bug 180268, reimplement ssl step-up for builtins

This commit is contained in:
ian.mcgreer%sun.com 2004-05-17 20:08:38 +00:00
Родитель bf3d142f53
Коммит be72ca16c5
16 изменённых файлов: 386 добавлений и 228 удалений

Просмотреть файл

@ -37,7 +37,7 @@
/*
* Tool for converting builtin CA certs.
*
* $Id: addbuiltin.c,v 1.7 2004/04/25 15:02:38 gerv%gerv.net Exp $
* $Id: addbuiltin.c,v 1.8 2004/05/17 20:08:34 ian.mcgreer%sun.com Exp $
*/
#include "nss.h"
@ -157,6 +157,9 @@ ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust)
printf("CKA_TRUST_KEY_AGREEMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n");
printf("CKA_TRUST_KEY_CERT_SIGN CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n");
#endif
printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL %s\n",
trust->sslFlags & CERTDB_GOVT_APPROVED_CA ?
"CK_TRUE" : "CK_FALSE");
PORT_Free(sdder->data);
@ -197,7 +200,7 @@ printheader() {
"# may use your version of this file under either the MPL or the\n"
"# GPL.\n"
"#\n"
"CVS_ID \"@(#) $RCSfile: addbuiltin.c,v $ $Revision: 1.7 $ $Date: 2004/04/25 15:02:38 $ $Name: $\"\n"
"CVS_ID \"@(#) $RCSfile: addbuiltin.c,v $ $Revision: 1.8 $ $Date: 2004/05/17 20:08:34 $ $Name: $\"\n"
"\n"
"#\n"
"# certdata.txt\n"

Просмотреть файл

@ -1039,9 +1039,7 @@ static void LongUsage(char *progName)
FPS "%-25s C \t trusted CA to issue server certs (implies c)\n", "");
FPS "%-25s u \t user cert\n", "");
FPS "%-25s w \t send warning\n", "");
#ifdef DEBUG_NSSTEAM_ONLY
FPS "%-25s g \t make step-up cert\n", "");
#endif /* DEBUG_NSSTEAM_ONLY */
FPS "%-20s Specify the password file\n",
" -f pwfile");
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
@ -1591,9 +1589,7 @@ AddExtKeyUsage (void *extHandle)
fprintf(stdout, "%-25s 3 - Email Protection\n", "");
fprintf(stdout, "%-25s 4 - Timestamp\n", "");
fprintf(stdout, "%-25s 5 - OCSP Responder\n", "");
#ifdef DEBUG_NSSTEAM_ONLY
fprintf(stdout, "%-25s 6 - Step-up\n", "");
#endif /* DEBUG_NSSTEAM_ONLY */
fprintf(stdout, "%-25s Other to finish\n", "");
gets(buffer);
@ -1618,11 +1614,9 @@ AddExtKeyUsage (void *extHandle)
case 5:
rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER);
break;
#ifdef DEBUG_NSSTEAM_ONLY
case 6:
rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
break;
#endif /* DEBUG_NSSTEAM_ONLY */
default:
goto endloop;
}

Просмотреть файл

@ -2879,11 +2879,9 @@ printFlags(FILE *out, unsigned int flags, int level)
if ( flags & CERTDB_TRUSTED_CLIENT_CA ) {
SECU_Indent(out, level); fprintf(out, "Trusted Client CA\n");
}
#ifdef DEBUG
if ( flags & CERTDB_GOVT_APPROVED_CA ) {
SECU_Indent(out, level); fprintf(out, "Step-up\n");
}
#endif /* DEBUG */
}
void

Просмотреть файл

@ -37,7 +37,7 @@
/*
* Certificate handling code
*
* $Id: certdb.c,v 1.68 2004/05/11 02:43:09 jpierre%netscape.com Exp $
* $Id: certdb.c,v 1.69 2004/05/17 20:08:36 ian.mcgreer%sun.com Exp $
*/
#include "nssilock.h"
@ -2046,14 +2046,12 @@ CERT_DecodeTrustString(CERTCertTrust *trust, char *trusts)
*pflags = *pflags | CERTDB_USER;
break;
#ifdef DEBUG_NSSTEAM_ONLY
case 'i':
*pflags = *pflags | CERTDB_INVISIBLE_CA;
break;
case 'g':
*pflags = *pflags | CERTDB_GOVT_APPROVED_CA;
break;
#endif /* DEBUG_NSSTEAM_ONLY */
case ',':
if ( pflags == &trust->sslFlags ) {

Разница между файлами не показана из-за своего большого размера Загрузить разницу

Просмотреть файл

@ -30,7 +30,7 @@
# may use your version of this file under either the MPL or the
# GPL.
#
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.28 $ $Date: 2003/06/05 00:53:27 $ $Name: $"
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.29 $ $Date: 2004/05/17 20:08:36 $ $Name: $"
#
# certdata.txt
@ -83,6 +83,7 @@ CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.28 $ $Date: 2003/06/05 00:5
# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies)
# CKA_TRUST_IPSEC_USER CK_TRUST (varies)
# CKA_TRUST_TIME_STAMPING CK_TRUST (varies)
# CKA_TRUST_STEP_UP_APPROVED CK_BBOOL (varies)
# (other trust attributes can be defined)
#
@ -197,6 +198,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "GTE CyberTrust Root CA"
@ -286,6 +288,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "GTE CyberTrust Global Root"
@ -390,6 +393,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "Thawte Personal Basic CA"
@ -522,6 +526,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Thawte Personal Premium CA"
@ -657,6 +662,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Thawte Personal Freemail CA"
@ -793,6 +799,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Thawte Server CA"
@ -924,6 +931,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "Thawte Premium Server CA"
@ -1059,6 +1067,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "Equifax Secure CA"
@ -1167,6 +1176,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "ABAecom (sub., Am. Bankers Assn.) Root CA"
@ -1298,6 +1308,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "Digital Signature Trust Co. Global CA 1"
@ -1406,6 +1417,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "Digital Signature Trust Co. Global CA 3"
@ -1514,6 +1526,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "Digital Signature Trust Co. Global CA 2"
@ -1653,6 +1666,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "Digital Signature Trust Co. Global CA 4"
@ -1792,6 +1806,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "Verisign Class 1 Public Primary Certification Authority"
@ -1894,6 +1909,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Class 2 Public Primary Certification Authority"
@ -1995,6 +2011,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Class 3 Public Primary Certification Authority"
@ -2096,6 +2113,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "Verisign Class 1 Public Primary Certification Authority - G2"
@ -2228,6 +2246,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Class 2 Public Primary Certification Authority - G2"
@ -2360,6 +2379,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Class 3 Public Primary Certification Authority - G2"
@ -2492,6 +2512,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Class 4 Public Primary Certification Authority - G2"
@ -2624,6 +2645,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "GlobalSign Root CA"
@ -2740,6 +2762,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "ValiCert Class 1 VA"
@ -2865,6 +2888,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "ValiCert Class 2 VA"
@ -2990,6 +3014,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "RSA Root Certificate 1"
@ -3115,6 +3140,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
@ -3264,6 +3290,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
@ -3413,6 +3440,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
@ -3562,6 +3590,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Class 4 Public Primary Certification Authority - G3"
@ -3711,6 +3740,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
#
# Certificate "Entrust.net Secure Server CA"
@ -3870,6 +3900,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Entrust.net Secure Personal CA"
@ -4031,6 +4062,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Entrust.net Premium 2048 Secure Server CA"
@ -4179,6 +4211,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Baltimore CyberTrust Root"
@ -4397,6 +4430,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Equifax Secure eBusiness CA 1"
@ -4498,6 +4532,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Equifax Secure eBusiness CA 2"
@ -4726,6 +4761,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "beTRUSTed Root CA"
@ -4869,6 +4905,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "AddTrust Low-Value Services Root"
@ -4998,6 +5035,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "AddTrust External Root"
@ -5132,6 +5170,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "AddTrust Public Services Root"
@ -5392,6 +5431,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Class 1 Public Primary OCSP Responder"
@ -5520,6 +5560,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Class 2 Public Primary OCSP Responder"
@ -5648,6 +5689,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Class 3 Public Primary OCSP Responder"
@ -5776,6 +5818,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Secure Server OCSP Responder"
@ -5904,6 +5947,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Verisign Time Stamping Authority CA"
@ -6047,6 +6091,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Thawte Time Stamping CA"
@ -6159,6 +6204,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Entrust.net Global Secure Server CA"
@ -6311,6 +6357,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Entrust.net Global Secure Personal CA"
@ -6462,6 +6509,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "AOL Time Warner Root Certification Authority 1"
@ -6594,6 +6642,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "AOL Time Warner Root Certification Authority 2"
@ -6758,6 +6807,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "beTRUSTed Root CA-Baltimore Implementation"
@ -6908,6 +6958,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "beTRUSTed Root CA - Entrust Implementation"
@ -7073,6 +7124,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "beTRUSTed Root CA - RSA Implementation"
@ -7225,6 +7277,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "RSA Security 2048 v3"
@ -7336,6 +7389,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "RSA Security 1024 v3"
@ -7430,6 +7484,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "GeoTrust Global CA"
@ -7541,6 +7596,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "UTN-USER First-Network Applications"
@ -7689,6 +7745,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "America Online Root Certification Authority 1"
@ -7811,6 +7868,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "America Online Root Certification Authority 2"
@ -7965,6 +8023,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "Visa eCommerce Root"
@ -8089,6 +8148,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "TC TrustCenter, Germany, Class 2 CA"
@ -8221,6 +8281,7 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "TC TrustCenter, Germany, Class 3 CA"
@ -8353,3 +8414,4 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

Просмотреть файл

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.30 $ $Date: 2004/04/25 15:03:06 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.31 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
#endif /* DEBUG */
#ifndef NSSCKEPV_H
@ -543,16 +543,17 @@ nssCryptokiTrust_GetAttributes (
nssTrustLevel *serverAuth,
nssTrustLevel *clientAuth,
nssTrustLevel *codeSigning,
nssTrustLevel *emailProtection
nssTrustLevel *emailProtection,
PRBool *stepUpApproved
)
{
PRStatus status;
NSSSlot *slot;
nssSession *session;
CK_BBOOL isToken;
CK_BBOOL isToken, stepUp;
CK_TRUST saTrust, caTrust, epTrust, csTrust;
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE trust_template[6];
CK_ATTRIBUTE trust_template[7];
CK_ULONG trust_size;
/* Use the trust object to find the trust settings */
@ -562,6 +563,7 @@ nssCryptokiTrust_GetAttributes (
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust);
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust);
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust);
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_STEP_UP_APPROVED, stepUp);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, sha1_hash);
NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size);
@ -588,6 +590,7 @@ nssCryptokiTrust_GetAttributes (
*clientAuth = get_nss_trust(caTrust);
*emailProtection = get_nss_trust(epTrust);
*codeSigning = get_nss_trust(csTrust);
*stepUpApproved = stepUp;
return PR_SUCCESS;
}

Просмотреть файл

@ -44,7 +44,7 @@
*/
#ifdef DEBUG
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.34 $ $Date: 2004/04/25 15:03:06 $ $Name: $";
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.35 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
#endif /* DEBUG */
#ifndef NSSCKT_H
@ -465,6 +465,7 @@ nssToken_ImportTrust
nssTrustLevel clientAuth,
nssTrustLevel codeSigning,
nssTrustLevel emailProtection,
PRBool stepUpApproved,
PRBool asTokenObject
);
@ -759,7 +760,8 @@ nssCryptokiTrust_GetAttributes
nssTrustLevel *serverAuth,
nssTrustLevel *clientAuth,
nssTrustLevel *codeSigning,
nssTrustLevel *emailProtection
nssTrustLevel *emailProtection,
PRBool *stepUpApproved
);
NSS_EXTERN PRStatus

Просмотреть файл

@ -38,7 +38,7 @@
#define DEVT_H
#ifdef DEBUG
static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.20 $ $Date: 2004/04/25 15:03:06 $ $Name: $";
static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.21 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
#endif /* DEBUG */
/*
@ -148,10 +148,6 @@ typedef enum {
NSSCertificateType_PKIX = 1
} NSSCertificateType;
#ifdef nodef
/* the current definition of NSSTrust depends on this value being CK_ULONG */
typedef CK_ULONG nssTrustLevel;
#else
typedef enum {
nssTrustLevel_Unknown = 0,
nssTrustLevel_NotTrusted = 1,
@ -160,7 +156,6 @@ typedef enum {
nssTrustLevel_Valid = 4,
nssTrustLevel_ValidDelegator = 5
} nssTrustLevel;
#endif
typedef struct nssCryptokiInstanceStr nssCryptokiInstance;

Просмотреть файл

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.37 $ $Date: 2004/04/25 15:03:06 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.38 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
#endif /* DEBUG */
#ifndef NSSCKEPV_H
@ -1163,6 +1163,7 @@ nssToken_ImportTrust (
nssTrustLevel clientAuth,
nssTrustLevel codeSigning,
nssTrustLevel emailProtection,
PRBool stepUpApproved,
PRBool asTokenObject
)
{
@ -1170,7 +1171,7 @@ nssToken_ImportTrust (
CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST;
CK_TRUST ckSA, ckCA, ckCS, ckEP;
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE trust_tmpl[10];
CK_ATTRIBUTE trust_tmpl[11];
CK_ULONG tsize;
PRUint8 sha1[20]; /* this is cheating... */
PRUint8 md5[16];
@ -1199,6 +1200,13 @@ nssToken_ImportTrust (
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, ckCA);
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, ckCS);
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, ckEP);
if (stepUpApproved) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
&g_ck_true);
} else {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
&g_ck_false);
}
NSS_CK_TEMPLATE_FINISH(trust_tmpl, attr, tsize);
/* import the trust object onto the token */
object = import_object(tok, sessionOpt, trust_tmpl, tsize);

Просмотреть файл

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.51 $ $Date: 2004/04/25 15:03:14 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.52 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
#endif /* DEBUG */
#ifndef NSSPKI_H
@ -1030,6 +1030,8 @@ nssTrust_Create (
nssCryptokiObject *instance;
nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection;
SECStatus rv; /* Should be stan flavor */
PRBool stepUp;
lastTrustOrder = 1<<16; /* just make it big */
PR_ASSERT(object->instances != NULL && object->numInstances > 0);
rvt = nss_ZNEW(object->arena, NSSTrust);
@ -1055,7 +1057,8 @@ nssTrust_Create (
&serverAuth,
&clientAuth,
&codeSigning,
&emailProtection);
&emailProtection,
&stepUp);
if (status != PR_SUCCESS) {
PZ_Unlock(object->lock);
return (NSSTrust *)NULL;
@ -1084,6 +1087,7 @@ nssTrust_Create (
{
rvt->codeSigning = codeSigning;
}
rvt->stepUpApproved = stepUp;
lastTrustOrder = myTrustOrder;
}
PZ_Unlock(object->lock);

Просмотреть файл

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.80 $ $Date: 2004/04/25 15:03:14 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.81 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
#endif /* DEBUG */
/*
@ -541,6 +541,10 @@ cert_trust_from_stan_trust(NSSTrust *t, PRArenaPool *arena)
rvTrust->sslFlags |= client;
rvTrust->emailFlags = get_nss3trust_from_nss4trust(t->emailProtection);
rvTrust->objectSigningFlags = get_nss3trust_from_nss4trust(t->codeSigning);
/* The cert is a valid step-up cert (in addition to/lieu of trust above */
if (t->stepUpApproved) {
rvTrust->sslFlags |= CERTDB_GOVT_APPROVED_CA;
}
return rvTrust;
}
@ -976,6 +980,8 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
nssTrust->clientAuth = get_stan_trust(trust->sslFlags, PR_TRUE);
nssTrust->emailProtection = get_stan_trust(trust->emailFlags, PR_FALSE);
nssTrust->codeSigning = get_stan_trust(trust->objectSigningFlags, PR_FALSE);
nssTrust->stepUpApproved =
(PRBool)(trust->sslFlags & CERTDB_GOVT_APPROVED_CA);
if (c->object.cryptoContext != NULL) {
/* The cert is in a context, set the trust there */
NSSCryptoContext *cc = c->object.cryptoContext;
@ -1039,7 +1045,8 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
nssTrust->serverAuth,
nssTrust->clientAuth,
nssTrust->codeSigning,
nssTrust->emailProtection, PR_TRUE);
nssTrust->emailProtection,
nssTrust->stepUpApproved, PR_TRUE);
/* If the selected token can't handle trust, dump the trust on
* the internal token */
if (!newInstance && !PK11_IsInternal(tok->pk11slot)) {
@ -1069,7 +1076,8 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
nssTrust->serverAuth,
nssTrust->clientAuth,
nssTrust->codeSigning,
nssTrust->emailProtection, PR_TRUE);
nssTrust->emailProtection,
nssTrust->stepUpApproved, PR_TRUE);
}
if (newInstance) {
nssCryptokiObject_Destroy(newInstance);

Просмотреть файл

@ -38,7 +38,7 @@
#define PKIT_H
#ifdef DEBUG
static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.14 $ $Date: 2004/04/25 15:03:14 $ $Name: $";
static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.15 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
#endif /* DEBUG */
/*
@ -133,6 +133,7 @@ struct NSSTrustStr
nssTrustLevel clientAuth;
nssTrustLevel emailProtection;
nssTrustLevel codeSigning;
PRBool stepUpApproved;
};
struct nssSMIMEProfileStr

Просмотреть файл

@ -788,6 +788,7 @@ pk11_handleTrustObject(PK11Session *session,PK11Object *object)
CK_TRUST clientTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
CK_TRUST emailTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
CK_TRUST signTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
CK_BBOOL stepUp;
NSSLOWCERTCertTrust dbTrust = { 0 };
SECStatus rv;
@ -844,6 +845,14 @@ pk11_handleTrustObject(PK11Session *session,PK11Object *object)
}
pk11_FreeAttribute(trust);
}
stepUp = CK_FALSE;
trust = pk11_FindAttribute(object,CKA_TRUST_STEP_UP_APPROVED);
if (trust) {
if (trust->attrib.ulValueLen == sizeof(CK_BBOOL)) {
stepUp = *(CK_BBOOL*)trust->attrib.pValue;
}
pk11_FreeAttribute(trust);
}
/* preserve certain old fields */
if (cert->trust) {
@ -859,6 +868,9 @@ pk11_handleTrustObject(PK11Session *session,PK11Object *object)
dbTrust.sslFlags |= pk11_MapTrust(clientTrust,PR_TRUE);
dbTrust.emailFlags |= pk11_MapTrust(emailTrust,PR_FALSE);
dbTrust.objectSigningFlags |= pk11_MapTrust(signTrust,PR_FALSE);
if (stepUp) {
dbTrust.sslFlags |= CERTDB_GOVT_APPROVED_CA;
}
rv = nsslowcert_ChangeCertTrust(slot->certDB,cert,&dbTrust);
object->handle=pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_TRUST);

Просмотреть файл

@ -39,7 +39,7 @@
#define _PKCS11N_H_
#ifdef DEBUG
static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.9 $ $Date: 2004/04/25 15:03:16 $ $Name: $";
static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.10 $ $Date: 2004/05/17 20:08:38 $ $Name: $";
#endif /* DEBUG */
/*
@ -134,6 +134,8 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.9 $
#define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13)
#define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14)
#define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15)
#define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16)
#define CKA_CERT_SHA1_HASH (CKA_TRUST + 100)
#define CKA_CERT_MD5_HASH (CKA_TRUST + 101)

Просмотреть файл

@ -1065,6 +1065,7 @@ pk11_FindTrustAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type)
case CKA_TRUST_SERVER_AUTH:
case CKA_TRUST_EMAIL_PROTECTION:
case CKA_TRUST_CODE_SIGNING:
case CKA_TRUST_STEP_UP_APPROVED:
break;
default:
return NULL;
@ -1112,6 +1113,12 @@ trust:
return (PK11Attribute *)&pk11_StaticValidPeerAttr;
}
return (PK11Attribute *)&pk11_StaticMustVerifyAttr;
case CKA_TRUST_STEP_UP_APPROVED:
if (trust->trust->sslFlags & CERTDB_GOVT_APPROVED_CA) {
return (PK11Attribute *)&pk11_StaticTrueAttr;
} else {
return (PK11Attribute *)&pk11_StaticFalseAttr;
}
default:
break;
}