зеркало из https://github.com/mozilla/gecko-dev.git
Родитель
5d642ff973
Коммит
dc7ad98e67
|
@ -22,3 +22,11 @@
|
||||||
SignedBy=Signed by %S
|
SignedBy=Signed by %S
|
||||||
CertPassPrompt=Please enter the Personal Security Password for the PSM Private Keys security device.
|
CertPassPrompt=Please enter the Personal Security Password for the PSM Private Keys security device.
|
||||||
RootCertModuleName=Builtin Roots Module
|
RootCertModuleName=Builtin Roots Module
|
||||||
|
ManufacturerID=Mozilla.org
|
||||||
|
LibraryDescription=PSM Internal Crypto Services
|
||||||
|
TokenDescription=PSM Generic Crypto Services
|
||||||
|
PrivateTokenDescription=PSM Private Keys
|
||||||
|
SlotDescription=PSM Internal Cryptographic Services Version 4.0
|
||||||
|
PrivateSlotDescription=PSM User Private Key and Certificate Services
|
||||||
|
FipsSlotDescription=PSM Internal FIPS-140-1 Cryptographic Services
|
||||||
|
FipsPrivateSlotDescription=PSM FIPS-140-1 User Private Key Services
|
||||||
|
|
|
@ -43,6 +43,9 @@
|
||||||
#include "ssl.h"
|
#include "ssl.h"
|
||||||
#include "sslproto.h"
|
#include "sslproto.h"
|
||||||
#include "secmod.h"
|
#include "secmod.h"
|
||||||
|
extern "C" {
|
||||||
|
#include "pkcs11.h"
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef PR_LOGGING
|
#ifdef PR_LOGGING
|
||||||
PRLogModuleInfo* gPIPNSSLog = nsnull;
|
PRLogModuleInfo* gPIPNSSLog = nsnull;
|
||||||
|
@ -121,6 +124,7 @@ nsNSSComponent::GetPIPNSSBundleString(const PRUnichar *name,
|
||||||
nsresult rv = mPIPNSSBundle->GetStringFromName(name, &ptrv);
|
nsresult rv = mPIPNSSBundle->GetStringFromName(name, &ptrv);
|
||||||
if (NS_SUCCEEDED(rv)) {
|
if (NS_SUCCEEDED(rv)) {
|
||||||
outString = ptrv;
|
outString = ptrv;
|
||||||
|
return NS_OK;
|
||||||
} else {
|
} else {
|
||||||
outString.SetLength(0);
|
outString.SetLength(0);
|
||||||
}
|
}
|
||||||
|
@ -128,7 +132,7 @@ nsNSSComponent::GetPIPNSSBundleString(const PRUnichar *name,
|
||||||
} else {
|
} else {
|
||||||
outString.SetLength(0);
|
outString.SetLength(0);
|
||||||
}
|
}
|
||||||
return NS_OK;
|
return NS_ERROR_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
@ -193,6 +197,87 @@ nsNSSComponent::InstallLoadableRoots()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define SHORT_PK11_STRING 33
|
||||||
|
#define LONG_PK11_STRING 65
|
||||||
|
|
||||||
|
char *
|
||||||
|
nsNSSComponent::GetPK11String(const PRUnichar *name, PRUint32 len)
|
||||||
|
{
|
||||||
|
nsresult rv;
|
||||||
|
nsString nsstr;
|
||||||
|
char *tmpstr = NULL;
|
||||||
|
char *str = NULL;
|
||||||
|
int tmplen;
|
||||||
|
str = (char *)PR_Malloc(len+1);
|
||||||
|
rv = GetPIPNSSBundleString(name, nsstr);
|
||||||
|
if (NS_FAILED(rv)) return NULL;
|
||||||
|
tmpstr = nsstr.ToNewCString();
|
||||||
|
if (!tmpstr) return NULL;
|
||||||
|
tmplen = strlen(tmpstr);
|
||||||
|
memcpy(str, tmpstr, tmplen);
|
||||||
|
memset(str + tmplen, ' ', len - tmplen);
|
||||||
|
str[len] = '\0';
|
||||||
|
PR_Free(tmpstr);
|
||||||
|
return str;
|
||||||
|
}
|
||||||
|
|
||||||
|
nsresult
|
||||||
|
nsNSSComponent::ConfigureInternalPKCS11Token()
|
||||||
|
{
|
||||||
|
char *manufacturerID = NULL;
|
||||||
|
char *libraryDescription = NULL;
|
||||||
|
char *tokenDescription = NULL;
|
||||||
|
char *privateTokenDescription = NULL;
|
||||||
|
char *slotDescription = NULL;
|
||||||
|
char *privateSlotDescription = NULL;
|
||||||
|
char *fipsSlotDescription = NULL;
|
||||||
|
char *fipsPrivateSlotDescription = NULL;
|
||||||
|
|
||||||
|
manufacturerID = GetPK11String(NS_LITERAL_STRING("ManufacturerID"),
|
||||||
|
SHORT_PK11_STRING);
|
||||||
|
if (manufacturerID == NULL) goto loser;
|
||||||
|
libraryDescription = GetPK11String(NS_LITERAL_STRING("LibraryDescription"),
|
||||||
|
SHORT_PK11_STRING);
|
||||||
|
if (libraryDescription == NULL) goto loser;
|
||||||
|
tokenDescription = GetPK11String(NS_LITERAL_STRING("TokenDescription"),
|
||||||
|
SHORT_PK11_STRING);
|
||||||
|
if (tokenDescription == NULL) goto loser;
|
||||||
|
privateTokenDescription =
|
||||||
|
GetPK11String(NS_LITERAL_STRING("PrivateTokenDescription"),
|
||||||
|
SHORT_PK11_STRING);
|
||||||
|
if (privateTokenDescription == NULL) goto loser;
|
||||||
|
slotDescription = GetPK11String(NS_LITERAL_STRING("SlotDescription"),
|
||||||
|
LONG_PK11_STRING);
|
||||||
|
if (slotDescription == NULL) goto loser;
|
||||||
|
privateSlotDescription =
|
||||||
|
GetPK11String(NS_LITERAL_STRING("PrivateSlotDescription"),
|
||||||
|
LONG_PK11_STRING);
|
||||||
|
if (privateSlotDescription == NULL) goto loser;
|
||||||
|
fipsSlotDescription = GetPK11String(NS_LITERAL_STRING("FipsSlotDescription"),
|
||||||
|
LONG_PK11_STRING);
|
||||||
|
if (fipsSlotDescription == NULL) goto loser;
|
||||||
|
fipsPrivateSlotDescription =
|
||||||
|
GetPK11String(NS_LITERAL_STRING("FipsPrivateSlotDescription"),
|
||||||
|
LONG_PK11_STRING);
|
||||||
|
if (fipsPrivateSlotDescription == NULL) goto loser;
|
||||||
|
|
||||||
|
PK11_ConfigurePKCS11(manufacturerID, libraryDescription, tokenDescription,
|
||||||
|
privateTokenDescription, slotDescription,
|
||||||
|
privateSlotDescription, fipsSlotDescription,
|
||||||
|
fipsPrivateSlotDescription, 0, 0);
|
||||||
|
return NS_OK;
|
||||||
|
loser:
|
||||||
|
PR_Free(manufacturerID);
|
||||||
|
PR_Free(libraryDescription);
|
||||||
|
PR_Free(tokenDescription);
|
||||||
|
PR_Free(privateTokenDescription);
|
||||||
|
PR_Free(slotDescription);
|
||||||
|
PR_Free(privateSlotDescription);
|
||||||
|
PR_Free(fipsSlotDescription);
|
||||||
|
PR_Free(fipsPrivateSlotDescription);
|
||||||
|
return NS_ERROR_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
nsresult
|
nsresult
|
||||||
nsNSSComponent::InitializePIPNSSBundle()
|
nsNSSComponent::InitializePIPNSSBundle()
|
||||||
{
|
{
|
||||||
|
@ -277,6 +362,7 @@ nsNSSComponent::Init()
|
||||||
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to create pipnss bundle.\n"));
|
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to create pipnss bundle.\n"));
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
ConfigureInternalPKCS11Token();
|
||||||
InstallLoadableRoots();
|
InstallLoadableRoots();
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
@ -296,11 +382,19 @@ nsNSSComponent::DisplaySecurityAdvisor()
|
||||||
return NS_ERROR_FAILURE; // not implemented
|
return NS_ERROR_FAILURE; // not implemented
|
||||||
}
|
}
|
||||||
|
|
||||||
|
typedef enum {
|
||||||
|
PSMCertificateUnknown = -1,
|
||||||
|
PSMCertificateCACert,
|
||||||
|
PSMCertificateServerCert,
|
||||||
|
PSMCertificateUserCert,
|
||||||
|
PSMCertificateEmailCert
|
||||||
|
} PSMCertificateType;
|
||||||
|
|
||||||
class CertDownloader : public nsIStreamListener
|
class CertDownloader : public nsIStreamListener
|
||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
CertDownloader() {NS_ASSERTION(PR_FALSE, "don't use this constructor."); }
|
CertDownloader() {NS_ASSERTION(PR_FALSE, "don't use this constructor."); }
|
||||||
CertDownloader(PRInt32 type);
|
CertDownloader(PSMCertificateType type);
|
||||||
virtual ~CertDownloader();
|
virtual ~CertDownloader();
|
||||||
|
|
||||||
NS_DECL_ISUPPORTS
|
NS_DECL_ISUPPORTS
|
||||||
|
@ -310,11 +404,11 @@ protected:
|
||||||
char* mByteData;
|
char* mByteData;
|
||||||
PRInt32 mBufferOffset;
|
PRInt32 mBufferOffset;
|
||||||
PRInt32 mContentLength;
|
PRInt32 mContentLength;
|
||||||
PRInt32 mType;
|
PSMCertificateType mType;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
CertDownloader::CertDownloader(PRInt32 type)
|
CertDownloader::CertDownloader(PSMCertificateType type)
|
||||||
: mByteData(nsnull),
|
: mByteData(nsnull),
|
||||||
mType(type)
|
mType(type)
|
||||||
{
|
{
|
||||||
|
@ -392,7 +486,6 @@ CertDownloader::OnStopRequest(nsIChannel* channel,
|
||||||
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsNSSComponent::HandleContent(const char * aContentType,
|
nsNSSComponent::HandleContent(const char * aContentType,
|
||||||
const char * aCommand,
|
const char * aCommand,
|
||||||
|
@ -406,20 +499,20 @@ nsNSSComponent::HandleContent(const char * aContentType,
|
||||||
nsresult rv = NS_OK;
|
nsresult rv = NS_OK;
|
||||||
if (!aChannel) return NS_ERROR_NULL_POINTER;
|
if (!aChannel) return NS_ERROR_NULL_POINTER;
|
||||||
|
|
||||||
PRUint32 type = (PRUint32) -1;
|
PSMCertificateType type;
|
||||||
|
|
||||||
if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert"))
|
if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert"))
|
||||||
type = 1; //CA cert
|
type = PSMCertificateCACert;
|
||||||
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert"))
|
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert"))
|
||||||
type = 2; //Server cert
|
type = PSMCertificateServerCert;
|
||||||
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert"))
|
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert"))
|
||||||
type = 3; //User cert
|
type = PSMCertificateUserCert;
|
||||||
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
|
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
|
||||||
type = 4; //Someone else's email cert
|
type = PSMCertificateEmailCert;
|
||||||
|
else
|
||||||
if (type != (PRUint32) -1) {
|
type = PSMCertificateUnknown;
|
||||||
// I can't directly open the passed channel cause it fails :-(
|
|
||||||
|
|
||||||
|
if (type != PSMCertificateUnknown) {
|
||||||
nsCOMPtr<nsIURI> uri;
|
nsCOMPtr<nsIURI> uri;
|
||||||
rv = aChannel->GetURI(getter_AddRefs(uri));
|
rv = aChannel->GetURI(getter_AddRefs(uri));
|
||||||
if (NS_FAILED(rv)) return rv;
|
if (NS_FAILED(rv)) return rv;
|
||||||
|
|
|
@ -97,6 +97,8 @@ private:
|
||||||
|
|
||||||
void InstallLoadableRoots();
|
void InstallLoadableRoots();
|
||||||
nsresult InitializePIPNSSBundle();
|
nsresult InitializePIPNSSBundle();
|
||||||
|
nsresult ConfigureInternalPKCS11Token();
|
||||||
|
char * GetPK11String(const PRUnichar *name, PRUint32 len);
|
||||||
|
|
||||||
nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
|
nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
|
||||||
static PRBool mNSSInitialized;
|
static PRBool mNSSInitialized;
|
||||||
|
|
Загрузка…
Ссылка в новой задаче