зеркало из https://github.com/mozilla/gecko-dev.git
b=123917 Remove non-NSS_3_4 codepaths
r=wtc sr=alecf
This commit is contained in:
Родитель
7c0bfafa01
Коммит
21f0d86067
|
@ -161,7 +161,6 @@ FINAL_LINK_COMP_NAMES = $(DEPTH)/config/final-link-comp-names
|
|||
#
|
||||
# NSS libs needed for final link in static build
|
||||
#
|
||||
NSS_3_4=1
|
||||
|
||||
ifneq (,$(filter OS2 WINNT,$(OS_ARCH)))
|
||||
NSS_LIBS = \
|
||||
|
|
|
@ -29,16 +29,10 @@ include $(DEPTH)/config/autoconf.mk
|
|||
|
||||
LOADABLE_ROOT_MODULE = $(LIB_PREFIX)nssckbi$(DLL_SUFFIX)
|
||||
|
||||
NSS_3_4=1
|
||||
|
||||
ifdef NSS_3_4
|
||||
DEFINES += -DNSS_3_4
|
||||
|
||||
NSS3_LIB = $(LIB_PREFIX)nss3$(DLL_SUFFIX)
|
||||
SMIME3_LIB = $(LIB_PREFIX)smime3$(DLL_SUFFIX)
|
||||
SSL3_LIB = $(LIB_PREFIX)ssl3$(DLL_SUFFIX)
|
||||
SOFTOKEN3_LIB = $(LIB_PREFIX)softokn3$(DLL_SUFFIX)
|
||||
endif
|
||||
|
||||
FREEBL_PURE32_MODULE = libfreebl_pure32_3$(DLL_SUFFIX)
|
||||
FREEBL_HYBRID_MODULE = libfreebl_hybrid_3$(DLL_SUFFIX)
|
||||
|
@ -97,12 +91,10 @@ else
|
|||
endif
|
||||
$(MAKE) -C $(topsrcdir)/security/nss/lib $(DEFAULT_GMAKE_FLAGS)
|
||||
$(INSTALL) -m 755 $(DIST)/lib/$(LOADABLE_ROOT_MODULE) $(DIST)/bin
|
||||
ifdef NSS_3_4
|
||||
$(INSTALL) -m 755 $(DIST)/lib/$(SOFTOKEN3_LIB) $(DIST)/bin
|
||||
$(INSTALL) -m 755 $(DIST)/lib/$(NSS3_LIB) $(DIST)/bin
|
||||
$(INSTALL) -m 755 $(DIST)/lib/$(SSL3_LIB) $(DIST)/bin
|
||||
$(INSTALL) -m 755 $(DIST)/lib/$(SMIME3_LIB) $(DIST)/bin
|
||||
endif
|
||||
ifneq (,$(filter SunOS HP-UX,$(OS_ARCH)))
|
||||
ifneq ($(OS_TEST),i86pc)
|
||||
ifndef HAVE_64BIT_OS
|
||||
|
@ -117,12 +109,10 @@ endif
|
|||
|
||||
install::
|
||||
$(SYSINSTALL) -m 755 $(DIST)/lib/$(LOADABLE_ROOT_MODULE) $(DESTDIR)$(mozappdir)
|
||||
ifdef NSS_3_4
|
||||
$(SYSINSTALL) -m 755 $(DIST)/lib/$(SOFTOKEN3_LIB) $(DESTDIR)$(mozappdir)
|
||||
$(SYSINSTALL) -m 755 $(DIST)/lib/$(NSS3_LIB) $(DESTDIR)$(mozappdir)
|
||||
$(SYSINSTALL) -m 755 $(DIST)/lib/$(SSL3_LIB) $(DESTDIR)$(mozappdir)
|
||||
$(SYSINSTALL) -m 755 $(DIST)/lib/$(SMIME3_LIB) $(DESTDIR)$(mozappdir)
|
||||
endif
|
||||
ifneq (,$(filter SunOS HP-UX,$(OS_ARCH)))
|
||||
ifneq ($(OS_TEST),i86pc)
|
||||
ifndef HAVE_64BIT_OS
|
||||
|
|
|
@ -37,4 +37,3 @@
|
|||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#define NSS_3_4
|
||||
|
|
|
@ -93,12 +93,6 @@ REQUIRES = nspr \
|
|||
pipboot \
|
||||
$(NULL)
|
||||
|
||||
NSS_3_4=1
|
||||
|
||||
ifdef NSS_3_4
|
||||
DEFINES += -DNSS_3_4
|
||||
endif
|
||||
|
||||
EXTRA_DEPS = $(NSS_DEP_LIBS)
|
||||
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
|
|
|
@ -73,21 +73,12 @@ REQUIRES = \
|
|||
|
||||
include <$(DEPTH)/config/config.mak>
|
||||
|
||||
NSS_3_4=1
|
||||
|
||||
!if !defined(NSS_3_4)
|
||||
CFLAGS = $(CFLAGS) -DNSS_USE_STATIC_LIBS
|
||||
!endif
|
||||
|
||||
LINCS = $(LINCS) \
|
||||
-I$(XPDIST)/public/security \
|
||||
-I$(XPDIST)/private/security \
|
||||
$(NULL)
|
||||
|
||||
|
||||
!if defined(NSS_3_4)
|
||||
CFLAGS=$(CFLAGS) -DNSS_3_4
|
||||
|
||||
SUB_LIBRARIES = \
|
||||
$(DIST)/lib/crmf.lib \
|
||||
$(DIST)/lib/smime3.lib \
|
||||
|
@ -95,24 +86,6 @@ SUB_LIBRARIES = \
|
|||
$(DIST)/lib/nss3.lib \
|
||||
$(DIST)/lib/softokn3.lib \
|
||||
$(NULL)
|
||||
!else
|
||||
SUB_LIBRARIES = \
|
||||
$(DIST)/lib/smime.lib \
|
||||
$(DIST)/lib/crmf.lib \
|
||||
$(DIST)/lib/ssl.lib \
|
||||
$(DIST)/lib/nss.lib \
|
||||
$(DIST)/lib/certhi.lib \
|
||||
$(DIST)/lib/cryptohi.lib \
|
||||
$(DIST)/lib/pk11wrap.lib \
|
||||
$(DIST)/lib/certdb.lib \
|
||||
$(DIST)/lib/softoken.lib \
|
||||
$(DIST)/lib/pkcs12.lib \
|
||||
$(DIST)/lib/pkcs7.lib \
|
||||
$(DIST)/lib/freebl.lib \
|
||||
$(DIST)/lib/secutil.lib \
|
||||
$(DIST)/lib/dbm.lib \
|
||||
$(NULL)
|
||||
!endif
|
||||
|
||||
LLIBS = \
|
||||
$(LIBNSPR) \
|
||||
|
@ -150,9 +123,7 @@ include <$(DEPTH)\config\rules.mak>
|
|||
|
||||
libs:: $(DLL)
|
||||
$(MAKE_INSTALL) $(DIST)\lib\nssckbi.dll $(DIST)\bin
|
||||
!if defined(NSS_3_4)
|
||||
$(MAKE_INSTALL) $(DIST)\lib\softokn3.dll $(DIST)\bin
|
||||
$(MAKE_INSTALL) $(DIST)\lib\nss3.dll $(DIST)\bin
|
||||
$(MAKE_INSTALL) $(DIST)\lib\smime3.dll $(DIST)\bin
|
||||
$(MAKE_INSTALL) $(DIST)\lib\ssl3.dll $(DIST)\bin
|
||||
!endif
|
||||
|
|
|
@ -63,9 +63,7 @@
|
|||
extern "C" {
|
||||
#include "crmf.h"
|
||||
#include "crmfi.h"
|
||||
#ifdef NSS_3_4
|
||||
#include "pk11pqg.h"
|
||||
#endif
|
||||
}
|
||||
#include "cmmf.h"
|
||||
#include "nssb64.h"
|
||||
|
@ -237,20 +235,6 @@ NS_INTERFACE_MAP_END_THREADSAFE
|
|||
NS_IMPL_THREADSAFE_ADDREF(nsCryptoRunArgs)
|
||||
NS_IMPL_THREADSAFE_RELEASE(nsCryptoRunArgs)
|
||||
|
||||
#ifndef NSS_3_4
|
||||
/*
|
||||
* We're cheating for now so that escrowing keys on smart cards
|
||||
* will work. The NSS team gave us their blessing to do this
|
||||
* until they export a public function with equivalent functionality.
|
||||
*/
|
||||
extern "C" SECKEYPrivateKey*
|
||||
pk11_loadPrivKey(PK11SlotInfo *slot,SECKEYPrivateKey *privKey,
|
||||
SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive);
|
||||
#define __FUNCTIONNAME_PK11_LoadPrivKey pk11_loadPrivKey
|
||||
#else
|
||||
#define __FUNCTIONNAME_PK11_LoadPrivKey PK11_LoadPrivKey
|
||||
#endif
|
||||
|
||||
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
||||
|
||||
nsCrypto::nsCrypto()
|
||||
|
@ -496,18 +480,6 @@ cryptojs_interpret_key_gen_type(char *keyAlg)
|
|||
return invalidKeyGen;
|
||||
}
|
||||
|
||||
#ifdef NSS_3_4
|
||||
#define __FUNCTIONNAME_PK11_PQG_ParamGen PK11_PQG_ParamGen
|
||||
#define __FUNCTIONNAME_PK11_PQG_DestroyVerify PK11_PQG_DestroyVerify
|
||||
#define __FUNCTIONNAME_PK11_PQG_DestroyParams PK11_PQG_DestroyParams
|
||||
#define __WRAPPER_SEC_ASN1EncodeItem_Param4(p) SEC_ASN1_GET(p)
|
||||
#else
|
||||
#define __FUNCTIONNAME_PK11_PQG_ParamGen PQG_ParamGen
|
||||
#define __FUNCTIONNAME_PK11_PQG_DestroyVerify PQG_DestroyVerify
|
||||
#define __FUNCTIONNAME_PK11_PQG_DestroyParams PQG_DestroyParams
|
||||
#define __WRAPPER_SEC_ASN1EncodeItem_Param4(p) p
|
||||
#endif
|
||||
|
||||
//Take the string passed into us via crypto.generateCRMFRequest
|
||||
//as the keygen type parameter and convert it to parameters
|
||||
//we can actually pass to the PKCS#11 layer.
|
||||
|
@ -555,13 +527,13 @@ nsConvertToActualKeyGenParams(PRUint32 keyGenMech, char *params,
|
|||
returnParams = nsnull;
|
||||
break;
|
||||
}
|
||||
rv = __FUNCTIONNAME_PK11_PQG_ParamGen(0, &pqgParams, &vfy);
|
||||
rv = PK11_PQG_ParamGen(0, &pqgParams, &vfy);
|
||||
if (vfy) {
|
||||
__FUNCTIONNAME_PK11_PQG_DestroyVerify(vfy);
|
||||
PK11_PQG_DestroyVerify(vfy);
|
||||
}
|
||||
if (rv != SECSuccess) {
|
||||
if (pqgParams) {
|
||||
__FUNCTIONNAME_PK11_PQG_DestroyParams(pqgParams);
|
||||
PK11_PQG_DestroyParams(pqgParams);
|
||||
}
|
||||
return nsnull;
|
||||
}
|
||||
|
@ -602,7 +574,7 @@ nsFreeKeyGenParams(CK_MECHANISM_TYPE keyGenMechanism, void *params)
|
|||
nsMemory::Free(params);
|
||||
break;
|
||||
case CKM_DSA_KEY_PAIR_GEN:
|
||||
__FUNCTIONNAME_PK11_PQG_DestroyParams(NS_STATIC_CAST(PQGParams*,params));
|
||||
PK11_PQG_DestroyParams(NS_STATIC_CAST(PQGParams*,params));
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -713,7 +685,7 @@ cryptojs_generateOneKeyPair(JSContext *cx, nsKeyPairInfo *keyPairInfo,
|
|||
//If we generated the key pair on the internal slot because the
|
||||
// keys were going to be escrowed, move the keys over right now.
|
||||
if (willEscrow && intSlot) {
|
||||
SECKEYPrivateKey *newPrivKey = __FUNCTIONNAME_PK11_LoadPrivKey(origSlot,
|
||||
SECKEYPrivateKey *newPrivKey = PK11_LoadPrivKey(origSlot,
|
||||
keyPairInfo->privKey,
|
||||
keyPairInfo->pubKey,
|
||||
PR_TRUE, PR_TRUE);
|
||||
|
@ -946,7 +918,7 @@ nsSetRegToken(CRMFCertRequest *certReq, char *regToken)
|
|||
src.data = (unsigned char*)regToken;
|
||||
src.len = strlen(regToken);
|
||||
SECItem *derEncoded = SEC_ASN1EncodeItem(nsnull, nsnull, &src,
|
||||
__WRAPPER_SEC_ASN1EncodeItem_Param4(SEC_UTF8StringTemplate));
|
||||
SEC_ASN1_GET(SEC_UTF8StringTemplate));
|
||||
|
||||
if (!derEncoded)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
@ -974,7 +946,7 @@ nsSetAuthenticator(CRMFCertRequest *certReq, char *authenticator)
|
|||
src.data = (unsigned char*)authenticator;
|
||||
src.len = strlen(authenticator);
|
||||
SECItem *derEncoded = SEC_ASN1EncodeItem(nsnull, nsnull, &src,
|
||||
__WRAPPER_SEC_ASN1EncodeItem_Param4(SEC_UTF8StringTemplate));
|
||||
SEC_ASN1_GET(SEC_UTF8StringTemplate));
|
||||
if (!derEncoded)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
|
@ -1791,16 +1763,7 @@ nsCertAlreadyExists(SECItem *derCert)
|
|||
if (!arena)
|
||||
return PR_FALSE; //What else could we return?
|
||||
|
||||
#ifdef NSS_3_4
|
||||
cert = CERT_FindCertByDERCert(handle, derCert);
|
||||
#else
|
||||
SECItem key;
|
||||
SECStatus srv = CERT_KeyFromDERCert(arena, derCert, &key);
|
||||
if (srv != SECSuccess)
|
||||
return PR_FALSE;
|
||||
|
||||
cert = CERT_FindCertByKey(handle, &key);
|
||||
#endif
|
||||
if (cert) {
|
||||
if (cert->isperm && !cert->nickname && !cert->emailAddr) {
|
||||
//If the cert doesn't have a nickname or email addr, it is
|
||||
|
@ -1923,16 +1886,9 @@ nsCrypto::ImportUserCertificates(const nsAString& aNickname,
|
|||
// Let's figure out which nickname to give the cert. If
|
||||
// a certificate with the same subject name already exists,
|
||||
// then just use that one, otherwise, get the default nickname.
|
||||
#ifdef NSS_3_4
|
||||
if (currCert->nickname) {
|
||||
localNick = currCert->nickname;
|
||||
}
|
||||
#else
|
||||
if (currCert->subjectList && currCert->subjectList->entry &&
|
||||
currCert->subjectList->entry->nickname) {
|
||||
localNick = currCert->subjectList->entry->nickname;
|
||||
}
|
||||
#endif
|
||||
else if (nickname == nsnull || nickname[0] == '\0') {
|
||||
localNick = default_nickname(currCert, ctx);
|
||||
freeLocalNickname = PR_TRUE;
|
||||
|
|
|
@ -22,9 +22,6 @@
|
|||
|
||||
extern "C" {
|
||||
#include "secdert.h"
|
||||
#ifndef NSS_3_4
|
||||
#include "keydbt.h"
|
||||
#endif
|
||||
}
|
||||
#include "nspr.h"
|
||||
#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
|
||||
|
@ -33,11 +30,9 @@ extern "C" {
|
|||
#include "cryptohi.h"
|
||||
#include "base64.h"
|
||||
#include "secasn1.h"
|
||||
#ifdef NSS_3_4
|
||||
extern "C" {
|
||||
#include "pk11pqg.h"
|
||||
}
|
||||
#endif
|
||||
#include "nsProxiedService.h"
|
||||
#include "nsKeygenHandler.h"
|
||||
#include "nsVoidArray.h"
|
||||
|
@ -83,7 +78,6 @@ DERTemplate CERTPublicKeyAndChallengeTemplate[] =
|
|||
{ 0, }
|
||||
};
|
||||
|
||||
#ifdef NSS_3_4
|
||||
DERTemplate SECAlgorithmIDTemplate[] = {
|
||||
{ DER_SEQUENCE,
|
||||
0, NULL, sizeof(SECAlgorithmID) },
|
||||
|
@ -101,7 +95,6 @@ const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
|
|||
{ SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
|
||||
{ 0, }
|
||||
};
|
||||
#endif
|
||||
|
||||
|
||||
static NS_DEFINE_IID(kFormProcessorIID, NS_IFORMPROCESSOR_IID);
|
||||
|
@ -164,11 +157,7 @@ pqg_prime_bits(char *str)
|
|||
|
||||
done:
|
||||
if (params)
|
||||
#ifdef NSS_3_4
|
||||
PK11_PQG_DestroyParams(params);
|
||||
#else
|
||||
PQG_DestroyParams(params);
|
||||
#endif
|
||||
return primeBits;
|
||||
}
|
||||
|
||||
|
|
|
@ -116,11 +116,7 @@ nsSSLStatus::~nsSSLStatus()
|
|||
}
|
||||
|
||||
|
||||
#ifdef NSS_3_4
|
||||
char* PR_CALLBACK
|
||||
#else
|
||||
char*
|
||||
#endif
|
||||
PK11PasswordPrompt(PK11SlotInfo* slot, PRBool retry, void* arg) {
|
||||
nsresult rv = NS_OK;
|
||||
PRUnichar *password = nsnull;
|
||||
|
|
|
@ -27,11 +27,7 @@
|
|||
#include "pk11func.h"
|
||||
#include "nspr.h"
|
||||
|
||||
#ifdef NSS_3_4
|
||||
char* PR_CALLBACK
|
||||
#else
|
||||
char*
|
||||
#endif
|
||||
PK11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void* arg);
|
||||
|
||||
void PR_CALLBACK HandshakeCallback(PRFileDesc *fd, void *client_data);
|
||||
|
|
|
@ -701,13 +701,7 @@ nsNSSCertificate::~nsNSSCertificate()
|
|||
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
|
||||
PK11_DeleteTokenCertAndKey(mCert, cxt);
|
||||
CERT_DestroyCertificate(mCert);
|
||||
} else
|
||||
#ifdef NSS_3_4
|
||||
if (!PK11_IsReadOnly(mCert->slot))
|
||||
#else
|
||||
if (!mCert->slot)
|
||||
#endif
|
||||
{
|
||||
} else if (!PK11_IsReadOnly(mCert->slot)) {
|
||||
// If the cert isn't a user cert and it is on an external token,
|
||||
// then we'll just leave it as untrusted, but won't delete it
|
||||
// from the cert db.
|
||||
|
@ -911,7 +905,6 @@ nsNSSCertificate::FormatUIStrings(const nsAutoString &nickname, nsAutoString &ni
|
|||
}
|
||||
|
||||
|
||||
#ifdef NSS_3_4
|
||||
#define NS_NSS_LONG 4
|
||||
#define NS_NSS_GET_LONG(x) ((((unsigned long)((x)[0])) << 24) | \
|
||||
(((unsigned long)((x)[1])) << 16) | \
|
||||
|
@ -921,7 +914,6 @@ nsNSSCertificate::FormatUIStrings(const nsAutoString &nickname, nsAutoString &ni
|
|||
(dest)[1] = (((src) >> 16) & 0xff); \
|
||||
(dest)[2] = (((src) >> 8) & 0xff); \
|
||||
(dest)[3] = ((src) & 0xff);
|
||||
#endif
|
||||
|
||||
|
||||
/* readonly attribute string dbKey; */
|
||||
|
@ -932,7 +924,6 @@ nsNSSCertificate::GetDbKey(char * *aDbKey)
|
|||
|
||||
NS_ENSURE_ARG(aDbKey);
|
||||
*aDbKey = nsnull;
|
||||
#ifdef NSS_3_4
|
||||
key.len = NS_NSS_LONG*4+mCert->serialNumber.len+mCert->derIssuer.len;
|
||||
key.data = (unsigned char *)nsMemory::Alloc(key.len);
|
||||
NS_NSS_PUT_LONG(0,key.data); // later put moduleID
|
||||
|
@ -943,19 +934,9 @@ nsNSSCertificate::GetDbKey(char * *aDbKey)
|
|||
mCert->serialNumber.len);
|
||||
memcpy(&key.data[NS_NSS_LONG*4+mCert->serialNumber.len],
|
||||
mCert->derIssuer.data, mCert->derIssuer.len);
|
||||
#else
|
||||
SECStatus srv;
|
||||
srv = CERT_KeyFromIssuerAndSN(mCert->arena, &mCert->derIssuer,
|
||||
&mCert->serialNumber, &key);
|
||||
if (srv != SECSuccess) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
#endif
|
||||
|
||||
*aDbKey = NSSBase64_EncodeItem(nsnull, nsnull, 0, &key);
|
||||
#ifdef NSS_3_4
|
||||
nsMemory::Free(key.data); // SECItem is a 'c' type without a destrutor
|
||||
#endif
|
||||
return (*aDbKey) ? NS_OK : NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
|
@ -1338,12 +1319,7 @@ nsNSSCertificate::GetTokenName(PRUnichar **aTokenName)
|
|||
// has been loaded from the token. Though the trust is correct (grabbed
|
||||
// from the cert db), the source is wrong. I believe this is a safe
|
||||
// way to work around this.
|
||||
#ifdef NSS_3_4
|
||||
// This is not a problem in NSS 3.4, & mCert->slot is always set
|
||||
if (mCert->slot) {
|
||||
#else
|
||||
if (mCert->slot && !mCert->isperm) {
|
||||
#endif
|
||||
char *token = PK11_GetTokenName(mCert->slot);
|
||||
if (token) {
|
||||
*aTokenName = ToNewUnicode(NS_ConvertUTF8toUCS2(token));
|
||||
|
@ -1983,12 +1959,6 @@ ProcessRawBytes(SECItem *data, nsString &text)
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
#ifdef NSS_3_4
|
||||
#define __WRAPPER_SEC_ASN1DecodeItem_Param3(p) SEC_ASN1_GET(p)
|
||||
#else
|
||||
#define __WRAPPER_SEC_ASN1DecodeItem_Param3(p) p
|
||||
#endif
|
||||
|
||||
static nsresult
|
||||
ProcessNSCertTypeExtensions(SECItem *extData,
|
||||
nsString &text,
|
||||
|
@ -1998,7 +1968,7 @@ ProcessNSCertTypeExtensions(SECItem *extData,
|
|||
decoded.data = nsnull;
|
||||
decoded.len = 0;
|
||||
SEC_ASN1DecodeItem(nsnull, &decoded,
|
||||
__WRAPPER_SEC_ASN1DecodeItem_Param3(SEC_BitStringTemplate), extData);
|
||||
SEC_ASN1_GET(SEC_BitStringTemplate), extData);
|
||||
unsigned char nsCertType = decoded.data[0];
|
||||
nsString local;
|
||||
nsMemory::Free(decoded.data);
|
||||
|
@ -2055,7 +2025,7 @@ ProcessKeyUsageExtension(SECItem *extData, nsString &text,
|
|||
decoded.data = nsnull;
|
||||
decoded.len = 0;
|
||||
SEC_ASN1DecodeItem(nsnull, &decoded,
|
||||
__WRAPPER_SEC_ASN1DecodeItem_Param3(SEC_BitStringTemplate), extData);
|
||||
SEC_ASN1_GET(SEC_BitStringTemplate), extData);
|
||||
unsigned char keyUsage = decoded.data[0];
|
||||
nsString local;
|
||||
nsMemory::Free(decoded.data);
|
||||
|
@ -2826,17 +2796,12 @@ nsNSSCertificateDB::GetCertByDBKey(const char *aDBkey, nsIPK11Token *aToken,
|
|||
{
|
||||
SECItem keyItem = {siBuffer, nsnull, 0};
|
||||
SECItem *dummy;
|
||||
#ifdef NSS_3_4
|
||||
CERTIssuerAndSN issuerSN;
|
||||
unsigned long moduleID,slotID;
|
||||
#endif
|
||||
*_cert = nsnull;
|
||||
if (!aDBkey) return NS_ERROR_FAILURE;
|
||||
dummy = NSSBase64_DecodeBuffer(nsnull, &keyItem, aDBkey,
|
||||
(PRUint32)PL_strlen(aDBkey));
|
||||
#ifdef NSS_3_4
|
||||
// the future is now, the cert is not longer loaded into temp db's forn now
|
||||
// just fail
|
||||
CERTCertificate *cert;
|
||||
|
||||
// someday maybe we can speed up the search using the moduleID and slotID
|
||||
|
@ -2851,12 +2816,6 @@ nsNSSCertificateDB::GetCertByDBKey(const char *aDBkey, nsIPK11Token *aToken,
|
|||
issuerSN.serialNumber.len];
|
||||
|
||||
cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN);
|
||||
#else
|
||||
// In the future, this should actually look on the token. But for now,
|
||||
// take it for granted that the cert has been loaded into the temp db.
|
||||
CERTCertificate *cert = CERT_FindCertByKey(CERT_GetDefaultCertDB(),
|
||||
&keyItem);
|
||||
#endif
|
||||
PR_FREEIF(keyItem.data);
|
||||
if (cert) {
|
||||
nsNSSCertificate *nssCert = new nsNSSCertificate(cert);
|
||||
|
@ -3120,16 +3079,11 @@ nsNSSCertificateDB::handleCACertDownload(nsISupportsArray *x509Certs,
|
|||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Creating temp cert\n"));
|
||||
CERTCertificate *tmpCert;
|
||||
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
|
||||
#ifdef NSS_3_4
|
||||
tmpCert = CERT_FindCertByDERCert(certdb, &der);
|
||||
if (!tmpCert) {
|
||||
tmpCert = CERT_NewTempCertificate(certdb, &der,
|
||||
nsnull, PR_FALSE, PR_TRUE);
|
||||
}
|
||||
#else
|
||||
tmpCert = CERT_NewTempCertificate(certdb, &der,
|
||||
nsnull, PR_FALSE, PR_TRUE);
|
||||
#endif
|
||||
if (!tmpCert) {
|
||||
NS_ASSERTION(0,"Couldn't create cert from DER blob\n");
|
||||
return NS_ERROR_FAILURE;
|
||||
|
@ -3138,11 +3092,7 @@ nsNSSCertificateDB::handleCACertDownload(nsISupportsArray *x509Certs,
|
|||
CERTCertificateCleaner tmpCertCleaner(tmpCert);
|
||||
|
||||
PRBool canceled;
|
||||
#ifdef NSS_3_4
|
||||
if (tmpCert->isperm) {
|
||||
#else
|
||||
if (tmpCert->isperm) {
|
||||
#endif
|
||||
dialogs->CACertExists(ctx, &canceled);
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
@ -3597,19 +3547,12 @@ nsNSSCertificateDB::ImportUserCertificate(char *data, PRUint32 length, nsIInterf
|
|||
PK11_FreeSlot(slot);
|
||||
|
||||
/* pick a nickname for the cert */
|
||||
#ifdef NSS_3_4
|
||||
if (cert->nickname) {
|
||||
/* sigh, we need a call to look up other certs with this subject and
|
||||
* identify nicknames from them. We can no longer walk down internal
|
||||
* database structures rjr */
|
||||
nickname = cert->nickname;
|
||||
}
|
||||
#else
|
||||
if (cert->subjectList && cert->subjectList->entry &&
|
||||
cert->subjectList->entry->nickname) {
|
||||
nickname = cert->subjectList->entry->nickname;
|
||||
}
|
||||
#endif
|
||||
else {
|
||||
nickname = default_nickname(cert, ctx);
|
||||
}
|
||||
|
@ -4071,20 +4014,9 @@ nsNSSCertificateDB::GetOCSPResponders(nsISupportsArray ** aResponders)
|
|||
return rv;
|
||||
}
|
||||
|
||||
#ifdef NSS_3_4
|
||||
sec_rv = PK11_TraverseSlotCerts(::GetOCSPResponders,
|
||||
respondersArray,
|
||||
nsnull);
|
||||
#else
|
||||
sec_rv = SEC_TraversePermCerts(CERT_GetDefaultCertDB(),
|
||||
::GetOCSPResponders,
|
||||
respondersArray);
|
||||
if (sec_rv == SECSuccess) {
|
||||
sec_rv = PK11_TraverseSlotCerts(::GetOCSPResponders,
|
||||
respondersArray,
|
||||
nsnull);
|
||||
}
|
||||
#endif
|
||||
if (sec_rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
|
@ -4227,7 +4159,7 @@ nsNSSCertificateDB::ImportCrl (char *aData, PRUint32 aLength, nsIURI * aURI, PRU
|
|||
}
|
||||
} else {
|
||||
sec_rv = SEC_ASN1DecodeItem(arena,
|
||||
&sd, __WRAPPER_SEC_ASN1DecodeItem_Param3(CERT_SignedDataTemplate),
|
||||
&sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
|
||||
&derCrl);
|
||||
if (sec_rv != SECSuccess) {
|
||||
goto loser;
|
||||
|
@ -4840,7 +4772,6 @@ loser:
|
|||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::GetCertByEmailAddress(nsIPK11Token *aToken, const char *aEmailAddress, nsIX509Cert **_retval)
|
||||
{
|
||||
#ifdef NSS_3_4
|
||||
CERTCertificate *any_cert = CERT_FindCertByNicknameOrEmailAddr(CERT_GetDefaultCertDB(), (char*)aEmailAddress);
|
||||
if (!any_cert)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
@ -4868,37 +4799,6 @@ nsNSSCertificateDB::GetCertByEmailAddress(nsIPK11Token *aToken, const char *aEma
|
|||
NS_ADDREF(nssCert);
|
||||
*_retval = NS_STATIC_CAST(nsIX509Cert*, nssCert);
|
||||
return NS_OK;
|
||||
#else
|
||||
CERTCertList *certList = nsnull;
|
||||
SECStatus sec_rv;
|
||||
nsresult rv = NS_OK;
|
||||
|
||||
certList = CERT_CreateEmailAddrCertList(nsnull, CERT_GetDefaultCertDB(),
|
||||
(char*)aEmailAddress, PR_Now(), PR_TRUE);
|
||||
|
||||
if (certList == nsnull) {
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto loser;
|
||||
}
|
||||
|
||||
sec_rv = CERT_FilterCertListByUsage(certList, certUsageEmailRecipient, PR_FALSE);
|
||||
|
||||
if (!CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) {
|
||||
nsNSSCertificate *nssCert = new nsNSSCertificate(CERT_LIST_HEAD(certList)->cert);
|
||||
if (nssCert == nsnull) {
|
||||
rv = NS_ERROR_OUT_OF_MEMORY;
|
||||
goto loser;
|
||||
}
|
||||
NS_ADDREF(nssCert);
|
||||
*_retval = NS_STATIC_CAST(nsIX509Cert*, nssCert);
|
||||
}
|
||||
loser:
|
||||
if (certList) {
|
||||
CERT_DestroyCertList(certList);
|
||||
}
|
||||
|
||||
return rv;
|
||||
#endif
|
||||
}
|
||||
|
||||
/* nsIX509Cert constructX509FromBase64 (in string base64); */
|
||||
|
|
|
@ -40,12 +40,10 @@
|
|||
#include "nsIX509Cert.h"
|
||||
#include "nsIX509CertDB.h"
|
||||
|
||||
#ifdef NSS_3_4
|
||||
/* private NSS defines used by PSM */
|
||||
/* (must be declated before cert.h) */
|
||||
#define CERT_NewTempCertificate __CERT_NewTempCertificate
|
||||
#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm
|
||||
#endif
|
||||
|
||||
#include "prtypes.h"
|
||||
#include "cert.h"
|
||||
|
|
|
@ -79,9 +79,6 @@
|
|||
#include "ocsp.h"
|
||||
#include "cms.h"
|
||||
extern "C" {
|
||||
#ifndef NSS_3_4
|
||||
#include "pkcs11.h"
|
||||
#endif
|
||||
#include "pkcs12.h"
|
||||
#include "p12plcy.h"
|
||||
}
|
||||
|
@ -95,11 +92,7 @@ static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
|||
int nsNSSComponent::mInstanceCount = 0;
|
||||
|
||||
// XXX tmp callback for slot password
|
||||
#ifdef NSS_3_4
|
||||
extern char * PR_CALLBACK
|
||||
#else
|
||||
extern char *
|
||||
#endif
|
||||
pk11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void *arg);
|
||||
|
||||
#define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties"
|
||||
|
@ -1173,12 +1166,7 @@ static PRBool DecryptionAllowedCallback(SECAlgorithmID *algid,
|
|||
return SECMIME_DecryptionAllowed(algid, bulkkey);
|
||||
}
|
||||
|
||||
#ifdef NSS_3_4
|
||||
static void * GetPasswordKeyCallback(void *arg, void *handle)
|
||||
#else
|
||||
static SECItem * GetPasswordKeyCallback(void *arg,
|
||||
SECKEYKeyDBHandle *handle)
|
||||
#endif
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -291,12 +291,8 @@ NS_IMETHODIMP
|
|||
nsPKCS11ModuleDB::GetInternal(nsIPKCS11Module **_retval)
|
||||
{
|
||||
nsCOMPtr<nsIPKCS11Module> module =
|
||||
#ifdef NSS_3_4
|
||||
new nsPKCS11Module(SECMOD_CreateModule(NULL,SECMOD_INT_NAME,
|
||||
NULL,SECMOD_INT_FLAGS));
|
||||
#else
|
||||
new nsPKCS11Module(SECMOD_GetInternalModule());
|
||||
#endif
|
||||
if (!module)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
*_retval = module;
|
||||
|
@ -309,12 +305,8 @@ NS_IMETHODIMP
|
|||
nsPKCS11ModuleDB::GetInternalFIPS(nsIPKCS11Module **_retval)
|
||||
{
|
||||
nsCOMPtr<nsIPKCS11Module> module =
|
||||
#ifdef NSS_3_4
|
||||
new nsPKCS11Module(SECMOD_CreateModule(NULL, SECMOD_FIPS_NAME, NULL,
|
||||
SECMOD_FIPS_FLAGS));
|
||||
#else
|
||||
new nsPKCS11Module(SECMOD_GetFIPSInternal());
|
||||
#endif
|
||||
if (!module)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
*_retval = module;
|
||||
|
|
Загрузка…
Ссылка в новой задаче