR_FAILURE; goto done; }
cinfo = NSS_CMSEnvelopedData_GetContentInfo(env);
item.data = (unsigned char *)msg;
item.len = strlen(msg); /* XPCOM equiv?? */
s = NSS_CMSContentInfo_SetContent_Data(cmsMsg, cinfo, 0, PR_FALSE);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
rcpt = NSS_CMSRecipientInfo_Create(cmsMsg, cert);
if (!rcpt) { rv = NS_ERROR_FAILURE; goto done; }
s = NSS_CMSEnvelopedData_AddRecipient(env, rcpt);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
/* Step 5. Add content to message */
cinfo = NSS_CMSMessage_GetContentInfo(cmsMsg);
s = NSS_CMSContentInfo_SetContent_EnvelopedData(cmsMsg, cinfo, env);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
/* Step 6. Encode */
NSSCMSEncoderContext *ecx;
output.data = 0; output.len = 0;
ecx = NSS_CMSEncoder_Start(cmsMsg, 0, 0, &output, arena,
0, 0, 0, 0, 0, 0);
if (!ecx) { rv = NS_ERROR_FAILURE; goto done; }
s = NSS_CMSEncoder_Update(ecx, msg, strlen(msg));
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
s = NSS_CMSEncoder_Finish(ecx);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
/* Step 7. Base64 encode and return the result */
rv = encode(output.data, output.len, _retval);
done:
if (certDER) nsCRT::free((char *)certDER);
if (cert) CERT_DestroyCertificate(cert);
if (cmsMsg) NSS_CMSMessage_Destroy(cmsMsg);
if (arena) PORT_FreeArena(arena, PR_FALSE); /* PR_FALSE? */
return rv;
}
/*
* nsCMSSecureMessage::ReceiveMessage
*/
nsresult nsCMSSecureMessage::
ReceiveMessage(const char *msg, char **_retval)
{
nsresult rv = NS_OK;
NSSCMSDecoderContext *dcx;
unsigned char *der = 0;
PRInt32 derLen;
NSSCMSMessage *cmsMsg = 0;
SECItem *content;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
/* Step 1. Decode the base64 wrapper */
rv = decode(msg, &der, &derLen);
if (NS_FAILED(rv)) goto done;
dcx = NSS_CMSDecoder_Start(0, 0, 0, /* pw */ 0, ctx, /* key */ 0, 0);
if (!dcx) { rv = NS_ERROR_FAILURE; goto done; }
(void)NSS_CMSDecoder_Update(dcx, (char *)der, derLen);
cmsMsg = NSS_CMSDecoder_Finish(dcx);
if (!cmsMsg) { rv = NS_ERROR_FAILURE; goto done; } /* Memory leak on dcx?? */
content = NSS_CMSMessage_GetContent(cmsMsg);
if (!content) { rv = NS_ERROR_FAILURE; goto done; }
/* Copy the data */
*_retval = (char*)malloc(content->len+1);
memcpy(*_retval, content->data, content->len);
(*_retval)[content->len] = 0;
done:
if (der) free(der);
if (cmsMsg) NSS_CMSMessage_Destroy(cmsMsg);
return rv;
}
nsresult nsCMSSecureMessage::
encode(const unsigned char *data, PRInt32 dataLen, char **_retval)
{
nsresult rv = NS_OK;
*_retval = PL_Base64Encode((const char *)data, dataLen, NULL);
if (!*_retval) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
loser:
return rv;
}
nsresult nsCMSSecureMessage::
decode(const char *data, unsigned char **result, PRInt32 * _retval)
{
nsresult rv = NS_OK;
PRUint32 len = PL_strlen(data);
int adjust = 0;
/* Compute length adjustment */
if (data[len-1] == '=') {
adjust++;
if (data[len-2] == '=') adjust++;
}
*result = (unsigned char *)PL_Base64Decode(data, len, NULL);
if (!*result) { rv = NS_ERROR_ILLEGAL_VALUE; goto loser; }
*_retval = (len*3)/4 - adjust;
loser:
return rv;
}

69
security/manager/ssl/src/nsCMSSecureMessage.h Normal file
Просмотреть файл

@ -0,0 +1,69 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): Terry Hayes <thayes@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef _NSCMSSECUREMESSAGE_H_
#define _NSCMSSECUREMESSAGE_H_
#include "nsICMSSecureMessage.h"
#include "cms.h"
// ===============================================
// nsCMSManager - implementation of nsICMSManager
// ===============================================
#define NS_CMSSECUREMESSAGE_CLASSNAME "CMS Secure Message"
#define NS_CMSSECUREMESSAGE_CID \
{ 0x5fb907e0, 0x1dd2, 0x11b2, { 0xa7, 0xc0, 0xf1, 0x4c, 0x41, 0x6a, 0x62, 0xa1 } }
class nsCMSSecureMessage
: public nsICMSSecureMessage
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICMSSECUREMESSAGE
nsCMSSecureMessage();
virtual ~nsCMSSecureMessage();
private:
NS_METHOD encode(const unsigned char *data, PRInt32 dataLen, char **_retval);
NS_METHOD decode(const char *data, unsigned char **result, PRInt32 * _retval);
};
#endif /* _NSCMSMESSAGE_H_ */

2
security/manager/ssl/src/nsCertOutliner.cpp
Просмотреть файл

@ -504,6 +504,8 @@ nsCertOutliner::GetCellText(PRInt32 row, const PRUnichar *colID,
}
} else if (strcmp(col, "tokencol") == 0) {
rv = cert->GetTokenName(&wstr);
} else if (strcmp(col, "emailcol") == 0) {
rv = cert->GetEmailAddress(&wstr);
} else if (strcmp(col, "verifiedcol") == 0) {
PRUint32 verified;
nsCOMPtr<nsINSSComponent> nssComponent(

192
security/manager/ssl/src/nsCertPicker.cpp Normal file
Просмотреть файл

@ -0,0 +1,192 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): Kai Engert <kaie@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsCertPicker.h"
#include "nsMemory.h"
#include "nsCOMPtr.h"
#include "nsXPIDLString.h"
#include "nsIServiceManager.h"
#include "nsNSSComponent.h"
#include "nsNSSCertificate.h"
#include "nsINSSDialogs.h"
#include "nsReadableUtils.h"
#include "cert.h"
/* strings for marking invalid user cert nicknames */
#define NICKNAME_EXPIRED_STRING " (expired)"
#define NICKNAME_NOT_YET_VALID_STRING " (not yet valid)"
NS_IMPL_ISUPPORTS1(nsCertPicker, nsIUserCertPicker)
nsCertPicker::nsCertPicker()
{
NS_INIT_ISUPPORTS();
}
nsCertPicker::~nsCertPicker()
{
}
/* nsIX509Cert pick (in nsIInterfaceRequestor ctx, in wstring title, in wstring infoPrompt, in PRInt32 certUsage, in boolean allowInvalid, in boolean allowDuplicateNicknames, out boolean canceled); */
NS_IMETHODIMP nsCertPicker::PickByUsage(nsIInterfaceRequestor *ctx, const PRUnichar *title, const PRUnichar *infoPrompt, PRInt32 certUsage, PRBool allowInvalid, PRBool allowDuplicateNicknames, PRBool *canceled, nsIX509Cert **_retval)
{
PRInt32 i = 0;
PRInt32 selectedIndex = -1;
PRUnichar **certNicknameList = nsnull;
PRUnichar **certDetailsList = nsnull;
CERTCertListNode* node = nsnull;
CERTCertificate* cert = nsnull;
nsresult rv;
{
// Iterate over all certs. This assures that user is logged in to all hardware tokens.
CERTCertList *allcerts = nsnull;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
allcerts = PK11_ListCerts(PK11CertListUnique, ctx);
CERT_DestroyCertList(allcerts);
}
/* find all user certs that are valid and for SSL */
/* note that we are allowing expired certs in this list */
CERTCertList *certList =
CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
(SECCertUsage)certUsage,
!allowDuplicateNicknames,
!allowInvalid,
ctx);
if (!certList) {
return NS_ERROR_NOT_AVAILABLE;
}
rv = NS_OK;
CERTCertNicknames *nicknames =
CERT_NicknameStringsFromCertList(certList,
NICKNAME_EXPIRED_STRING,
NICKNAME_NOT_YET_VALID_STRING);
if (!nicknames) {
rv = NS_ERROR_NOT_AVAILABLE;
}
else {
certNicknameList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
certDetailsList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
for (i = 0, node = CERT_LIST_HEAD(certList);
!CERT_LIST_END(node, certList);
++i, node = CERT_LIST_NEXT(node)
)
{
nsNSSCertificate *tempCert = new nsNSSCertificate(node->cert);
if (tempCert) {
// XXX we really should be using an nsCOMPtr instead of manually add-refing,
// but nsNSSCertificate does not have a default constructor.
NS_ADDREF(tempCert);
nsAutoString i_nickname(NS_ConvertUTF8toUCS2(nicknames->nicknames[i]));
nsAutoString nickWithSerial;
nsAutoString details;
if (NS_SUCCEEDED(tempCert->FormatUIStrings(i_nickname, nickWithSerial, details))) {
certNicknameList[i] = ToNewUnicode(nickWithSerial);
certDetailsList[i] = ToNewUnicode(details);
}
NS_RELEASE(tempCert);
}
}
nsICertPickDialogs *dialogs = nsnull;
rv = getNSSDialogs((void**)&dialogs, NS_GET_IID(nsICertPickDialogs));
if (NS_SUCCEEDED(rv)) {
/* Throw up the cert picker dialog and get back the index of the selected cert */
rv = dialogs->PickCertificate(ctx, title, infoPrompt,
(const PRUnichar**)certNicknameList, (const PRUnichar**)certDetailsList,
nicknames->numnicknames, &selectedIndex, canceled);
for (i = 0; i < nicknames->numnicknames; ++i) {
nsMemory::Free(certNicknameList[i]);
nsMemory::Free(certDetailsList[i]);
}
nsMemory::Free(certNicknameList);
nsMemory::Free(certDetailsList);
NS_RELEASE(dialogs);
}
if (NS_SUCCEEDED(rv) && !*canceled) {
for (i = 0, node = CERT_LIST_HEAD(certList);
!CERT_LIST_END(node, certList);
++i, node = CERT_LIST_NEXT(node)) {
if (i == selectedIndex) {
nsNSSCertificate *cert = new nsNSSCertificate(node->cert);
if (!cert) {
rv = NS_ERROR_OUT_OF_MEMORY;
break;
}
nsIX509Cert *x509 = 0;
nsresult rv = cert->QueryInterface(NS_GET_IID(nsIX509Cert), (void**)&x509);
if (NS_FAILED(rv)) {
break;
}
NS_ADDREF(x509);
*_retval = x509;
NS_RELEASE(cert);
break;
}
}
}
CERT_FreeNicknames(nicknames);
}
if (certList) {
CERT_DestroyCertList(certList);
}
return NS_OK;
}

58
security/manager/ssl/src/nsCertPicker.h Normal file
Просмотреть файл

@ -0,0 +1,58 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): Kai Engert <kaie@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef _NSCERTPICKER_H_
#define _NSCERTPICKER_H_
#include "nsIUserCertPicker.h"
#define NS_CERT_PICKER_CID \
{ 0x735959a1, 0xaf01, 0x447e, { 0xb0, 0x2d, 0x56, 0xe9, 0x68, 0xfa, 0x52, 0xb4 } }
class nsCertPicker : public nsIUserCertPicker
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIUSERCERTPICKER
nsCertPicker();
virtual ~nsCertPicker();
private:
};
#endif //_NSCERTPICKER_H_

2
security/manager/ssl/src/nsCertTree.cpp
Просмотреть файл

@ -504,6 +504,8 @@ nsCertOutliner::GetCellText(PRInt32 row, const PRUnichar *colID,
}
} else if (strcmp(col, "tokencol") == 0) {
rv = cert->GetTokenName(&wstr);
} else if (strcmp(col, "emailcol") == 0) {
rv = cert->GetEmailAddress(&wstr);
} else if (strcmp(col, "verifiedcol") == 0) {
PRUint32 verified;
nsCOMPtr<nsINSSComponent> nssComponent(

389
security/manager/ssl/src/nsNSSCertificate.cpp
Просмотреть файл

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: nsNSSCertificate.cpp,v 1.53 2001/09/29 08:27:59 jaggernaut%netscape.com Exp $
* $Id: nsNSSCertificate.cpp,v 1.54 2001/10/30 23:51:59 ddrinan%netscape.com Exp $
*/
#include "prmem.h"
@ -58,6 +58,7 @@
#include "nsIURI.h"
#include "nsIWindowWatcher.h"
#include "nsIPrompt.h"
#include "nsIProxyObjectManager.h"
#include "nspr.h"
extern "C" {
@ -71,6 +72,7 @@ extern "C" {
}
#include "ssl.h"
#include "ocsp.h"
#include "plbase64.h"
#ifdef PR_LOGGING
extern PRLogModuleInfo* gPIPNSSLog;
@ -638,7 +640,6 @@ nsNSSCertificate::nsNSSCertificate(char *certDER, int derLen) :
{
mCert->dbhandle = CERT_GetDefaultCertDB();
}
}
nsNSSCertificate::nsNSSCertificate(CERTCertificate *cert) :
@ -690,6 +691,166 @@ nsNSSCertificate::MarkForPermDeletion()
return NS_OK;
}
nsresult
nsNSSCertificate::FormatUIStrings(const nsAutoString &nickname, nsAutoString &nickWithSerial, nsAutoString &details)
{
nsresult rv = NS_OK;
nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID, &rv));
if (NS_FAILED(rv) || !proxyman) {
return NS_ERROR_FAILURE;
}
NS_DEFINE_CID(nssComponentCID, NS_NSSCOMPONENT_CID);
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(nssComponentCID, &rv));
if (NS_FAILED(rv) || !nssComponent) {
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsIX509Cert> x509 = do_QueryInterface(this);
if (!x509) {
return NS_ERROR_NO_INTERFACE;
}
nsCOMPtr<nsIX509Cert> x509Proxy;
proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
nsIX509Cert::GetIID(),
x509,
PROXY_SYNC | PROXY_ALWAYS,
getter_AddRefs(x509Proxy));
if (!x509Proxy) {
rv = NS_ERROR_OUT_OF_MEMORY;
}
else {
rv = NS_OK;
nsAutoString info;
PRUnichar *temp1 = 0;
nickWithSerial.Append(nickname);
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoIssuedFor").get(), info))) {
details.Append(info);
details.Append(NS_LITERAL_STRING("\n"));
}
if (NS_SUCCEEDED(x509Proxy->GetSubjectName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
details.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) {
details.Append(info);
details.Append(NS_LITERAL_STRING(": "));
}
details.Append(temp1);
nsMemory::Free(temp1);
details.Append(NS_LITERAL_STRING("\n"));
}
if (NS_SUCCEEDED(x509Proxy->GetSerialNumber(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
details.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSerialNo").get(), info))) {
details.Append(info);
details.Append(NS_LITERAL_STRING(": "));
}
details.Append(temp1);
nickWithSerial.Append(NS_LITERAL_STRING(" ["));
nickWithSerial.Append(temp1);
nickWithSerial.Append(NS_LITERAL_STRING("]"));
nsMemory::Free(temp1);
details.Append(NS_LITERAL_STRING("\n"));
}
{
nsCOMPtr<nsIX509CertValidity> validity;
nsCOMPtr<nsIX509CertValidity> originalValidity;
rv = x509Proxy->GetValidity(getter_AddRefs(originalValidity));
if (NS_SUCCEEDED(rv) && originalValidity) {
proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
nsIX509CertValidity::GetIID(),
originalValidity,
PROXY_SYNC | PROXY_ALWAYS,
getter_AddRefs(validity));
}
if (validity) {
details.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoValid").get(), info))) {
details.Append(info);
}
if (NS_SUCCEEDED(validity->GetNotBeforeLocalTime(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
details.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoFrom").get(), info))) {
details.Append(info);
}
details.Append(NS_LITERAL_STRING(" "));
details.Append(temp1);
nsMemory::Free(temp1);
}
if (NS_SUCCEEDED(validity->GetNotAfterLocalTime(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
details.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoTo").get(), info))) {
details.Append(info);
}
details.Append(NS_LITERAL_STRING(" "));
details.Append(temp1);
nsMemory::Free(temp1);
}
details.Append(NS_LITERAL_STRING("\n"));
}
}
PRUint32 tempInt = 0;
if (NS_SUCCEEDED(x509Proxy->GetPurposes(&tempInt, &temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
details.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoPurposes").get(), info))) {
details.Append(info);
}
details.Append(NS_LITERAL_STRING(": "));
details.Append(temp1);
nsMemory::Free(temp1);
details.Append(NS_LITERAL_STRING("\n"));
}
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoIssuedBy").get(), info))) {
details.Append(info);
details.Append(NS_LITERAL_STRING("\n"));
}
if (NS_SUCCEEDED(x509Proxy->GetIssuerName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
details.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) {
details.Append(info);
details.Append(NS_LITERAL_STRING(": "));
}
details.Append(temp1);
nsMemory::Free(temp1);
details.Append(NS_LITERAL_STRING("\n"));
}
/*
the above produces output the following output:
Issued to:
Subject: $subjectName
Serial number: $serialNumber
Valid from: $starting_date to $expriation_date
Purposes: $purposes
Issued by:
Subject: $issuerName
*/
}
return rv;
}
/* readonly attribute string dbKey; */
NS_IMETHODIMP
nsNSSCertificate::GetDbKey(char * *aDbKey)
@ -2763,6 +2924,63 @@ nsNSSCertificateDB::ImportCertificates(char * data, PRUint32 length,
return nsrv;
}
/*
* [noscript] void importEmailCertificates(in charPtr data, in unsigned long length,
* in nsIInterfaceRequestor ctx);
*/
NS_IMETHODIMP
nsNSSCertificateDB::ImportEmailCertificate(char * data, PRUint32 length,
nsIInterfaceRequestor *ctx)
{
SECStatus srv = SECFailure;
nsresult nsrv = NS_OK;
CERTCertificate * cert;
SECItem **rawCerts;
int numcerts;
int i;
PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena)
return NS_ERROR_OUT_OF_MEMORY;
CERTDERCerts *certCollection = getCertsFromPackage(arena, data, length);
if (!certCollection) {
PORT_FreeArena(arena, PR_FALSE);
return NS_ERROR_FAILURE;
}
cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), certCollection->rawCerts,
(char *)NULL, PR_FALSE, PR_TRUE);
if (!cert) {
nsrv = NS_ERROR_FAILURE;
goto loser;
}
numcerts = certCollection->numcerts;
rawCerts = (SECItem **) PORT_Alloc(sizeof(SECItem *) * numcerts);
if ( !rawCerts ) {
nsrv = NS_ERROR_FAILURE;
goto loser;
}
for ( i = 0; i < numcerts; i++ ) {
rawCerts[i] = &certCollection->rawCerts[i];
}
srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), certUsageEmailSigner,
numcerts, rawCerts, NULL, PR_TRUE, PR_FALSE,
NULL);
if ( srv != SECSuccess ) {
nsrv = NS_ERROR_FAILURE;
goto loser;
}
srv = CERT_SaveSMimeProfile(cert, NULL, NULL);
PORT_Free(rawCerts);
loser:
if (arena)
PORT_FreeArena(arena, PR_TRUE);
return nsrv;
}
char *
default_nickname(CERTCertificate *cert, nsIInterfaceRequestor* ctx)
{
@ -3397,6 +3615,11 @@ nsNSSCertificateDB::getCertType(CERTCertificate *cert)
char *nick = cert->nickname;
char *email = cert->emailAddr;
nsNSSCertTrust trust(cert->trust);
/*
fprintf(stderr, "====> nick: %s email: %s has-any-user: %d hash-any-ca: %d has-peer100: %d has-peer001: %d\n",
nick, email, (nick) ? trust.HasAnyUser() : 0, (nick) ? trust.HasAnyCA() : 0, (nick) ? trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE) : 0,
(email) ? trust.HasPeer(PR_FALSE, PR_TRUE, PR_FALSE) : 0 );
*/
if (nick) {
if (trust.HasAnyUser())
return nsIX509Cert::USER_CERT;
@ -3405,7 +3628,7 @@ nsNSSCertificateDB::getCertType(CERTCertificate *cert)
if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE))
return nsIX509Cert::SERVER_CERT;
}
if (email && trust.HasPeer(PR_FALSE, PR_FALSE, PR_TRUE))
if (email && trust.HasPeer(PR_FALSE, PR_TRUE, PR_FALSE))
return nsIX509Cert::EMAIL_CERT;
return nsIX509Cert::UNKNOWN_CERT;
}
@ -3717,3 +3940,163 @@ nsNSSCertificateDB::EnableOCSP()
return nssComponent->EnableOCSP();
}
/* nsIX509Cert getDefaultEmailEncryptionCert (); */
NS_IMETHODIMP
nsNSSCertificateDB::GetEmailEncryptionCert(const PRUnichar* aNickname, nsIX509Cert **_retval)
{
nsresult rv = NS_OK;
CERTCertificate *cert = 0;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
nsNSSCertificate *nssCert = nsnull;
char *asciiname = NULL;
asciiname = NS_CONST_CAST(char*, NS_ConvertUCS2toUTF8(aNickname).get());
*_retval = 0;
/* Find a good cert in the user's database */
cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), asciiname,
certUsageEmailRecipient, PR_TRUE, ctx);
if (!cert) { goto loser; }
nssCert = new nsNSSCertificate(cert);
if (nssCert == nsnull) {
rv = NS_ERROR_OUT_OF_MEMORY;
}
NS_ADDREF(nssCert);
*_retval = NS_STATIC_CAST(nsIX509Cert*, nssCert);
loser:
if (cert) CERT_DestroyCertificate(cert);
return rv;
}
/* nsIX509Cert getDefaultEmailSigningCert (); */
NS_IMETHODIMP
nsNSSCertificateDB::GetEmailSigningCert(const PRUnichar* aNickname, nsIX509Cert **_retval)
{
nsresult rv = NS_OK;
CERTCertificate *cert = 0;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
nsNSSCertificate *nssCert = nsnull;
char *asciiname = NULL;
asciiname = NS_CONST_CAST(char*, NS_ConvertUCS2toUTF8(aNickname).get());
*_retval = 0;
/* Find a good cert in the user's database */
cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), asciiname,
certUsageEmailSigner, PR_TRUE, ctx);
if (!cert) { goto loser; }
nssCert = new nsNSSCertificate(cert);
if (nssCert == nsnull) {
rv = NS_ERROR_OUT_OF_MEMORY;
}
NS_ADDREF(nssCert);
*_retval = NS_STATIC_CAST(nsIX509Cert*, nssCert);
loser:
if (cert) CERT_DestroyCertificate(cert);
return rv;
}
/* nsIX509Cert getCertByEmailAddress (in nsIPK11Token aToken, in wstring aEmailAddress); */
NS_IMETHODIMP
nsNSSCertificateDB::GetCertByEmailAddress(nsIPK11Token *aToken, const char *aEmailAddress, nsIX509Cert **_retval)
{
CERTCertList *certList = nsnull;
SECStatus sec_rv;
nsresult rv = NS_OK;
certList = CERT_CreateEmailAddrCertList(nsnull, CERT_GetDefaultCertDB(),
(char*)aEmailAddress, PR_Now(), PR_TRUE);
if (certList == nsnull) {
rv = NS_ERROR_FAILURE;
goto loser;
}
sec_rv = CERT_FilterCertListByUsage(certList, certUsageEmailRecipient, PR_FALSE);
if (!CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) {
nsNSSCertificate *nssCert = new nsNSSCertificate(CERT_LIST_HEAD(certList)->cert);
if (nssCert == nsnull) {
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
NS_ADDREF(nssCert);
*_retval = NS_STATIC_CAST(nsIX509Cert*, nssCert);
}
loser:
if (certList) {
CERT_DestroyCertList(certList);
}
return rv;
}
/* nsIX509Cert constructX509FromBase64 (in string base64); */
NS_IMETHODIMP
nsNSSCertificateDB::ConstructX509FromBase64(const char * base64, nsIX509Cert **_retval)
{
if (!_retval) {
return NS_ERROR_FAILURE;
}
PRUint32 len = PL_strlen(base64);
int adjust = 0;
/* Compute length adjustment */
if (base64[len-1] == '=') {
adjust++;
if (base64[len-2] == '=') adjust++;
}
nsresult rv = NS_OK;
char *certDER = 0;
PRInt32 lengthDER = 0;
certDER = PL_Base64Decode(base64, len, NULL);
if (!certDER || !*certDER) {
rv = NS_ERROR_ILLEGAL_VALUE;
}
else {
lengthDER = (len*3)/4 - adjust;
SECItem secitem_cert;
secitem_cert.type = siDERCertBuffer;
secitem_cert.data = (unsigned char*)certDER;
secitem_cert.len = lengthDER;
CERTCertificate *cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &secitem_cert, nsnull, PR_FALSE, PR_TRUE);
if (!cert) {
rv = NS_ERROR_FAILURE;
}
else {
nsNSSCertificate *nsNSS = new nsNSSCertificate(cert);
if (!nsNSS) {
rv = NS_ERROR_OUT_OF_MEMORY;
}
else {
nsresult rv = nsNSS->QueryInterface(NS_GET_IID(nsIX509Cert), (void**)_retval);
if (NS_SUCCEEDED(rv) && *_retval) {
NS_ADDREF(*_retval);
}
NS_RELEASE(nsNSS);
}
CERT_DestroyCertificate(cert);
}
}
if (certDER) {
nsCRT::free(certDER);
}
return rv;
}

2
security/manager/ssl/src/nsNSSCertificate.h
Просмотреть файл

@ -43,6 +43,7 @@
#include "prtypes.h"
#include "cert.h"
#include "secitem.h"
#include "nsString.h"
class nsINSSComponent;
@ -61,6 +62,7 @@ public:
nsresult MarkForPermDeletion();
nsresult SetCertType(PRUint32 aCertType);
nsresult GetCertType(PRUint32 *aCertType);
nsresult FormatUIStrings(const nsAutoString &nickname, nsAutoString &nickWithSerial, nsAutoString &details);
private:
CERTCertificate *mCert;

4
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -59,6 +59,7 @@
#include "sechash.h"
#include "secmime.h"
#include "ocsp.h"
#include "cms.h"
extern "C" {
#include "pkcs11.h"
#include "pkcs12.h"
@ -1186,7 +1187,8 @@ PSMContentDownloader::OnStopRequest(nsIRequest* request,
return certdb->ImportCertificates(mByteData, mBufferOffset, mType, ctx);
case PSMContentDownloader::X509_USER_CERT:
return certdb->ImportUserCertificate(mByteData, mBufferOffset, ctx);
break;
case PSMContentDownloader::X509_EMAIL_CERT:
return certdb->ImportEmailCertificate(mByteData, mBufferOffset, ctx);
case PSMContentDownloader::PKCS7_CRL:
return certdb->ImportCrl(mByteData, mBufferOffset, mURI, SEC_CRL_TYPE);
default:

166
security/manager/ssl/src/nsNSSIOLayer.cpp
Просмотреть файл

@ -155,13 +155,17 @@ nsNSSSocketInfo::nsNSSSocketInfo()
mForTLSStepUp(PR_FALSE),
mFirstWrite(PR_TRUE),
mTLSIntolerant(PR_FALSE),
mPort(0)
mPort(0),
mCAChain(nsnull)
{
NS_INIT_ISUPPORTS();
}
nsNSSSocketInfo::~nsNSSSocketInfo()
{
if (mCAChain) {
CERT_DestroyCertList(mCAChain);
}
}
NS_IMPL_THREADSAFE_ISUPPORTS4(nsNSSSocketInfo,
@ -364,6 +368,15 @@ nsresult nsNSSSocketInfo::GetSSLStatus(nsISSLStatus** _result)
return NS_OK;
}
nsresult nsNSSSocketInfo::RememberCAChain(CERTCertList *aCertList)
{
if (mCAChain) {
CERT_DestroyCertList(mCAChain);
}
mCAChain = aCertList;
return NS_OK;
}
nsresult nsNSSSocketInfo::SetSSLStatus(nsISSLStatus *aSSLStatus)
{
mSSLStatus = aSSLStatus;
@ -1703,156 +1716,29 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
certNicknameList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
certDetailsList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID));
NS_DEFINE_CID(nssComponentCID, NS_NSSCOMPONENT_CID);
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(nssComponentCID, &rv));
if (proxyman && nssComponent)
for (i = 0, node = CERT_LIST_HEAD(certList);
!CERT_LIST_END(node, certList);
++i, node = CERT_LIST_NEXT(node)
)
{
nsNSSCertificate *tempCert = new nsNSSCertificate(node->cert);
NS_ADDREF(tempCert);
if (tempCert) {
// XXX we really should be using an nsCOMPtr instead of manually add-refing,
// but nsNSSCertificate does not have a default constructor.
NS_ADDREF(tempCert);
nsCOMPtr<nsIX509Cert> x509 = do_QueryInterface(tempCert);
nsCOMPtr<nsIX509Cert> x509Proxy;
proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
nsIX509Cert::GetIID(),
x509,
PROXY_SYNC | PROXY_ALWAYS,
getter_AddRefs(x509Proxy));
if (x509Proxy) {
nsAutoString i_nickname(NS_ConvertUTF8toUCS2(nicknames->nicknames[i]));
nsAutoString nickWithSerial;
nsAutoString str;
nsAutoString info;
PRUnichar *temp1 = 0;
nickWithSerial.Append(NS_ConvertUTF8toUCS2(nicknames->nicknames[i]));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoIssuedFor").get(), info))) {
str.Append(info);
str.Append(NS_LITERAL_STRING("\n"));
nsAutoString details;
if (NS_SUCCEEDED(tempCert->FormatUIStrings(i_nickname, nickWithSerial, details))) {
certNicknameList[i] = ToNewUnicode(nickWithSerial);
certDetailsList[i] = ToNewUnicode(details);
}
if (NS_SUCCEEDED(x509Proxy->GetSubjectName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
str.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) {
str.Append(info);
str.Append(NS_LITERAL_STRING(": "));
}
str.Append(temp1);
nsMemory::Free(temp1);
str.Append(NS_LITERAL_STRING("\n"));
}
if (NS_SUCCEEDED(x509Proxy->GetSerialNumber(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
str.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSerialNo").get(), info))) {
str.Append(info);
str.Append(NS_LITERAL_STRING(": "));
}
str.Append(temp1);
nickWithSerial.Append(NS_LITERAL_STRING(" ["));
nickWithSerial.Append(temp1);
nickWithSerial.Append(NS_LITERAL_STRING("]"));
nsMemory::Free(temp1);
str.Append(NS_LITERAL_STRING("\n"));
}
{
nsCOMPtr<nsIX509CertValidity> validity;
nsCOMPtr<nsIX509CertValidity> originalValidity;
rv = x509Proxy->GetValidity(getter_AddRefs(originalValidity));
if (NS_SUCCEEDED(rv) && originalValidity) {
proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
nsIX509CertValidity::GetIID(),
originalValidity,
PROXY_SYNC | PROXY_ALWAYS,
getter_AddRefs(validity));
}
if (validity) {
str.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoValid").get(), info))) {
str.Append(info);
}
if (NS_SUCCEEDED(validity->GetNotBeforeLocalTime(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
str.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoFrom").get(), info))) {
str.Append(info);
}
str.Append(NS_LITERAL_STRING(" "));
str.Append(temp1);
nsMemory::Free(temp1);
}
if (NS_SUCCEEDED(validity->GetNotAfterLocalTime(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
str.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoTo").get(), info))) {
str.Append(info);
}
str.Append(NS_LITERAL_STRING(" "));
str.Append(temp1);
nsMemory::Free(temp1);
}
str.Append(NS_LITERAL_STRING("\n"));
}
}
PRUint32 tempInt = 0;
if (NS_SUCCEEDED(x509Proxy->GetPurposes(&tempInt, &temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
str.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoPurposes").get(), info))) {
str.Append(info);
}
str.Append(NS_LITERAL_STRING(": "));
str.Append(temp1);
nsMemory::Free(temp1);
str.Append(NS_LITERAL_STRING("\n"));
}
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoIssuedBy").get(), info))) {
str.Append(info);
str.Append(NS_LITERAL_STRING("\n"));
}
if (NS_SUCCEEDED(x509Proxy->GetIssuerName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
str.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) {
str.Append(info);
str.Append(NS_LITERAL_STRING(": "));
}
str.Append(temp1);
nsMemory::Free(temp1);
str.Append(NS_LITERAL_STRING("\n"));
}
/*
the above produces output the following output:
Issued to:
Subject: $subjectName
Serial number: $serialNumber
Valid from: $starting_date to $expriation_date
Purposes: $purposes
Issued by:
Subject: $issuerName
*/
certNicknameList[i] = ToNewUnicode(nickWithSerial);
certDetailsList[i] = ToNewUnicode(str);
NS_RELEASE(tempCert);
}
NS_RELEASE(tempCert);
}
/* Throw up the client auth dialog and get back the index of the selected cert */

3
security/manager/ssl/src/nsNSSIOLayer.h
Просмотреть файл

@ -73,6 +73,8 @@ public:
nsresult GetTLSIntolerant(PRBool *aTLSIntolerant);
nsresult SetTLSIntolerant(PRBool aTLSIntolerant);
nsresult RememberCAChain(CERTCertList *aCertList);
/* Set SSL Status values */
nsresult SetSSLStatus(nsISSLStatus *aSSLStatus);
@ -87,6 +89,7 @@ protected:
PRBool mTLSIntolerant;
PRInt32 mPort;
nsXPIDLCString mHostName;
CERTCertList *mCAChain;
/* SSL Status */
nsCOMPtr<nsISSLStatus> mSSLStatus;

54
security/manager/ssl/src/nsNSSModule.cpp
Просмотреть файл

@ -44,6 +44,9 @@
//For the NS_CRYPTO_CONTRACTID define
#include "nsDOMCID.h"
#include "nsCMSSecureMessage.h"
#include "nsCMS.h"
#include "nsCertPicker.h"
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSComponent, Init)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
@ -57,7 +60,12 @@ NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSCertificateDB)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertOutliner)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCrypto)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsPkcs11)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCMSSecureMessage)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCMSDecoder)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCMSEncoder)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCMSMessage)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsHash)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertPicker)
static nsModuleComponentInfo components[] =
{
@ -192,9 +200,49 @@ static nsModuleComponentInfo components[] =
NS_CRYPTO_CID,
NS_CRYPTO_CONTRACTID,
nsCryptoConstructor
},
{
NS_CMSSECUREMESSAGE_CLASSNAME,
NS_CMSSECUREMESSAGE_CID,
NS_CMSSECUREMESSAGE_CONTRACTID,
nsCMSSecureMessageConstructor
},
{
NS_CMSDECODER_CLASSNAME,
NS_CMSDECODER_CID,
NS_CMSDECODER_CONTRACTID,
nsCMSDecoderConstructor
},
{
NS_CMSENCODER_CLASSNAME,
NS_CMSENCODER_CID,
NS_CMSENCODER_CONTRACTID,
nsCMSEncoderConstructor
},
{
NS_CMSMESSAGE_CLASSNAME,
NS_CMSMESSAGE_CID,
NS_CMSMESSAGE_CONTRACTID,
nsCMSMessageConstructor
},
{
NS_HASH_CLASSNAME,
NS_HASH_CID,
NS_HASH_CONTRACTID,
nsHashConstructor
},
{
NS_CERT_PICKER_CLASSNAME,
NS_CERT_PICKER_CID,
NS_CERT_PICKER_CONTRACTID,
nsCertPickerConstructor
}
};
NS_IMPL_NSGETMODULE(NSS, components);