Initial versions of SDR. Doesn't do change/set password yet.

2001-01-30 02:47:43 +00:00 · 2001-01-30 02:47:43 +00:00 · 3b8522cde0
--- a/security/manager/ssl/src/nsSDR.cpp
+++ b/security/manager/ssl/src/nsSDR.cpp
@ -0,0 +1,266 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * The contents of this file are subject to the Netscape Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 2001 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s): 
+ *  Terry Hayes <thayes@netscape.com>
+ */
+
+#include "stdlib.h"
+#include "plstr.h"
+#include "nsMemory.h"
+#include "nsCOMPtr.h"
+#include "nsIServiceManager.h"
+
+#include "plbase64.h"
+
+#include "nsISecurityManagerComponent.h"
+#include "nsISecretDecoderRing.h"
+#include "nsSDR.h"
+
+// Import PK11_* functions
+#include "pk11func.h"
+
+// Import PK11SDR_Encrypt and PK11SDR_Decrypt
+#include "pk11sdr.h"
+
+// Standard ISupports implementation
+// NOTE: Should these be the thread-safe versions?
+NS_IMPL_ISUPPORTS2(nsSecretDecoderRing, nsISecretDecoderRing, nsISecretDecoderRingConfig)
+
+// nsSecretDecoderRing constructor
+nsSecretDecoderRing::nsSecretDecoderRing()
+{
+  // initialize superclass
+  NS_INIT_ISUPPORTS();
+
+  nsCOMPtr<nsISecurityManagerComponent> nss = do_GetService(PSM_COMPONENT_CONTRACTID);
+}
+
+// nsSecretDecoderRing destructor
+nsSecretDecoderRing::~nsSecretDecoderRing()
+{
+}
+
+/* [noscript] long encrypt (in buffer data, in long dataLen, out buffer result); */
+NS_IMETHODIMP nsSecretDecoderRing::
+Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 *_retval)
+{
+  nsresult rv = NS_OK;
+  PK11SlotInfo *slot = 0;
+  SECItem keyid;
+  SECItem request;
+  SECItem reply;
+  SECStatus s;
+
+  slot = PK11_GetInternalKeySlot();
+  if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+
+  /* Make sure token is initialized.  FIX THIS: needs UI */
+  if (PK11_NeedUserInit(slot)) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+
+  s = PK11_Authenticate(slot, PR_TRUE, 0);
+  if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
+
+  /* Use default key id */
+  keyid.data = 0;
+  keyid.len = 0;
+  request.data = data;
+  request.len = dataLen;
+  s= PK11SDR_Encrypt(&keyid, &request, &reply, 0);
+  if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
+
+  *result = reply.data;
+  *_retval = reply.len;
+
+loser:
+  if (slot) PK11_FreeSlot(slot);
+  return rv;
+}
+
+/* [noscript] long decrypt (in buffer data, in long dataLen, out buffer result); */
+NS_IMETHODIMP nsSecretDecoderRing::
+Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 *_retval)
+{
+  nsresult rv = NS_OK;
+  PK11SlotInfo *slot = 0;
+  SECStatus s;
+  SECItem request;
+  SECItem reply;
+
+  *result = 0;
+  *_retval = 0;
+
+  /* Find token with SDR key */
+  slot = PK11_GetInternalKeySlot();
+  if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+
+  /* Force authentication */
+  if (PK11_Authenticate(slot, PR_TRUE, 0) != SECSuccess)
+  {
+    rv = NS_ERROR_NOT_AVAILABLE;
+    goto loser;
+  }
+
+  request.data = data;
+  request.len = dataLen;
+  s = PK11SDR_Decrypt(&request, &reply, 0);
+  if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
+
+  *result = reply.data;
+  *_retval = reply.len;
+
+loser:
+  if (slot) PK11_FreeSlot(slot);
+  return rv;
+}
+
+/* string encryptString (in string text); */
+NS_IMETHODIMP nsSecretDecoderRing::
+EncryptString(const char *text, char **_retval)
+{
+    nsresult rv = NS_OK;
+    unsigned char *encrypted = 0;
+    PRInt32 eLen;
+
+    if (text == nsnull || _retval == nsnull) {
+        rv = NS_ERROR_INVALID_POINTER;
+        goto loser;
+    }
+
+    rv = Encrypt((unsigned char *)text, PL_strlen(text), &encrypted, &eLen);
+    if (rv != NS_OK) { goto loser; }
+
+    rv = encode(encrypted, eLen, _retval);
+
+loser:
+    if (encrypted) nsMemory::Free(encrypted);
+
+    return rv;
+}
+
+/* string decryptString (in string crypt); */
+NS_IMETHODIMP nsSecretDecoderRing::
+DecryptString(const char *crypt, char **_retval)
+{
+    nsresult rv = NS_OK;
+    char *r = 0;
+    unsigned char *decoded = 0;
+    PRInt32 decodedLen;
+    unsigned char *decrypted = 0;
+    PRInt32 decryptedLen;
+
+    if (crypt == nsnull || _retval == nsnull) {
+      rv = NS_ERROR_INVALID_POINTER;
+      goto loser;
+    }
+
+    rv = decode(crypt, &decoded, &decodedLen);
+    if (rv != NS_OK) goto loser;
+
+    rv = Decrypt(decoded, decodedLen, &decrypted, &decryptedLen);
+    if (rv != NS_OK) goto loser;
+
+    // Convert to NUL-terminated string
+    r = (char *)nsMemory::Alloc(decryptedLen+1);
+    if (!r) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
+
+    memcpy(r, decrypted, decryptedLen);
+    r[decryptedLen] = 0;
+
+    *_retval = r;
+    r = 0;
+
+loser:
+    if (r) nsMemory::Free(r);
+    if (decrypted) nsMemory::Free(decrypted);
+    if (decoded) nsMemory::Free(decoded);
+ 
+    return rv;
+}
+
+/* void changePassword(); */
+NS_IMETHODIMP nsSecretDecoderRing::
+ChangePassword()
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+#if 0
+  nsresult rv = NS_OK;
+  CMTStatus status;
+  CMT_CONTROL *control;
+
+  rv = mPSM->GetControlConnection(&control);
+  if (rv != NS_OK) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+
+  status = CMT_SDRChangePassword(control, (void*)0);
+
+loser:
+  return rv;
+#endif
+}
+
+/* void logout(); */
+NS_IMETHODIMP nsSecretDecoderRing::
+Logout()
+{
+  PK11_LogoutAll();
+  return NS_OK;
+}
+
+/* void setWindow(in nsISupports w); */
+nsresult nsSecretDecoderRing::
+SetWindow(nsISupports *w)
+{
+  return NS_OK;
+}
+
+// Support routines
+
+nsresult nsSecretDecoderRing::
+encode(const unsigned char *data, PRInt32 dataLen, char **_retval)
+{
+    nsresult rv = NS_OK;
+
+    *_retval = PL_Base64Encode((const char *)data, dataLen, NULL);
+    if (!*_retval) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
+
+loser:
+    return rv;
+}
+
+nsresult nsSecretDecoderRing::
+decode(const char *data, unsigned char **result, PRInt32 * _retval)
+{
+    nsresult rv = NS_OK;
+    PRUint32 len = PL_strlen(data);
+    int adjust = 0;
+
+    /* Compute length adjustment */
+    if (data[len-1] == '=') {
+      adjust++;
+      if (data[len-2] == '=') adjust++;
+    }
+
+    *result = (unsigned char *)PL_Base64Decode(data, len, NULL);
+    if (!*result) { rv = NS_ERROR_ILLEGAL_VALUE; goto loser; }
+
+    *_retval = (len*3)/4 - adjust;
+
+loser:
+    return rv;
+}
--- a/security/manager/ssl/src/nsSDR.h
+++ b/security/manager/ssl/src/nsSDR.h
@ -0,0 +1,73 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 2001 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Terry Hayes <thayes@netscape.com>
+ */
+
+#ifndef _NSSDR_H_
+#define _NSSDR_H_
+
+#include "nsISecretDecoderRing.h"
+
+/**
+ * NS_SDR_CONTRACTID - contract id for SDR services.
+ *   Implements nsISecretDecoderRing.
+ *   Should eventually implement an interface to set window
+ *   context and other information. (nsISecretDecoderRingConfig)
+ *
+ * NOTE: This definition should move to base code.  It
+ *   is conditionally defined here until it is moved.
+ *   Delete this after defining in the new location.
+ */
+#ifndef NS_SDR_CONTRACTID
+#define NS_SDR_CONTRACTID "@mozilla.org/security/sdr;1"
+#endif
+
+// ===============================================
+// nsSecretDecoderRing - implementation of nsISecretDecoderRing
+// ===============================================
+
+#define NS_SDR_CLASSNAME "PIPNSS Secret Decoder Ring"
+#define NS_SDR_CID \
+  { 0x0c4f1ddc, 0x1dd2, 0x11b2, { 0x9d, 0x95, 0xf2, 0xfd, 0xf1, 0x13, 0x04, 0x4b } }
+
+class nsSecretDecoderRing
+: public nsISecretDecoderRing,
+  public nsISecretDecoderRingConfig
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSISECRETDECODERRING
+  NS_DECL_NSISECRETDECODERRINGCONFIG
+
+  nsSecretDecoderRing();
+  virtual ~nsSecretDecoderRing();
+
+private:
+
+  /**
+   * encode - encodes binary into BASE64 string.
+   * decode - decode BASE64 string into binary.
+   */
+  nsresult encode(const unsigned char *data, PRInt32 dataLen, char **_retval);
+  nsresult decode(const char *data, unsigned char **result, PRInt32 * _retval);
+};
+
+#endif /* _NSSDR_H_ */