From 737d4485cddece0bdf48b044f8dfa8842677401d Mon Sep 17 00:00:00 2001 From: "javi%netscape.com" Date: Tue, 6 Feb 2001 23:59:42 +0000 Subject: [PATCH] Patch from Javier Pedemonte from IBM to get PSM building on OS/2 Fix for Bug 62856 --- security/psm/Makefile.in | 25 +- security/psm/lib/client/cmtcmn.h | 2276 ---------------------------- security/psm/lib/client/cmtinit.c | 490 ------ security/psm/lib/client/cmtpkcs7.c | 664 -------- security/psm/lib/client/cmtutils.c | 648 -------- security/psm/server/Makefile | 66 +- security/psm/server/main.cpp | 51 - security/psm/server/p12res.c | 1025 ------------- 8 files changed, 72 insertions(+), 5173 deletions(-) diff --git a/security/psm/Makefile.in b/security/psm/Makefile.in index 0c3ae4a5b0a..fb5645d15f1 100644 --- a/security/psm/Makefile.in +++ b/security/psm/Makefile.in @@ -34,7 +34,11 @@ else include $(CORE_DEPTH)/coreconf/$(OS_CONFIG).mk endif include $(CORE_DEPTH)/coreconf/prefix.mk +ifeq ($(OS_ARCH),OS2) +CPU_TAG = _$(CC) +else CPU_TAG = _$(CPU_ARCH) +endif LOADABLE_ROOT_MODULE = $(DLL_PREFIX)nssckbi$(DLL_SUFFIX) CORECONF_OBJDIR=$(OBJDIR_NAME) @@ -85,9 +89,28 @@ endif cd $(MOZ_BUILD_ROOT)/security/nss/lib; $(MAKE) $(DEFAULT_GMAKE_FLAGS) cd $(MOZ_BUILD_ROOT)/security/psm/ui; $(MAKE) $(DEFAULT_GMAKE_FLAGS) cd $(MOZ_BUILD_ROOT)/security/psm/server; $(MAKE) $(DEFAULT_GMAKE_FLAGS) - $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psm $(DIST)/bin/ + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psm$(PROG_SUFFIX) $(DIST)/bin +ifeq ($(OS_ARCH),OS2) + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/doc/04digsgn.gif $(DIST)/bin/psmdata/doc + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/doc/06pcrypt.gif $(DIST)/bin/psmdata/doc + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/doc/bannerrn.gif $(DIST)/bin/psmdata/doc + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/doc/cartbanner.gif $(DIST)/bin/psmdata/doc + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/doc/cmcjavascriptapi.html $(DIST)/bin/psmdata/doc + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/doc/contents.htm $(DIST)/bin/psmdata/doc + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/doc/glossary.htm $(DIST)/bin/psmdata/doc + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/doc/help.htm $(DIST)/bin/psmdata/doc + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/doc/next.gif $(DIST)/bin/psmdata/doc + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/doc/prev.gif $(DIST)/bin/psmdata/doc + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/doc/psmtest.html $(DIST)/bin/psmdata/doc + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/doc/release_notes.html $(DIST)/bin/psmdata/doc + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/ui/psm_bin.properties $(DIST)/bin/psmdata/ui + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/ui/psm_doc.properties $(DIST)/bin/psmdata/ui + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/ui/psm_text.properties $(DIST)/bin/psmdata/ui + $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata/ui/psm_ui.properties $(DIST)/bin/psmdata/ui +else $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata $(DIST)/bin $(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/start-psm $(DIST)/bin +endif $(INSTALL) -m 755 $(CORECONF_INSTALL)/lib/$(LOADABLE_ROOT_MODULE) $(DIST)/bin clean clobber clobber_all realclean distclean:: diff --git a/security/psm/lib/client/cmtcmn.h b/security/psm/lib/client/cmtcmn.h index b2eed64dd6b..e69de29bb2d 100644 --- a/security/psm/lib/client/cmtcmn.h +++ b/security/psm/lib/client/cmtcmn.h @@ -1,2276 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#ifndef __CMTCMN_H__ -#define __CMTCMN_H__ - -/* -** Macro shorthands for conditional C++ extern block delimiters. -*/ -#ifdef __cplusplus -#define CMT_BEGIN_EXTERN_C extern "C" { -#define CMT_END_EXTERN_C } -#else -#define CMT_BEGIN_EXTERN_C -#define CMT_END_EXTERN_C -#endif - - -#include -#include "ssmdefs.h" - -#ifdef WIN32 -#include -#include -#else -#ifndef macintosh -#include -#include -#include -#include -#ifndef XP_OS2_VACPP -#include -#endif /* vacpp */ -#endif -#endif -#include "cmtclist.h" - -typedef void (*void_fun) (void); - -#ifdef XP_OS2_VACPP /* OS/2 Visual Age */ -typedef void (*_Optlink CMTP7ContentCallback)(void *arg, const char *buf, - unsigned long len); -#else -typedef void (* CMTP7ContentCallback)(void *arg, const char *buf, - unsigned long len); -#endif - -typedef struct _CMTPrivate CMTPrivate; -typedef void (*CMTReclaimFunc)(CMTPrivate *priv); -struct _CMTPrivate { - CMTReclaimFunc dest; - /* void (* dest)(CMTPrivate *priv); */ -}; - -/* - * The version supported by the protocol library. - * Pass this version to CMT_Hello. - */ -#define PROTOCOL_VERSION SSM_PROTOCOL_VERSION - -/* - * Socket Abstraction layer. - */ - -typedef void* CMTSocket; - -/* - * This function should return a handle to an internet-streaming TCP socket. - * For UNIX, need a UNIX socket for hello message. - * - * If parameter is 1, then we want UNIX socket. Otherwise INET socket. - */ -typedef CMTSocket (*CMT_GET_SOCKET)(int); - -/* - * All connections will be on the same machine. Below is the port number - * to connect to. - * If using a UNIX domain socket, then use path as the path to connect to. - */ -typedef CMTStatus (*CMT_CONNECT)(CMTSocket sock, short port, char* path); - -/* - * Will call this function to verify that UNIX domain sockets are - * held by correct user. If the socket is not, then the socket is - * closed. - */ - -typedef CMTStatus (*CMT_VERIFY_UNIX)(CMTSocket sock); - -/* - * Use this function to send data across the socket - */ -typedef CMInt32 (*CMT_SEND)(CMTSocket sock, void* buffer, size_t length); - -/* - * Use this function to select a socket. If poll is non-zero, then - * just poll the socket to see if there is any data waiting to be read. - * Otherwise block until there is data waiting to be read. Select any - * of the sockets in the array and return the selected socket. - */ -typedef CMTSocket (*CMT_SELECT)(CMTSocket *sock, int numSocks, int poll); - -/* - * Use this function to receive data from a socket. Function should - * return number of bytes actually read. Return -1 in case of error. - */ -typedef CMInt32 (*CMT_RECEIVE)(CMTSocket sock, void *buffer, size_t bufSize); - -/* - * Use this function to shutdown writing to the socket. - */ -typedef CMTStatus (*CMT_SHUTDOWN)(CMTSocket sock); - -/* - * Prototype for function to close down the socket permanently. - */ -typedef CMTStatus (*CMT_CLOSE)(CMTSocket sock); - - -/* - * This structure should be passed at initialization time. - */ -typedef struct CMT_SocketFuncsStr { - CMT_GET_SOCKET socket; - CMT_CONNECT connect; - CMT_VERIFY_UNIX verify; - CMT_SEND send; - CMT_SELECT select; - CMT_RECEIVE recv; - CMT_SHUTDOWN shutdown; - CMT_CLOSE close; -} CMT_SocketFuncs; - -/* mutex abstraction */ -typedef void * CMTMutexPointer; -typedef void (*CMTMutexFunction)(CMTMutexPointer); - -typedef struct _CMT_MUTEX { - CMTMutexPointer mutex; - CMTMutexFunction lock; - CMTMutexFunction unlock; -} CMT_MUTEX; - -#define CMT_LOCK(_m) if (_m) _m->lock(_m->mutex) -#define CMT_UNLOCK(_m) if (_m) _m->unlock(_m->mutex) - -/* session info */ -typedef struct _CMT_DATA { - CMTSocket sock; - CMUint32 connectionID; - CMTPrivate *priv; - struct _CMT_DATA * next; - struct _CMT_DATA * previous; -} CMT_DATA, *PCMT_DATA; - -/* event info */ -typedef struct _CMT_EVENT { - CMUint32 type; - CMUint32 resourceID; - void_fun handler; - void *data; - struct _CMT_EVENT * next; - struct _CMT_EVENT * previous; -} CMT_EVENT, *PCMT_EVENT; - -/* - * Type defines for callbacks that are set in the CMT library. - */ - -/* - * FUNCTION TYPE: promptCallback_fn - * ----------------------------------- - * INPUTS - * arg - * This is an opaque pointer that is provided to the library - * when the callback is registered. The library merely passes - * it to the callback so the application can properly handle - * the password prompt. - * clientContext - * This is the client context pointer that is set the client. - * prompt - * The text to display to the user when prompting for a password. - * isPasswd - * If this value is non-zero, then this is prompt is for a password - * request and the text typed in by the user should not be echoed - * to the screen. Meaning the text should be masked as asterisks - * or nothing should be displayed on the screen as the user types - * input. If the value is zero, then the function should echo - * the user's input to the screen. - * - * NOTES: - * This defines the type of function used for prompting the user for a - * typed input. The application is free to use that arg parameter as - * it sees fit. The apllication provides the parameter when registering - * the callback so the application will know what type of data the pointer - * represents. The application should display the text passed via the - * prompt parameter. Then read the input typed by the user and return that - * value. If isPasswd is non-zero, then the function should not echo - * the user's input. - * - * RETURN: - * This function should return the user's input or NULL if the user canceled - * the operation or some other error occurred. - */ -typedef char * (*promptCallback_fn)(void *arg, char *prompt, - void* clientContext, int isPasswd); - -/* - * FUNCTION TYPE: applicationFreeCallback_fn - * ------------------------------------ - * INPUTS - * userInput - * A string returned by callback of the type promptCallback_fn that - * the application has implemented. - * NOTES: - * This function is used to free the string returned by the callback of - * type promptCallback_fn or filePathPromptCallback_fn. - * After calling the apllication provided function of type promptCallback_fn, - * the library will process the data and then - * call the application provided function of type applicationFreeCallback_fn - * so that the memory can be discarded of correctly. - * - * RETURN - * This function has no return value. - */ -typedef void (*applicationFreeCallback_fn)(char *userInput); - -/* - * FUNCTION TYPE: filePathPromptCallback_fn - * ---------------------------------------- - * INPUTS - * arg - * This is an opaque pointer that is provided to the library - * when the callback is registered. The library merely passes - * it to the callback so the application can properly handle - * the password prompt. - * prompt - * The text to display to the user when prompting for a file. - * fileRegEx - * This is the regular expression the selected file should - * satisfy. These will tend to be of the form *. - * shouldFileExist - * A flag indicating wheter or not the file selected by the user - * should already exist on disk. - * NOTES: - * This type defines the prototype for a function used to prompt the user - * for a file. When the psm server needs to request the path to a file, - * ie when doing PKCS-12 restore or backup, it will send an event and - * this a function of this type will ultimately be called. The implementation - * should display the text from the parameter prompt to the user. The - * fileRegEx is intended as a guide for the types of file the user - * should select. The application does not have to enforce choosing a file - * that matches the regular expression, but is encouraged to relay the - * extension type to the user. If shouldFileExist is a non-zero value, - * then the file selected by the user must already exist on disk. If - * shouldFileExist has a value of zero, then the psm server will create - * a file living at the path returned--overwriting any pre-existing files - * or creating a new file if no file with the returned path exists. - * - * RETURN - * The function should return a full path to the file the user has selected. - * The returned string will be passed to the callback of type - * applicationFreeCallback_fn after the path is no longer needed. - */ -typedef char * (*filePathPromptCallback_fn)(void *arg, - char *prompt, - char *fileRegEx, - CMUint32 shouldFileExist); - -/* - * FUNCTION TYPE: uiHandlerCallback_fn - * ----------------------------------- - * INPUTS - * resourceID - * The ID of the resource that generated the UI event. - * context - * A pointer that was originally created by a call to - * uiHandlerCallback_fn. When non-NULL, this value - * be used as a map to a previously created window which - * should be the parent of whatever window is created by - * the current call. - * width - * The width of the new window created. - * height - * The height of the new window created. - * url - * The URL to load in the new window. - * data - * An opaque pointer that was passed in when registering your - * UI handler via CMT_SetUIHandler. the application should - * use the pointer to help it bring up new windows. - * - * NOTES - * This defines the signature of a function called whenever a UI event occurs. - * resourceID is the handle of the resource that sent the UI event and - * context is a pointer returned by a previous call the uiHandlerCallback_fn - * registered with the control connection. If non-NULL, context should be - * used as the parent window for the window the function creates. The - * function should then create an http window of size width x height that can - * handle Basic-auth URL's and the psm server will send the data to the newly - * created window. - * - * RETURN - * The function should return some pointer that is associated with the - * window just created so that a future call to this event handler can - * reference a window that was previously created. - */ -typedef void* (*uiHandlerCallback_fn)(CMUint32 resourceID, void* context, - CMUint32 width, CMUint32 height, CMBool isModal, - char* url, void* data); - -/* - * These #defines are to be used to fill in the type field for the - * CMTSetPrefElement structure. - */ -#define CMT_PREF_STRING 0 -#define CMT_PREF_BOOL 1 -#define CMT_PREF_INT 2 - -/* structs to pack each preference item to pass between the psm server and - * the plugin - */ -typedef struct _CMTSetPrefElement { - char* key; - char* value; - CMInt32 type; -} CMTSetPrefElement; - -typedef struct _CMTGetPrefElement { - char* key; - CMInt32 type; -} CMTGetPrefElement; - -/* - * FUNCTION TYPE: savePrefsCallback_fn - * ----------------------------------- - * INPUTS - * number - * The number of pref items to save. - * list - * The list of pref items delivered from the PSM server. - * - * NOTES - * This defines the prototype for a function callback used for saving pref - * changes passed from the PSM server. Each preference item has a type - * (string, boolean, or integer) so that the value string may be converted - * appropriately according to type. The callback is not responsible for - * freeing pref elements (keys and values). - * - * RETURN - * None. - */ -typedef void (*savePrefsCallback_fn)(int number, CMTSetPrefElement* list); - -typedef struct CMT_UserCallbacks { - filePathPromptCallback_fn promptFilePath; - void *filePromptArg; - promptCallback_fn promptCallback; - void *promptArg; - applicationFreeCallback_fn userFree; - savePrefsCallback_fn savePrefs; -} CMT_UserCallbacks; - -#define RNG_OUT_BUFFER_LEN 4096 -#define RNG_IN_BUFFER_LEN 4096 - -typedef struct CMT_RNGState -{ - char *outBuf; /* Outgoing random data cache */ - CMUint32 validOutBytes; /* #bytes of random data to PSM */ - char *out_cur; /* Next CMT_RandomUpdate writes - data here. */ - char *out_end; /* End of buffer */ - - char *inBuf; /* Incoming random data cache */ - CMUint32 validInBytes; /* #bytes of random data from PSM */ - char *in_cur; /* Next CMT_GenerateRandomBytes reads - from here. */ - -} CMT_RNGState; - -typedef struct _CMT_CONTROL { - CMTSocket sock; - CMUint32 sessionID; - CMUint32 protocolVersion; - CMUint32 port; - CMTItem nonce; - PCMT_DATA cmtDataConnections; - PCMT_EVENT cmtEventHandlers; - CMUint32 policy; - CMInt32 refCount; - CMT_MUTEX* mutex; - char *serverStringVersion; - CMT_SocketFuncs sockFuncs; - CMT_UserCallbacks userFuncs; - CMT_RNGState rng; -} CMT_CONTROL, *PCMT_CONTROL; - -/* Cert list structure */ -typedef struct _CMT_CERT_LIST { - CMTCList certs; - CMInt32 count; -} CMT_CERT_LIST; - -typedef struct _CMT_CERT_LIST_ELEMENT { - CMTCList links; - CMUint32 certResID; -} CMT_CERT_LIST_ELEMENT; - -/* information required to pack the security advisor request */ -typedef struct _CMTSecurityAdvisorData { - CMInt32 infoContext; - CMUint32 resID; - char *hostname; - char *senderAddr; - CMUint32 encryptedP7CInfo; - CMUint32 signedP7CInfo; - CMInt32 decodeError; - CMInt32 verifyError; - CMBool encryptthis; - CMBool signthis; - int numRecipients; - char **recipients; -} CMTSecurityAdvisorData; - -CMT_BEGIN_EXTERN_C - -/* - * FUNCTION: CMT_ReferenceControlConnection - * ---------------------------------------- - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * NOTES: - * This function bumps up the reference count on the control connection - * Each thread that has a pointer to the control connection should get - * its own reference on the control connection to avoid having another thread - * free up the memory associated with the control connection. - * - * RETURN: - * A return value of CMTSuccess indicates the reference count of the - * control connection was successfully achieved. Any other return value - * indicates an error. - */ -CMTStatus CMT_ReferenceControlConnection(PCMT_CONTROL control); - -/* - * FUNCTION: CMT_EstablishControlConnection - * ---------------------------------------- - * INPUTS - * path - * The full path to the psm server. (Including the psm executable.) - * sockFuncs - * A structure containing pointers to functions that implement - * socket functions using the applications I/O model. These - * functions will be used by the cmt library to communicate - * with the psm server. - * mutex - * A structure containig a pointer to a mutex defined by the - * implementation. - * NOTES: - * This function will establish a control connection to a psm server. - * First the function will attempt to connect to a psm server that - * is already running by calling CMT_ControlConnect. If that function - * call succeeds, then the function will return an established control - * connection to a psm process that is already running. If - * CMT_ControlConnect fails, then this function will launch the psm server - * that resides in the directory passed in by path and establish a control - * connection to it. Read comments on the CMT_MUTEX structure for proper - * semantics of the lock and un-lock functions. If you pass in NULL for - * the mutex parameter, access to the control connection will not be - * thread safe. If the application using this library is multi-threaded, - * then it is highly recommended that the application provide a locking - * mutex to this function. Before performing any other actions, the - * applicatin must call CMT_Hello to send the psm server a hello message - * which will fully establish a port for communication between the psm server - * and the application. - * - * The application may choose to launch the psm server itself and then - * just call CMT_ControlConnect, but when doing so the application must - * launch the psm executable with the directory psm lives in as the working - * directory when launching the psm server. - * - * RETURN - * This function will return a pointer to an established control connection - * with the psm server upon successful connection. If the return value - * is NULL, that means the function was not able to establish a connection - * to the process created by invoking the parameter "path". Make sure - * the path is correct. Another common reason for failure is not initializing - * the network libraries. - */ -PCMT_CONTROL CMT_EstablishControlConnection(char *path, - CMT_SocketFuncs *sockFuncs, - CMT_MUTEX *mutex); - -/* - * FUNCTION: CMT_ControlConnect - * ---------------------------- - * INPUTS: - * mutex - * A structure containig a pointer to a mutex defined by the - * implementation. - * sockFuncs - * A structure containing pointers to functions that implement - * socket functions using the applications I/O model - * NOTES - * This function tries to connect to the psm server establishing a - * control connection between an already running psm server and the client - * library. - * - * The mutex should contain an application defined mutex and corresponding - * functions for locking and unlocking the mutex. Read comments on the - * CMT_MUTEX structure for the proper semantics of the lock and un-lock - * functions. If you pass in NULL for the mutex parameter, access to the - * control connection will not be thread safe. If the application using this - * library is multi-threaded, then it is highly recommended that - * the application provid a locking mutex to this function. Before - * performing any other actions, the application must call CMT_Hello - * to send the psm server a hello message which will fully establish - * a port for communication between the psm server and the application. - * - * RETURN - * This function will return a pointer to an established control connection - * with the psm server upon successful connection. If the return value is - * NULL, that means the psm server is not running and that the application - * must start the psm server before calling this function again. - */ -PCMT_CONTROL CMT_ControlConnect(CMT_MUTEX* mutex, CMT_SocketFuncs *sockFuncs); - -/* - * FUNCTION: CMT_CloseControlConnection - * ------------------------------------ - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * NOTES: - * This function closes down the control connection and frees the memory - * associated with the passed in control connection. - * - * RETURN - * A return value of CMTSuccess indicates successful destruction of the - * control connection. Any other return value indicates an error and the - * state of the connection betwenn the library and the psm server is - * undefined. - */ -CMTStatus CMT_CloseControlConnection(PCMT_CONTROL control); - -/* - * FUNCTION: CMT_Hello - * ------------------ - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * data - * Data needed for the Hello message. It has following subfields. - * version - * The version of the psm protocol. For this release, the version - * should always be 1. - * profile - * << This value is currently not used by PSM, but passing in a >> - * << proper profile name is recommended for consistency. >> - * The Communicator profile to use when initializing the crypto engine - * in the psm server. If Communicator doesn't support profiles on - * the platform you are running on, pass in the empty string for - * this parameter. - * profileDir - * The full absolute path to the profile directory that corresponds - * to the profile. If the application wants to use a default profile, - * an empty string is passed. - * NOTES: - * This function sends a hello message to the psm server which establishes - * the nonce for communication between the application and the psm server - * and initializes the crypto engine on the psm server. After calling this - * function, the applicatior can successfully call any other function that - * talks to the psm server. - * - * RETURN - * A return value of CMTSuccess indicates the hello message was received and - * correctly processed by the psm server. Any other return value indicates - * a connection to the psm server was not established. - */ -CMTStatus CMT_Hello(PCMT_CONTROL control, CMUint32 version, char* profile, - char* profileDir); - - -/* - * FUNCTION: CMT_PassAllPrefs - * -------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * num - * Number of items that are passed to the psm server. - * list - * The list of actual preference items. - * - key: string for the preference key. - * - value: string for the preference value. - * - type: preference type (0: string, 1: boolean, 2: integer). - * NOTES: - * This function passes in all necessary preferences the psm server uses, - * including necessary application-specific preferences. This function must - * be called after CMT_Hello() returns and before any crypto operations - * to ensure a correct behavior. Here is a description of some important - * preference items. - * - * - KEY VALUE TYPE - * (DESCRIPTION) - * -------------------------------------------------------------------------- - * - "security.enable_ssl2" "true" | "false" boolean - * (whether to enable SSL2 cipher families) - * - "security.enable_ssl3" "true" | "false" boolean - * (whether to enable SSL3 cipher families) - * - "security.default_personal_cert" "Select Automatically" | - * "Ask Every Time" string - * (whether to select automatically a personal certificate for client - * authentication) - * - "security.default_mail_cert" [certificate's nickname] | NULL string - * (default certificate to be used for signing email messages) - * - "security.ask_for_password" "0" | "1" | "2" integer - * (mode for prompting the user for the certificate store password: - * 0: ask for password initially and password does not expire, - * 1: always ask for password, - * 2: ask for password initially and stay logged on until the password - * expires) - * - "security.password_lifetime" [number of minutes] integer - * (number of minutes for password expiration: used only if - * ask_for_password == 2) - * - * One can add more application-specific items to the list. - * - * RETURN - * A return value of CMTSuccess indicates successful transmission of the - * preference values. Any other return value indicates an error. - */ -CMTStatus CMT_PassAllPrefs(PCMT_CONTROL control, int num, - CMTSetPrefElement* list); - -/* - * FUNCTION: CMT_GetServerStringVersion - * ------------------------------------ - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * - * NOTES: - * This function returns the string representing the version of the psm - * server that was sent as part of the hello reply. This string originated - * in the psm server. - * - * RETURN - * A string. A NULL return value indicates an error. The user must not free - * this memory since it is memory owned by the control connection. - */ -char* CMT_GetServerStringVersion(PCMT_CONTROL control); - -/* SSL functions */ -/* - * FUNCTION: CMT_OpenSSLConnection - * ------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * sock - * The file descriptor of the socket to use for feeding the data - * back to the application. - * requestType - * The type of SSL connection to establish. View ssmdefs.h for - * the possible Connection types to pass in. - * port - * The port which the psm server should connect to. - * hostIP - * The IP address of the server with which to establish an SSL - * connection. - * hostName - * The host name of the site to connect to. - * forceHandshake - * Indicates whether forced handshakes are required. Should be CM_TRUE - * for protocols in which the server initiates the data transfer - * (e.g. IMAP over SSL or NNTP over SSL). Otherwise, always set to - * CM_FALSE. - * clientContext - * Client supplied data pointer that is returned to the client during UI. - * NOTES: - * This function sends a message to the psm server requesting an SSL connection - * be established. The parameter "sock" is a file descriptor to use for - * reading the decrypted data the psm server has fetched. Afte all of the - * contents have been read from the socket, the application should call - * CMT_DestroyDataConnection passing in the 2 parameters "control" and - * "sock" that were passed into this function. - * - * Each SSL connection has a socket status variable associated with it. The - * ssl data connection structure on the PSM server will exist, ie the memory - * associated with it will not be freed, until the application tells the - * PSM server what to do with socket status structure. The application - * should call either CMT_ReleaseSSLSocketStatus or CMT_GetSSLSocketStatus - * (but never both) so that the memory associated with the ssl connection - * can be disposed of properly. - * - * RETURN - * A return value of CMTSuccess indicates the psm server has established an - * SSL connection with the site passed in. Any other return value indicates - * an error setting up the connection and the application should not try - * to read any data from the socket "sock" passed in. - */ -CMTStatus CMT_OpenSSLConnection(PCMT_CONTROL control, CMTSocket sock, - SSMSSLConnectionRequestType requestType, - CMUint32 port, char * hostIP, - char * hostName, CMBool forceHandshake, void* clientContext); - -CMTStatus CMT_GetSSLDataErrorCode(PCMT_CONTROL control, CMTSocket sock, - CMInt32* errorCode); - -/* - * FUNCTION: CMT_GetSSLSocketStatus - * -------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * sock - * The socket which was passed into CMT_OpenSSLConnection as the file - * descriptor for the application to read data from. - * pickledStatus - * On return, filled with data blob that contains pickled socket - * status. - * level - * On return, filled with the security level indicator. - * NOTES - * This function requests socket status information that is relevant to the - * client. - * - * RETURN - * A return value of CMTSuccess indicates retrieving the Socket Status - * resource on the psm server was successful. Any other return value - * indicates an error in getting the socket status resource. - */ -CMTStatus CMT_GetSSLSocketStatus(PCMT_CONTROL control, CMTSocket sock, - CMTItem* pickledStatus, CMInt32* level); - -/* - * FUNCTION: CMT_ReleaseSSLSocketStatus - * ------------------------------------ - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * sock - * The socket which was passed into CMT_OpenSSLConnection as the file - * descriptor for the application to read data from. - * NOTES - * This function instructs the SSL connection to discard the Socket Status - * variable associated with it. - * - * RETURN - * A return value of CMTSuccess indicates the socket status structure was - * successfully discarded. Any other return value indicates an error. - */ -CMTStatus CMT_ReleaseSSLSocketStatus(PCMT_CONTROL control, CMTSocket sock); - -/* - * FUNCTION: CMT_OpenTLSConnection - * ------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * PSM server. - * sock - * The file descriptor of the socket to use for feeding the data - * back to the application. - * port - * The port which the PSM server should connect to. - * hostIP - * The IP address of the server with which to establish a TLS - * connection. - * hostName - * The host name of the site to connect to. - * - * NOTES: - * This function sends a message to the PSM server requesting a TLS connection - * to be established. A TLS connection is the one that starts out as a regular - * TCP socket but later turns into a secure connection upon request. The - * parameter "sock" is a file descriptor to use for reading data from the PSM - * server. After all of the contents have been read from the socket, the - * application should call CMT_DestroyDataConnection passing in the two - * parameters "control" and "sock" that were passed into this function. - * - * RETURN - * A return value of CMTSuccess indicates the PSM server has established a - * TLS connection with the site passed in. Any other return value indicates - * an error setting up the connection and the application should not try - * to read any data from the socket "sock" passed in. - */ -CMTStatus CMT_OpenTLSConnection(PCMT_CONTROL control, CMTSocket sock, - CMUint32 port, char* hostIP, char* hostName); - -/* - * FUNCTION: CMT_TLSStepUp - * ----------------------- - * INPUTS - * control - * A control connection that has established a connection with the PSM - * server. - * sock - * The file descriptor to use for exchanging data with the PSM server. - * clientContext - * The client context that is to be saved. - * - * RETURN - * A return value of CMTSuccess indicates that the PSM server successfully - * upgraded the connection to a secure one. Any other return value indicates - * the TLS step-up did not succeed. - */ -CMTStatus CMT_TLSStepUp(PCMT_CONTROL control, CMTSocket sock, - void* clientContext); - -/* - * FUNCTION: CMT_OpenSSLProxyConnection - * ------------------------------------ - * INPUTS - * control - * A control connection that has established a connection with the PSM - * server. - * sock - * The file descriptor to use for exchanging data with the PSM server. - * port - * The port which the PSM server should connect to. - * hostIP - * The IP address of the server with which to establish a proxy - * connection. - * hostName - * The host name of the server to connect to. - * - * NOTES - * This function opens a connection to an SSL proxy server in the clear. It - * is almost identical to the role of CMT_OpenTLSConnection(), but is offered - * to be clear of the fact that it is opening a connection to a proxy server. - * Consult the usage of CMT_OpenTLSConnection() for more information. Also, - * note that this by itself does not carry out any authorization (or - * authentication) other than simply connecting to the port. Further exchange - * is left to the client. Moreover, once it is ready to transmit actual data, - * the client is required to call CMT_ProxyStepUp() to turn on security on the - * connection. - * - * RETURN - * A return value of CMTSuccess indicates the PSM server has established a - * connection with the SSL proxy server. Any other return value indicates - * an error setting up the connection and the application should not try - * to read any data from the socket "sock" passed in. - */ -CMTStatus CMT_OpenSSLProxyConnection(PCMT_CONTROL control, CMTSocket sock, - CMUint32 port, char* hostIP, - char* hostName); - -/* - * FUNCTION: CMT_ProxyStepUp - * ------------------------- - * INPUTS - * control - * A control connection that has established a connection with the PSM - * server. - * sock - * The file descriptor to use for exchanging data with the PSM server. - * clientContext - * The client context that is to be saved. - * remoteUrl - * The URL of the remote host. - * - * NOTES - * This function instructs PSM to turn on security on the connection. Once it - * returns, the connection is ready for SSL data exchange. The remoteUrl - * argument is used in validating the SSL connection for the man-in-the-middle - * attack during the SSL handshake. - * - * RETURN - * A return value of CMTSuccess indicates that the PSM server has turned on - * security on the connection. Any other return value indicates an error - * setting up the connection and the application should not try to read/write - * data from the socket. - */ -CMTStatus CMT_ProxyStepUp(PCMT_CONTROL control, CMTSocket sock, - void* clientContext, char* remoteUrl); - -/* PKCS 7 Functions */ -/* - * FUNCTION: CMT_PKCS7DecoderStart - * ------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * connectionID - * A pointer to a pre-allocated block of memory where the library - * can place the resource ID of the data connection associated with - * this PKCS7 decode process. - * cb - * A pointer to a function that will receive the content bytes as - * they are recovered while decoding. - * cb_arg - * An opaque pointer that will get passed to the callback function - * "cb" when "cb" is invoked. - * - * NOTES - * This function sends a message to the psm server requesting a context with - * which to decode a PKCS7 stream. The contents of the decoded stream will - * be passed to the function cb. - * - * RETURN - * A return value of CMTSuccess indicates a context for decoding a PKCS7 - * stream was created on the psm server and is ready to process a PKCS stream. - * Any other return value indicates an error and that no context for decoding - * a PKCS7 stream was created. - */ -CMTStatus CMT_PKCS7DecoderStart(PCMT_CONTROL control, void * clientContext, CMUint32 * connectionID, CMInt32 * result, - CMTP7ContentCallback cb, void *cb_arg); - -/* - * FUNCTION: CMT_PKCS7DecoderUpdate - * -------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * connectionID - * The resource ID of a PKCS Decoder Context returned by the - * function CMT_PKCS7DecoderStart. - * buf - * The next section of a PKCS7 stream to feed to the PKCS7 decoder - * context. - * len - * The length of the buffer "buff" passed in. - * NOTES - * This function sends a buffer to a PKCS7 decoder context. The context then - * parses the data and updates its internal state. - * - * RETURN - * A return value of CMTSuccess indicates the PKCS7 decoder context - * successfully read and parsed the buffer passed in as a PKCS7 buffer. - * Any other return value indicates an error while processing the buffer. - */ -CMTStatus CMT_PKCS7DecoderUpdate(PCMT_CONTROL control, CMUint32 connectionID, - const char * buf, CMUint32 len); - -/* - * FUNCTION: CMT_PKCS7DecoderFinish - * -------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * connectionID - * The resource ID of a PKCS Decoder Context returned by the - * function CMT_PKCS7DecoderStart. - * resourceID - * A pointer to a pre-allocated chunk of memory where the library - * can place a copy of the resource ID associated with the content - * info produced while the decoder context existed. - * NOTES: - * This function shuts down a PKCS7 decoder context on the psm server and - * returns the resource ID of the content info that was decoded from the - * PKCS7 stream passed in to the decoder context via CMT_PKCS7DecoderUpdate - * calls. The attributes you can retrieve from the Content Info via the - * functions CMT_GetNumericAttribute or CMT_GetStringAttribute are as - * follows: - * - * Attribute Type What it means - * --------- ---- ------------- - * SSM_FID_P7CINFO_IS_SIGNED Numeric If non-zero, then the content - * info is signed. - * - * SSM_FID_P7CINFO_IS_ENCRYPTED Numeric If non-zero, then the content - * info is encrypted. - * - * SSM_FID_P7CINFO_SIGNER_CERT Numeric The resource ID of the - * certificate used to sign the - * content info. - * - * RETURN - * A return value of CMTSuccess indicates the PKCS7 Decoder Context was - * properly shutdown and that a resource for the Content Info exists on - * the psm server. Any other return value indicates an error. The library - * will have tried to shutdown the PKCS7 decoder context, but may have failed. - * The Content Info will not exist on the psm server in this case. - */ -CMTStatus CMT_PKCS7DecoderFinish(PCMT_CONTROL control, CMUint32 connectionID, - CMUint32 * resourceID); - -/* - * FUNCTION: CMT_PKCS7DestroyContentInfo - * ------------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * resourceID - * The resource ID of content info returned via the function - * CMT_PKCS7DecoderFinish or CMT_CreateSigned. - * NOTES - * This function destroys the content info on the psm server. - * - * RETURN - * A return value of CMTSuccess indicates the content info was successfully - * destroyed. Any other return value indicates an error and that the - * resource with the resource ID passed in was not destroyed. - */ -CMTStatus CMT_PKCS7DestroyContentInfo(PCMT_CONTROL control, - CMUint32 resourceID); - -/* - * FUNCTION: CMT_PKCS7VerifyDetachedSignature - * ------------------------------------------ - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * resourceID - * The resource ID of content info returned via the function - * CMT_PKCS7DecoderFinish or CMT_CreateSigned. - * certUsage - * How the certificate that were used to sign should be interpretted. - * hashAlgID - * An identifier which tells the psm server which hash algorithm was - * to produce the signature. - * keepCerts - * If non-zero, the psm server will store any new certificates in - * content info into the local certificate database. - * digest - * A pre-calculated digest of the input. - * result - * A pointer to a pre-allocated chunk of memory where the library - * can place the result code of the verfication process. - * NOTES - * This function requests the psm server verify a signature within a - * Content Info. - * - * Valid values for certUsage: - * Use Value - * --- ----- - * Email Signer 4 - * Object Signer 6 - * - * Valid values for hashAlgID: - * Hash Algorithm Value - * -------------- ----- - * MD2 1 - * MD5 2 - * SHA1 3 - * - * RETURN - * If the function returns CMTSuccess, then psm server completed the operation - * of verifying the signature and the result is located at *result. If - * *result is non-zero, then the signature did not verify. If the result is - * zero, then the signature did verify. Any other return value indicates - * an error and the value at *result should be ignored. - */ -CMTStatus CMT_PKCS7VerifyDetachedSignature(PCMT_CONTROL control, - CMUint32 resourceID, - CMUint32 certUsage, - CMUint32 hashAlgID, - CMUint32 keepCerts, - CMTItem *digest, - CMInt32 *result); - -/* - * FUNCTION: CMT_CreateSigned - * -------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * scertID - * The resource ID of the certificate to use for signing data. - * ecertID - * The resource ID of the encryption cert associated with scertID. - * If the certificates are different, then the encryption cert - * will also be included in the signed message so that the recipient - * can save it for future encryption. - * dig_alg - * A representation of what algorithm to use for generating the - * digest. - * digest - * The actual digest of the data. - * ciRID - * A pointer to a pre-allocated chunk of memory where the library - * can place the resource ID of the content info created by the psm - * server. - * errCode - * A pointer to a pre-allocated chunk of memory where the library - * can place the error code returned by the psm server in case of - * error. NOTE: The error codes need to be documented. - * NOTES - * This function creates a PKCS7 Content Info on the psm server that will - * be used to sign the digest. After creating this content info the - * application must use CMT_PKCS7Encoder{Start|Update|Finish} function - * calls to encode the content info. - * Currently there is only one supported value for digest algorithm: - * Digest Algorithm Value - * ---------------- ----- - * SHA1 4 - * - * RETURN - * A return value of CMTSuccess indicates the content info was successfully - * created on the psm server and the application can proceed to encode the - * content info with CMT_PKCS7Encoder* function calls. Any other return - * value indicates an error and the content info was not created. - */ -CMTStatus CMT_CreateSigned(PCMT_CONTROL control, CMUint32 scertID, - CMUint32 ecertID, CMUint32 dig_alg, - CMTItem *digest,CMUint32 *ciRID,CMInt32 *errCode); - -/* - * FUNCTION: CMT_PKCS7EncoderStart - * ------------------------------ - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * ciRID - * The resource ID of the content info to encode. - * connectionID - * A pointer to a pre-allocated chunk of memory where the library can - * place the resource ID of the resulting PKCS7 Encoder Context. - * cb - * A callback function that will get called as the content info - * is encoded. - * cb_arg - * An opaque pointer that will get passed to cb every time cb is - * called. - * - * NOTES - * This function creates a PKCS7 encoder context on the psm server which - * the application can use to encode a data as a PKCS7 content info. The - * function cb will be used to pass back encoded buffers to the application. - * The applicaton should concatenate the buffer passed in to cb to any buffer - * previously passed in to the function cb. The concatenation of all the - * buffers passed in to cb will be the final product of the encoding - * procedure. - * - * RETURN - * A return value of CMTSuccess indicates successful creation of a PKCS7 - * encoder context on the psm server. Any other return value indicates - * an error and that no encoder context was created on the psm server. - */ -CMTStatus CMT_PKCS7EncoderStart(PCMT_CONTROL control, CMUint32 ciRID, - CMUint32 *connectionID, - CMTP7ContentCallback cb, - void *cb_arg); - -/* - * FUNCTION: CMT_PKCS7EncoderUpdate - * -------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * connectionID - * The resource ID of a PKCS7 Encoder context returned by the function - * CMT_PKCS7EncoderStart - * buf - * The next chunk of buffer to set as the data of the content info. - * len - * The length of the buffer passed in. - * - * NOTES - * This function sets the next buffer to include as part of the content to - * encode. The application can repeatedly call this function until all the - * data has been fed to the encoder context. - * - * RETURN - * A return value of CMTSuccess indicates the the encoder context on the psm - * server successfully added the data to the encoder context. Any other - * return value indicates an error. - * - */ -CMTStatus CMT_PKCS7EncoderUpdate(PCMT_CONTROL control, CMUint32 connectionID, - const char *buf, CMUint32 len); - -/* - * FUNCTION: CMT_PKCS7EncoderFinish - * -------------------------------- - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * connectionID - * The resource ID of a PKCS7 Encoder context returned by the function - * CMT_PKCS7EncoderStart - * - * NOTES - * This function destroys the PKCS7 encoder context with the resource ID of - * connectionID on the psm server. - * - * RETURN - * A return value of CMTSuccess indicates the PKCS7 encoder context was - * successfully destroyed. Any other return value indcates an error while - * trying to destroy the PKCS7 encoder context. - */ -CMTStatus CMT_PKCS7EncoderFinish(PCMT_CONTROL control, - CMUint32 connectionID); - - -/* Hash functions */ -/* - * FUNCTION: CMT_HashCreate - * ------------------------ - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * algID - * A numeric value representing what kind of hash to perform. - * connID - * A pointer to a pre-allocated chunk of memory where the library - * can place a copy of the resource ID associated with the hashing - * context created by this function. - * NOTES - * This function sends a message to the psm server requesting a context be - * created for performing a hashing operation. The type of hashing operation - * performed depends on the parameter passed in for algID. The valid values - * are: - * - * Hash Algorithm Value - * -------------- ----- - * MD2 1 - * MD5 2 - * SHA1 3 - * - * RETURN - * A return value of CMTSuccess indicates successful creation of a hashing - * context ont he psm server. The resource ID of the hashing context is - * located at *connID. Any other return value indicates an error and the - * value at *connID should be ignored. - */ -CMTStatus CMT_HashCreate(PCMT_CONTROL control, CMUint32 algID, - CMUint32 * connID); - -/* - * FUNCTION: CMT_HASH_Destroy - * -------------------------- - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * connectionID - * The resource ID of the Hash context on psm to destroy. - * NOTES - * This function sends a message to the psm server requesting that the hashing - * context with the resource ID of "connectionID" be destroyed. This function - * should be called after the hashing context is no longe needed. - * - * RETURN - * A return value of CMTSuccess indicates the hashing context was successfully - * destroyed. Any other return value indicates an error while destroying - * the resource with resource ID connectionID. - */ -CMTStatus CMT_HASH_Destroy(PCMT_CONTROL control, CMUint32 connectionID); - -/* - * FUNCTION: CMT_HASH_Begin - * ------------------------ - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * connectionID - * The resource ID of a hashing context on the psm server. - * NOTES - * This function will send a message to the psm server requesting the hashing - * context initialize its internal state before beginning the process of hasing - * data. - * - * RETURN - * A return value of CMTSuccess indicates the state of the hashing context - * successfully initialized its state and that the application can start - * feeding the data to hash via the CMT_HASH_Update function. Any other return - * value indicates an error and the hashing context should not be used after - * this function call. - */ -CMTStatus CMT_HASH_Begin(PCMT_CONTROL control, CMUint32 connectionID); - -/* - * FUNCTION: CMT_HASH_Update - * ------------------------- - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * connectionID - * The resource ID of a hashing context on the psm server. - * buf - * The data to feed to the hashing context. - * len - * The length of the buffer passed in as data. - * - * NOTES - * This function sends the next buffer of data to be hashed as part - * of the hash context associated with the parameter connecionID. The - * application may call this function multiple times each time feeding - * in the next chunk of data to be hashed. The end result will be the hash - * of the concatenation of the data passed into each successive call to - * CMT_HASH_Update. To get the final hash of the data call CMT_HASH_End - * after feeding all of the data to the context via this function. - * - * RETURN - * A return value of CMTSuccess indicates the hash context on the psm server - * successfully accepted the data and updated its internal state. Any other - * return value indicates an error and the state of the hashing context is - * undefined from this point forward. - */ -CMTStatus CMT_HASH_Update(PCMT_CONTROL control, CMUint32 connectionID, - const unsigned char * buf, CMUint32 len); - -/* - * FUNCTION: CMT_HASH_End - * ---------------------- - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * connectionID - * The resource ID of a hashing context on the psm server. - * result - * A pre-allocated buffer where the library can place the hash of - * the data that was fed to the hashing context. - * resultlen - * A pointer to a pre-allocated CMUint32 where the library can place - * the length of the hash returned via the parameter result. - * maxLen - * The alocated length of the buffer "result" that is passed in. The - * library will not write the hash out to "result" if the length of - * the hash of the data is greater than this parameter. - * - * NOTES - * This function tells the psm server that no more data will be fed to - * the hashing context. The hashing context finishes its hashing operation - * and places the final hash of the processed data in the buffer result and - * places the length of the resultant hash at *result. - * - * RETURN - * A return value of CMTSuccess indicates the hashing context successfully - * finished the hashing operation and placed the resulting hash in the buffer - * "result" as well as the hash's length at *resultLen. Any other return - * value indicates an error and the values in buffer and *resultLen should - * ignored. - */ -CMTStatus CMT_HASH_End(PCMT_CONTROL control, CMUint32 connectionID, - unsigned char * result, CMUint32 * resultlen, - CMUint32 maxLen); - -/* Resources */ -/* - * FUNCTION: CMT_GetNumericAttribute - * --------------------------------- - * control - * A control connection that has established a connection with the - * psm server. - * resourceID - * The resource ID of the resource on the psm server which the - * application wants to retrieve an attribute for. - * fieldID - * The numerical representation of the attribute the application wants - * to retrieve. - * value - * A pointer to a pre-allocated CMUint32 where the library can place - * a copy of the numeric attribute retrieved from the resource on the - * psm server - * - * NOTES - * This function requests that the psm server query a resource for a numeric - * attribute. The fieldID should be one of the enumerations defined by - * the enumeration SSMAttributeID. Each resource has a set of attributes - * that can be retrieved from the psm server. Refer to the function where - * a resource is created for a list of attributes that a given resource has. - * - * RETURN - * A return value of CMTSuccess indicates the resource on the psm server - * returned the requested numeric attribute and the corresponding attribute - * value can be found at *value. Any other return value indicates an error - * and the value at *value should be ignored. - */ -CMTStatus CMT_GetNumericAttribute(PCMT_CONTROL control, CMUint32 resourceID, - CMUint32 fieldID, CMInt32* value); - -/* - * FUNCTION: CMT_GetStringAttribute - * -------------------------------- - * control - * A control connection that has established a connection with the - * psm server. - * resourceID - * The resource ID of the resource on the psm server which the - * application wants to retrieve an attribute for. - * fieldID - * The numerical representation of the attribute the application wants - * to retrieve. - * value - * A pinter to a CMTItem that the library can store the string attribute - * retrieved from the resource on the psm server. - * - * NOTES - * This function requests that the psm server query a resource for a string - * attribute. The fieldID should be one of the enumerations defined by - * the enumeration SSMAttributeID. Each resource has a set of attributes - * that can be retrieved from the psm server. Refer to the function where - * a resource is created for a list of attributes that a given resource has. - * - * RETURN - * A return value of CMTSuccess indicates the resource on the psm server - * returned the requested string attribute and the corresponding attribute - * value can be found at *value. Any other return value indicates an error - * and the value at *value should be ignored. - */ -CMTStatus CMT_GetStringAttribute(PCMT_CONTROL control, CMUint32 resourceID, - CMUint32 fieldID, CMTItem *value); - -/* - * FUNCTION: CMT_SetStringAttribute - * -------------------------------- - * control - * A control connection that has established a connection with the - * psm server. - * resourceID - * The resource ID of the resource on the psm server which the - * application wants to set an attribute for. - * fieldID - * The numerical representation of the attribute the application wants - * to set. - * value - * A pointer to a CMTItem containing the string (binary or ASCII) that - * the application wants to set as the attribute value. - * - * NOTES - * This function requests that the psm server set a string attribute for - * a resource. The fieldID should be one of the enumerations defined by - * then enumeration SSMAttributeID. Each resource has a set of attributes - * that can be set on the psm server. Refer to the function where a - * resource is created for a list of attributes that a given resource has. - * - * RETURN - * A return value of CMTSuccess indicates the psm server successfully set - * requested string attribute for the resource. Any other return value - * indicates an error in setting the resource. - */ -CMTStatus CMT_SetStringAttribute(PCMT_CONTROL control, CMUint32 resourceID, - CMUint32 fieldID, CMTItem *value); - -/* - * FUNCTION: CMT_SetNumericAttribute - * --------------------------------- - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * resourceID - * The resource ID of the resource on the psm server which the - * application wants to set an attribute for. - * fieldID - * The numerical representation of the attribute the application wants - * to set. - * value - * A pointer to a CMTItem containing the string (binary or ASCII) that - * the application wants to set as the attribute value. - * - * NOTES - * This function requests that the psm server set a numeric attribute for - * a resource. The fieldID should be one of the enumerations defined by - * then enumeration SSMAttributeID. Each resource has a set of attributes - * that can be set on the psm server. Refer to the function where a - * resource is created for a list of attributes that a given resource has. - * - * RETURN - * A return value of CMTSuccess indicates the psm server successfully set - * requested numeric attribute for the resource. Any other return value - * indicates an error in setting the resource. - */ -CMTStatus CMT_SetNumericAttribute(PCMT_CONTROL control, CMUint32 resourceID, - CMUint32 fieldID, CMInt32 value); - -/* - * FUNCTION: CMT_GetRIDAttribute - * ----------------------------- - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * resourceID - * The resource ID of the resource on the psm server the application - * wants to retrieve an attributre from. - * fieldID - * The numerical representation of the attribute the application wants - * to retrieve. - * value - * A pointer to a pre-allocated CMUint32 where the library can place - * a copy of the desired RID attribute value retrieved from the - * resource. - * - * NOTES - * This function sends a message to the psm server requesting an attribute - * from the resource with ID "resourceID" that in turn is a resource ID. - * The parameter fieldID should be one of the values defined by the enumeration - * SSMAttributeID. Refer to the function where a resource is created for a - * list of attributes that a given resource has. The application should - * use this function to retrieve attributes that are resource ID's instead - * of CMT_GetNumericAttribute because this funcion will increase the reference - * count on the resource corresponding to the retrieved resource ID so that - * the resource does not disappear while the application can reference it. - * - * RETURN - * A return value of CMTSuccess indicates the psm server successfully - * retrieved the desired attribute and place it's value at *value. Any - * other return value indicates an error and the value at *value should - * be ignored. - */ -CMTStatus CMT_GetRIDAttribute(PCMT_CONTROL control, CMUint32 resourceID, - CMUint32 fieldID, CMUint32 *value); - -/* - * FUNCTION: CMT_DestroyResource - * ----------------------------- - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * resourceID - * The resource ID of the resource on the psm server the application - * wants to destroy. - * resourceType - * The type of resource the application is trying to destroy. This value - * should be one defined by the enumeration SSMResourceType. - * - * NOTES - * This function sends a message to the psm server release its reference on - * the resource passed in. - */ -CMTStatus CMT_DestroyResource(PCMT_CONTROL control, CMUint32 resourceID, - CMUint32 resourceType); - -/* - * FUNCTION: CMT_PickleResource - * ---------------------------- - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * resourceID - * The resource ID of the resource on the psm server the application - * wants to destroy. - * pickledResource - * A pointer to a CMTItem where the library can place - * the pickled resource on successful return. - * NOTES - * This function sends a message to the psm server requesting the resource - * passed in be converted to a binary stream that can be re-instantiated - * at a later time by a call to CMT_UnpickleResource (during the same - * execution of the application). - * - * RETURN - * A return value of CMTSuccess indicates the resource was pickled successfully - * and the resulting stream is located at *pickledResource. After the pickled - * resource is no longer needed, the application should free the pickled - * resource by calling CMT_FreeItem. Any other return value indicates an - * error and the value at *pickledResource should be ignored. - */ -CMTStatus CMT_PickleResource(PCMT_CONTROL control, CMUint32 resourceID, - CMTItem * pickledResource); - -/* - * FUNCTION: CMT_UnpickleResource - * ------------------------------ - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * resourceType - * A value defined by the enumeration SSMResourceType which is the - * type of the resource to unpickle. - * pickledResource - * The pickled resource as returned by CMT_PickleResource. - * resourceID - * A pointer to a pre-allocated CMUint32 where the library can - * place the resource ID of the re-instantiated resource. - * NOTES - * This function sends a message to the psm server requesting a pickled - * resource be unpickled and re-instantiated. - * - * RETURN - * A return value of CMTSuccess indicates the psm server successfully - * re-instantiated a resource and the ID of the re-instantiated resource can - * be found at *resourceID. Any other return value indicates an error - * and the value at *resourceID should be ignored. - */ -CMTStatus CMT_UnpickleResource(PCMT_CONTROL control, CMUint32 resourceType, - CMTItem pickledResource, - CMUint32 * resourceID); - -/* - * FUNCTION: CMT_DuplicateResource - * ------------------------------- - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * resourceID - * The resource ID of the resource to duplicate. - * newResID - * A pointer to a pre-allocated CMUint32 where the library can place - * a copy of the duplicated resource's ID. - * - * NOTES - * This function requests the resource passed in be duplicated and returns - * the resource ID of the duplicated resource. - * - * RETURN - * A return value of CMTSuccess indicates the resource was duplicated and - * the application can refer to the resource stored at *newResID. The - * application must also call CMT_DestroyResource when the new resource is - * no longer needed. Any other return value indicates an error and the - * value at *newResID should be ignored. - */ -CMTStatus CMT_DuplicateResource(PCMT_CONTROL control, CMUint32 resourceID, - CMUint32 *newResID); - -/* - * FUNCTION: CMT_DestroyDataConnection - * ----------------------------------- - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * sock - * The File socket the application is using - * to read data from the psm server. - * NOTES - * This function destroys a data connection between the psm server and - * the application. A Data Connection is created when an - * SSL connection is established with the psm server. After an SSL - * connection is no longer necessary, the application should - * pass that socket to this function - */ -int CMT_DestroyDataConnection(PCMT_CONTROL control, CMTSocket sock); - -/* - * FUNCTION: CMT_CompareForRedirect - * -------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * status1 - * A pickled socket status resource that will be used as the first - * source for the re-direct comparison. - * status2 - * A pickled socket status resource that will be used as the second - * source for the re-direct comparison. - * NOTES - * This function takes two pickled SSL Socket status resources. The pickled - * socket status should be a value obtained via the function - * CMT_GetSSLSocketStatus. - * - * RETURN - * A return value of CMTSuccess indicates a message was successfully sent and - * retrieved from the psm server. If the value at *res is 0 then the - * comparison for re-direction was unsuccessful and the user may be getting - * re-directed to an un-safe location. Any other value for *res indicates - * a safe re-direction. Any other return value from this function indicates an - * error and that the value at *res should be ingored. - */ -CMTStatus CMT_CompareForRedirect(PCMT_CONTROL control, CMTItem *status1, - CMTItem *status2, CMUint32 *res); - -/* - * FUNCTION: CMT_DecodeAndAddCRL - * ----------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * derCrl - * The DER encoded CRL to add. - * len - * The length of the DER encoded CRL. - * url - * The URL associated with the URL being decoded. - * type - * An integer representation of the type of CRL that is being decoded. - * errMessage - * A pointer to a pre-allocated char* where the libraries can place - * an error message that the application can display to the user in - * case of an error. - * - * NOTES - * This function takes a DER encoded CRL and sends it to the psm server which - * then decodes the CRL and tries to import into its profile. - * - * Valid values for type are as follows: - * Value Meaning - * ----- ------- - * 0 This a Key Revocation List (KRL) - * 1 This a Certificate Revocation List (CRL) - * - * RETURN: - * A return value of CMTSuccess indicates the CRL was successfully decoded and - * imported into the current profile. Any other return value indicates - * failure. - */ -CMTStatus CMT_DecodeAndAddCRL(PCMT_CONTROL control, unsigned char *derCrl, - CMUint32 len, char *url, int type, - char **errMess); - -/* - * FUNCTION: CMT_LogoutAllTokens - * ----------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * NOTES - * This function will send a message to the psm server requesting the psm - * server log out of all installed PKCS11 tokens. (ie the internal key - * database and any smart cards being used.) - * - * RETURN - * A return value of CMTSuccess indicates the psm server successfully logged - * out of all the tokens. Any other return value indicates an error while - * trying to log out of the tokens. - */ -CMTStatus CMT_LogoutAllTokens(PCMT_CONTROL control); - -/* - * FUNCTION: CMT_GetSSLCapabilites - * ------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * capabilities - * A pointer to a pre-allocated CMUint32 where the library can place - * the resulting bit mask which represents the SSL capablities of the - * psm server. - * NOTES - * The function returns a bit mask via *capabilities which tells the user - * which SSL ciphers are enabled. - * - * Relevent Cipher Value - * ----- -------- ----- - * RSA 0x00000001L - * MD2 0x00000010L - * MD5 0x00000020L - * RC2_CBC 0x00001000L - * RC4 0x00002000L - * DES_CBC 0x00004000L - * DES_EDE3_CBC 0x00008000L - * IDEA_CBC 0x00010000L - * - * RETURN - * A return value of CMTSuccess indicates the capabilities was - * successfully retrieved. Any other return value indicates an - * error and the value at *capabilities should be ignored. - */ -CMTStatus CMT_GetSSLCapabilities(PCMT_CONTROL control, CMInt32 *capabilites); -/* Events */ -CMTStatus CMT_RegisterEventHandler(PCMT_CONTROL control, CMUint32 type, - CMUint32 resourceID, - void_fun handler, void* data); -CMTStatus CMT_UnregisterEventHandler(PCMT_CONTROL control, CMUint32 type, - CMUint32 resourceID); - -/* - * FUNCTION: CMT_EventLoop - * ----------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * NOTES - * This function polls the control connection to see if there is an event - * waiting to be processed. The function blocks until there is data on the - * socket waiting to be processed, fetches the data, parses the message, - * and calls the appropriate callback. The function will then wait again - * until there is data waiting on the socket. So this function should be - * called on its own thread where no other code exists because this function - * will not return unless there was an error. - * - * Code for your thread should look like this: - * - * void PSM_EventThread(..) - * { - * CMT_EventLoop(control); - * } - * - * If this function ever returns, that means either the control connection - * has shut down, or there was an error trying read/receive data over the - * control connection. - * - * RETURN - * This function does not have a return value. - */ -void CMT_EventLoop(PCMT_CONTROL control); - -/* Certificates */ -/* Process KEYGEN tag */ -typedef enum { - CM_KEYGEN_START = 11, - CM_KEYGEN_PICK_TOKEN, - CM_KEYGEN_SET_PASSWORD, - CM_KEYGEN_ERR, - CM_KEYGEN_DONE -} CMKeyGenTagReq; - -char ** CMT_GetKeyChoiceList(PCMT_CONTROL control, char * type, char * pqgString); -typedef struct { - CMKeyGenTagReq op; - int rid; - int cancel; - char * tokenName; - void * current; -} CMKeyGenTagArg; - -typedef struct { - char * choiceString; - char * challenge; - char * typeString; - char * pqgString; -} CMKeyGenParams; - -typedef struct { - int needpwd; - int minpwd; - int maxpwd; - int internalToken; - char * password; -} CMKeyGenPassword; - -/* string list structure */ -typedef struct _NameList { - int numitems; - char ** names; -} NameList; - -CMTStatus CMT_CreateKeyGenContextForKeyGenTag(PCMT_CONTROL control, - CMUint32 *keyGenContext, - CMUint32 *errorCode); - -char * CMT_GenKeyOldStyle(PCMT_CONTROL control, CMKeyGenTagArg * arg, - CMKeyGenTagReq * next); -char * CMT_GetGenKeyResponse(PCMT_CONTROL control, CMKeyGenTagArg * arg, - CMKeyGenTagReq *next); -/* Certificates */ -CMTStatus CMT_FindCertificateByNickname(PCMT_CONTROL control, char * nickname, CMUint32 *resID); -CMTStatus CMT_FindCertificateByKey(PCMT_CONTROL control, CMTItem *key, CMUint32 *resID); -CMTStatus CMT_FindCertificateByEmailAddr(PCMT_CONTROL control, char * emailAddr, CMUint32 *resID); -CMTStatus CMT_AddCertificateToDB(PCMT_CONTROL control, CMUint32 resID, char *nickname, CMInt32 ssl, CMInt32 email, CMInt32 objectSigning); -CMUint32 CMT_DecodeCertFromPackage(PCMT_CONTROL control, char * certbuf, int len); -CMT_CERT_LIST *CMT_MatchUserCert(PCMT_CONTROL control, CMInt32 certUsage, CMInt32 numCANames, char **caNames); -void CMT_DestroyCertList(CMT_CERT_LIST *certList); -void CMT_DestroyCertificate(PCMT_CONTROL control, CMUint32 certID); -CMTStatus CMT_FindCertExtension(PCMT_CONTROL control, CMUint32 resID, - CMUint32 extensiocmtcern, CMTItem *extValue); -CMTStatus CMT_HTMLCertInfo(PCMT_CONTROL control, CMUint32 certID, - CMBool showImages, CMBool showIssuer, - char **retHtml); - -/* - * FUNCTION: CMT_DecodeAndCreateTempCert - * ------------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * data - * The DER encoded certificate. - * len - * The length of the DER data passed in. - * type - * A number corresponding to the type of cert being decoded. - * - * NOTES - * This function sends a message to the psm server requesting a raw DER - * be decoded and creates a temporary certificate and returns the resource ID - * associated with the newly created certificate resource. - * - * Valid values for the type parameter are as follows: - * - * Value Meaning - * ----- ------- - * 1 CA cert - * 2 Server cert - * 3 User cert (ie one for which user - * has private key) - * 4 Someone else's email cert - * - * RETURN: - * A return value of 0 indicates an error and that the certificate was not - * added to the temporary database as requested. Any other return value - * indicates success and the return value is the resource ID of the new - * certificate. - */ -CMUint32 CMT_DecodeAndCreateTempCert(PCMT_CONTROL control, char * data, - CMUint32 len, int type); - -CMTStatus CMT_SecurityAdvisor(PCMT_CONTROL control, CMTSecurityAdvisorData* data, - CMUint32 *resID); - -/* SecurityConfig (javascript) related functions */ -typedef struct _CMTime { - CMInt32 year; - CMInt32 month; - CMInt32 day; - CMInt32 hour; - CMInt32 minute; - CMInt32 second; -} CMTime; - -typedef struct _CMCertEnum { - char* name; - CMTItem certKey; -} CMCertEnum; - -CMTItem* CMT_SCAddCertToTempDB(PCMT_CONTROL control, char* certStr, - CMUint32 certLen); -CMTStatus CMT_SCAddTempCertToPermDB(PCMT_CONTROL control, CMTItem* certKey, - char* trustStr, char* nickname); -CMTStatus CMT_SCDeletePermCerts(PCMT_CONTROL control, CMTItem* certKey, - CMBool deleteAll); -CMTItem* CMT_SCFindCertKeyByNickname(PCMT_CONTROL control, char* name); -CMTItem* CMT_SCFindCertKeyByEmailAddr(PCMT_CONTROL control, char* name); -CMTItem* CMT_SCFindCertKeyByNameString(PCMT_CONTROL control, char* name); -char* CMT_SCGetCertPropNickname(PCMT_CONTROL control, CMTItem* certKey); -char* CMT_SCGetCertPropEmailAddress(PCMT_CONTROL control, CMTItem* certKey); -char* CMT_SCGetCertPropDN(PCMT_CONTROL control, CMTItem* certKey); -char* CMT_SCGetCertPropTrust(PCMT_CONTROL control, CMTItem* certKey); -char* CMT_SCGetCertPropSerialNumber(PCMT_CONTROL control, CMTItem* certKey); -char* CMT_SCGetCertPropIssuerName(PCMT_CONTROL control, CMTItem* certKey); -CMTStatus CMT_SCGetCertPropTimeNotBefore(PCMT_CONTROL control, - CMTItem* certKey, CMTime* beforetime); -CMTStatus CMT_SCGetCertPropTimeNotAfter(PCMT_CONTROL control, - CMTItem* certKey, CMTime* aftertime); -CMTItem* CMT_SCGetCertPropIssuerKey(PCMT_CONTROL control, CMTItem* certKey); -CMTItem* CMT_SCGetCertPropSubjectNext(PCMT_CONTROL control, CMTItem* certKey); -CMTItem* CMT_SCGetCertPropSubjectPrev(PCMT_CONTROL control, CMTItem* certKey); -CMTStatus CMT_SCGetCertPropIsPerm(PCMT_CONTROL control, CMTItem* certKey, - CMBool* isPerm); -CMTStatus CMT_SCCertIndexEnum(PCMT_CONTROL control, CMInt32 type, - CMInt32* number, CMCertEnum** list); - - -/* Misc */ -/* - * FUNCTION: CMT_SetPromptCallback - * ------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * f - * A function that the library will call whenever the psm - * server wants to prompt the user. - * arg - * An opaque pointer that will get passed to the callback function - * when invoked by the library. - * NOTES: - * This function sets the function the library should use when the psm server - * wants to prompt the user for input. The two cases would be to prompt for - * a password or to prompt for a name to give to a certificate. Refer to - * the description of the type promptCallback_fn above for details on - * the proper semantics for the function f. - * - * RETURN: - * This function does not return any value. - */ -void CMT_SetPromptCallback(PCMT_CONTROL control, promptCallback_fn f, - void* arg); - -/* - * FUNCTION: CMT_SetAppFreeCallback - * -------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * f - * A function that will free the memory returned by the callbacks - * supplied to CMT_SetPromptCallback and CMT_SetFilePathPromptCallback. - * NOTES - * This function will be called after the values returned by the callbacks for - * promptCallback_fn and filePromptCallback_fn are no longer needed. Read - * the comments for the type applicatoinFreeCallback_fn for details about - * the proper semantics for the function passed in. - * - * RETURN - * This function does not return any value. - */ -void CMT_SetAppFreeCallback(PCMT_CONTROL control, - applicationFreeCallback_fn f); - -/* - * FUNCTION: CMT_SetFilePathPromptCallback - * --------------------------------------- - * INPUTS: - * control - * A control connection that has established a connection with the - * psm server. - * f - * A function that the library will call whenever the psm server - * requests a file path. - * arg - * An opaque pointer that will be passed to the callback function - * f whenever f is invoked. - * NOTES - * This function sets the callback function the library will use whenever - * the psm server requests a file path. Read the comments on the definition - * of filePathPromptCallback_fn for the proper semantics of the function f. - * - * RETURN - * This function does not return any value. - */ -void CMT_SetFilePathPromptCallback(PCMT_CONTROL control, - filePathPromptCallback_fn f, void* arg); -/* - * FUNCTION: CMT_SetUIHandlerCallback - * ---------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * f - * A function pointer to the function that should be called whenever - * a UI event needs to be processed. - * data - * An opaque pointer that will be passed as the data parameter - * whenever the regsitered functions is called. - * NOTES - * This functions sets the function that will be called whenever a UI event - * happens. Refer to the definition of uiHandlerCallback_fn for the proper - * semantics of the function. - * - * In order to ensure all UI events are handled properly, the application - * linking with this library must call CMT_EventLoop in its own thread. - * Currently CMT_EventLoop is a blocking call that should never return. - * So the application should create a thread that just calls CMT_EventLoop - * and does nothing else. - * - * This function should be called before CMT_Hello so that the psm server - * will know your application is capable of handling UI events. - * - * RETURN - * This function return CMTSuccess if registering the UI handler function - * was successful. Any other return value indicates an error while - * registering the ui handler. - */ -CMTStatus CMT_SetUIHandlerCallback(PCMT_CONTROL control, - uiHandlerCallback_fn f, void *data); - -/* - * FUNCTION: CMT_SetSavePrefsCallback - * ---------------------------------- - * INPUTS - * control - * A control connection that has established a connection with the - * psm server. - * f - * A function pointer to the function that should be called for - * saving preferences. - * NOTES - * This function sets the callback that handles saving preferences. Refer - * to the definition of savePrefsCallback_fn for the proper semantics of the - * function. - * - * RETURN - * None. - */ -void CMT_SetSavePrefsCallback(PCMT_CONTROL control, - savePrefsCallback_fn f); - -/* - * FUNCTION: CMT_FreeItem - * ---------------------- - * INPUTS - * p - * A pointer to a CMTItem which was returned or allocated by cmt - * library. - * NOTES - * This function will free up all the memory associated with a CMTItem. - * You should only call this function when you have a CMTItem that was - * populated by the cmt library. - * - * RETURN - * This function does not return any value. - */ -void CMT_FreeItem(CMTItem* p); - - -/* Random number support */ - -/* - * FUNCTION: CMT_GenerateRandomBytes - * ---------------------------------- - * INPUTS - * control - * A control connection that has been established with the psm server. - * buf - * A buffer into which random data will be written. - * maxbytes - * The size of (buf); the maximum number of bytes of random - * data to be written. - * NOTES - * CMT_GenerateRandomBytes obtains no more than (maxbytes) bytes - * of random data from the psm server. - * - * RETURN - * The number of bytes of random data actually obtained. - */ -size_t CMT_GenerateRandomBytes(PCMT_CONTROL control, - void *buf, CMUint32 maxbytes); - -/* - * FUNCTION: CMT_RandomUpdate - * ---------------------------------- - * INPUTS - * control - * A control connection that has been established with the psm server. - * buf - * A buffer from which random data will be sent to the psm server. - * numbytes - * The number of bytes of random data in (buf). - * NOTES - * CMT_RandomUpdate collects random data from (buf) for eventual forwarding - * to the psm server. Data is not sent immediately, but rather is piggybacked - * onto existing protocol messages. - * - * RETURN - * A return value of CMTSuccess indicates that the random data was - * successfully mixed into the random data pool. Any other return value - * indicates failure. - */ -CMTStatus CMT_RandomUpdate(PCMT_CONTROL control, void *data, size_t numbytes); - -/* - * FUNCTION: CMT_FlushPendingRandomData - * ---------------------------------- - * INPUTS - * control - * A control connection that has been established with the psm server. - * NOTES - * CMT_FlushPendingRandomData flushes the random data cache, which was - * populated by previous calls to CMT_RandomUpdate, by sending this random - * data to the PSM server. - * - * RETURN - * A return value of CMTSuccess indicates that the random data was - * successfully sent to psm. Any other value indicates failure. - */ -CMTStatus CMT_FlushPendingRandomData(PCMT_CONTROL control); - -/* - * FUNCTION: CMT_SDREncrypt - * ---------------------------------- - * INPUTS - * control - * A control connection that has been established with the psm server. - * ctx - * A pointer to application defined context. It will be returned with - * the password callback request. - * key - * A buffer containing the key identifier to use for encrypting. May - * be NULL if keyLen is 0, which uses the "default" key. - * keyLen - * The length of the key identifier. - * data - * A buffer containing the data to encrypt - * dataLen - * The length of the data buffer - * result - * Recieves a pointer to a buffer containing the result of the - * encryption. - * resultLen - * Receives the length of the result buffer - * NOTES - * - * RETURN - * CMTSuccess - the encryption worked. - * CMTFailure - some (unspecified) error occurred (needs work) - */ -CMTStatus CMT_SDREncrypt(PCMT_CONTROL control, void *ctx, - const unsigned char *key, CMUint32 keyLen, - const unsigned char *data, CMUint32 dataLen, - unsigned char **result, CMUint32 *resultLen); - -/* - * FUNCTION: CMT_SDRDecrypt - * ---------------------------------- - * INPUTS - * control - * A control connection that has been established with the psm server. - * ctx - * A pointer to application defined context. It will be returned with - * the password callback request. - * data - * A buffer containing the the results of a call to SDREncrypt - * dataLen - * The length of the data buffer - * result - * Recieves a pointer to a buffer containing the result of the - * decryption - * resultLen - * Receives the length of the result buffer - * NOTES - * - * RETURN - * CMTSuccess - the encryption worked. - * CMTFailure - some (unspecified) error occurred (needs work) - */ -CMTStatus CMT_SDRDecrypt(PCMT_CONTROL control, void *ctx, - const unsigned char *data, CMUint32 dataLen, - unsigned char **result, CMUint32 *resultLen); - -/* - * FUNCTION: CMT_SDRChangePassword - * ---------------------------------- - * INPUTS - * control - * A control connection that has been established with the psm server. - * ctx - * A context pointer that may be provided in callbacks - * NOTES - * - * RETURN - * CMTSuccess - the operation completed normally. - * CMTFailure - some (unspecified) error occurred. (probably not useful) - */ -CMTStatus CMT_SDRChangePassword(PCMT_CONTROL control, void *ctx); - - -/* Lock operations */ -void CMT_LockConnection(PCMT_CONTROL control); -void CMT_UnlockConnection(PCMT_CONTROL control); - - -CMT_END_EXTERN_C - -#endif /* __CMTCMN_H__ */ diff --git a/security/psm/lib/client/cmtinit.c b/security/psm/lib/client/cmtinit.c index 434c84884a4..e69de29bb2d 100644 --- a/security/psm/lib/client/cmtinit.c +++ b/security/psm/lib/client/cmtinit.c @@ -1,490 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2) -#include -#include -#include -#include -#include -#ifndef XP_BEOS -#include -#endif -#else -#ifdef XP_MAC -#include // for WaitNextEvent -#else /* Windows */ -#include -#include -#include -#include -#endif -#endif - -#include "messages.h" -#include "cmtcmn.h" -#include "cmtutils.h" -#include - -#if defined(XP_UNIX) || defined(XP_BEOS) -#define DIRECTORY_SEPARATOR '/' -#elif defined(WIN32) || defined(XP_OS2) -#define DIRECTORY_SEPARATOR '\\' -#elif defined XP_MAC -#define DIRECTORY_SEPARATOR ':' -#endif - -/* Local defines */ -#define CARTMAN_PORT 11111 -#define MAX_PATH_LEN 256 - -/* write to the cmnav.log */ -#if 0 -#define LOG(x); do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \ - fprintf(f, x); fclose(f); } } while(0); -#define LOG_S(x); do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \ - fprintf(f, "%s", x); fclose(f); } } while(0); -#define ASSERT(x); if (!(x)) { LOG("ASSERT:"); LOG(#x); LOG("\n"); exit(-1); } -#else -#define LOG(x); ; -#define LOG_S(x); ; -#define ASSERT(x); ; -#endif - -static char* -getCurrWorkDir(char *buf, int maxLen) -{ -#if defined WIN32 - return _getcwd(buf, maxLen); -#elif defined(XP_UNIX) || defined(XP_BEOS) - return getcwd(buf, maxLen); -#else - return NULL; -#endif -} - -static void -setWorkingDir(char *path) -{ -#if defined WIN32 - _chdir(path); -#elif defined(XP_UNIX) || defined(XP_BEOS) - chdir(path); -#else - return; -#endif -} - -static CMTStatus -launch_psm(char *executable) -{ -#ifndef XP_MAC - char command[MAX_PATH_LEN]; -#endif -#ifdef WIN32 - STARTUPINFO sui; - PROCESS_INFORMATION pi; - UNALIGNED long *posfhnd; - int i; - char *posfile; - - sprintf(command,"%s > psmlog", executable); - ZeroMemory( &sui, sizeof(sui) ); - sui.cb = sizeof(sui); - sui.cbReserved2 = (WORD)(sizeof( int ) + (3 * (sizeof( char ) + - sizeof( long )))); - sui.lpReserved2 = calloc( sui.cbReserved2, 1 ); - *((UNALIGNED int *)(sui.lpReserved2)) = 3; - posfile = (char *)(sui.lpReserved2 + sizeof( int )); - posfhnd = (UNALIGNED long *)(sui.lpReserved2 + sizeof( int ) + - (3 * sizeof( char ))); - - for ( i = 0, posfile = (char *)(sui.lpReserved2 + sizeof( int )), - posfhnd = (UNALIGNED long *)(sui.lpReserved2 + sizeof( int ) + (3 * sizeof( char ))) ; - i < 3 ; i++, posfile++, posfhnd++ ) { - - *posfile = 0; - *posfhnd = (long)INVALID_HANDLE_VALUE; - } - /* Now, fire up PSM */ - if (!CreateProcess(NULL, command, NULL, NULL, TRUE, DETACHED_PROCESS, - NULL, NULL, &sui, &pi)) { - goto loser; - } - - return CMTSuccess; - loser: - return CMTFailure; -#elif defined(XP_UNIX) || defined(XP_BEOS) - sprintf(command,"./%s &", executable); - if (system(command) == -1) { - goto loser; - } - return CMTSuccess; - loser: - return CMTFailure; -#else - return CMTFailure; -#endif -} - -PCMT_CONTROL CMT_EstablishControlConnection(char *inPath, - CMT_SocketFuncs *sockFuncs, - CMT_MUTEX *mutex) -{ - PCMT_CONTROL control; -#ifndef XP_MAC - char *executable; - char *newWorkingDir; - char oldWorkingDir[MAX_PATH_LEN]; - size_t stringLen; -#endif - int i; - char *path = NULL; - - /* On the Mac, we do special magic in the Seamonkey PSM component, so - if PSM isn't launched by the time we reach this point, we're not doing well. */ -#ifndef XP_MAC - - struct stat stbuf; - - /* - * Create our own copy of path. - * I'd like to do a straight strdup here, but that caused problems - * for https. - */ - stringLen = strlen(inPath); - - path = (char*) malloc(stringLen+1); - memcpy(path, inPath, stringLen); - path[stringLen] = '\0'; - - control = CMT_ControlConnect(mutex, sockFuncs); - if (control != NULL) { - return control; - } - /* - * We have to try to launch it now, so it better be a valid - * path. - */ - if (stat(path, &stbuf) == -1) { - goto loser; - } - /* - * Now we have to parse the path and launch the psm server. - */ - executable = strrchr(path, DIRECTORY_SEPARATOR); - if (executable != NULL) { - *executable = '\0'; - executable ++; - newWorkingDir = path; - } else { - executable = path; - newWorkingDir = NULL; - } - if (getCurrWorkDir(oldWorkingDir, MAX_PATH_LEN) == NULL) { - goto loser; - } - setWorkingDir(newWorkingDir); - if (launch_psm(executable) != CMTSuccess) { - goto loser; - } - setWorkingDir(oldWorkingDir); -#endif - - /* - * Now try to connect to the psm server. We will try to connect - * a maximum of 30 times and then give up. - */ -#ifdef WIN32 - for (i=0; i<30; i++) { - Sleep(1000); - control = CMT_ControlConnect(mutex, sockFuncs); - if (control != NULL) { - break; - } - } -#elif defined(XP_UNIX) || defined(XP_BEOS) - i = 0; - while (i<1000) { - i += sleep(10); - control = CMT_ControlConnect(mutex, sockFuncs); - if (control != NULL) { - break; - } - } -#elif defined(XP_MAC) - for (i=0; i<30; i++) - { - EventRecord theEvent; - WaitNextEvent(0, &theEvent, 30, NULL); - control = CMT_ControlConnect(mutex, sockFuncs); - if (control != NULL) - break; - } - -#else - /* - * Figure out how to sleep for a while first - */ - for (i=0; i<30; i++) { - control = CMT_ControlConnect(mutex, sockFuncs); - if (control!= NULL) { - break; - } - } -#endif - if (control == NULL) { - goto loser; - } - if (path) { - free (path); - } - return control; - loser: - if (control != NULL) { - CMT_CloseControlConnection(control); - } - if (path) { - free(path); - } - return NULL; -} - - -PCMT_CONTROL CMT_ControlConnect(CMT_MUTEX *mutex, CMT_SocketFuncs *sockFuncs) -{ - PCMT_CONTROL control = NULL; - CMTSocket sock=NULL; -#ifdef XP_UNIX - int unixSock = 1; - char path[20]; -#else - int unixSock = 0; - char *path=NULL; -#endif - - if (sockFuncs == NULL) { - return NULL; - } -#ifdef XP_UNIX - sprintf(path, "/tmp/.nsmc-%d", (int)geteuid()); -#endif - - sock = sockFuncs->socket(unixSock); - if (sock == NULL) { - LOG("Could not create a socket to connect to Control Connection.\n"); - goto loser; - } - /* Connect to the psm process */ - if (sockFuncs->connect(sock, CARTMAN_PORT, path)) { - LOG("Could not connect to Cartman\n"); - goto loser; - } - -#ifdef XP_UNIX - if (sockFuncs->verify(sock) != CMTSuccess) { - goto loser; - } -#endif - - LOG("Connected to Cartman\n"); - - /* fill in the CMTControl struct */ - control = (PCMT_CONTROL)calloc(sizeof(CMT_CONTROL), 1); - if (control == NULL ) { - goto loser; - } - control->sock = sock; - if (mutex != NULL) { - control->mutex = (CMT_MUTEX*)calloc(sizeof(CMT_MUTEX),1); - if (control->mutex == NULL) { - goto loser; - } - *control->mutex = *mutex; - } - memcpy(&control->sockFuncs, sockFuncs, sizeof(CMT_SocketFuncs)); - control->refCount = 1; - goto done; - - loser: - if (control != NULL) { - free(control); - } - if (sock != NULL) { - sockFuncs->close(sock); - } - control = NULL; - - done: - return control; -} - -CMTStatus CMT_CloseControlConnection(PCMT_CONTROL control) -{ - /* XXX Don't know what to do here yet */ - if (control != NULL) { - CMInt32 refCount; - CMT_LOCK(control->mutex); - control->refCount--; - refCount = control->refCount; - CMT_UNLOCK(control->mutex); - if (refCount <= 0) { - if (control->mutex != NULL) { - free (control->mutex); - } - control->sockFuncs.close(control->sock); - free(control); - } - } - - return CMTSuccess; -} - -CMTStatus CMT_Hello(PCMT_CONTROL control, CMUint32 version, char* profile, - char* profileDir) -{ - CMTItem message; - PCMT_EVENT eventHandler; - CMBool doesUI; - HelloRequest request; - HelloReply reply; - - /* Check the passed parameters */ - if (!control) { - return CMTFailure; - } - if (!profile) { - return CMTFailure; - } - if (!profileDir) { - return CMTFailure; - } - - /* Create the hello message */ - eventHandler = CMT_GetEventHandler(control, SSM_UI_EVENT, 0); - doesUI = (eventHandler == NULL) ? CM_FALSE : CM_TRUE; - - /* Setup the request struct */ - request.version = version; - request.policy = 0; /* no more policy */ - request.doesUI = doesUI; - request.profile = profile; - request.profileDir = profileDir; - - message.type = SSM_REQUEST_MESSAGE | SSM_HELLO_MESSAGE; - - if (CMT_EncodeMessage(HelloRequestTemplate, &message, &request) != CMTSuccess) { - goto loser; - } - - /* Send the message and get the response */ - if (CMT_SendMessage(control, &message) != CMTSuccess) { - goto loser; - } - - if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_HELLO_MESSAGE)) { - goto loser; - } - - /* Decode the message */ - if (CMT_DecodeMessage(HelloReplyTemplate, &reply, &message) != CMTSuccess) { - goto loser; - } - - /* Successful response */ - if (reply.result == 0) { - /* Save the nonce value */ - control->sessionID = reply.sessionID; - control->protocolVersion = reply.version; - control->port = reply.httpPort; - control->nonce = reply.nonce; - control->policy = reply.policy; - control->serverStringVersion = reply.stringVersion; - - /* XXX Free the messages */ - return CMTSuccess; - } -loser: - /* XXX Free the messages */ - return CMTFailure; -} - -CMTStatus CMT_PassAllPrefs(PCMT_CONTROL control, int num, - CMTSetPrefElement* list) -{ - SetPrefListMessage request; - SingleNumMessage reply; - CMTItem message; - - if ((control == NULL) || (list == NULL)) { - return CMTFailure; - } - - /* pack the request */ - request.length = num; - request.list = (SetPrefElement*)list; - - if (CMT_EncodeMessage(SetPrefListMessageTemplate, &message, &request) != - CMTSuccess) { - goto loser; - } - message.type = SSM_REQUEST_MESSAGE | SSM_PREF_ACTION; - - /* send the message */ - if (CMT_SendMessage(control, &message) != CMTSuccess) { - goto loser; - } - - if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PREF_ACTION)) { - goto loser; - } - - if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != - CMTSuccess) { - goto loser; - } - - /* don't really need to check the return value */ - return CMTSuccess; -loser: - return CMTFailure; -} - -char* CMT_GetServerStringVersion(PCMT_CONTROL control) -{ - if (control == NULL) { - return NULL; - } - return control->serverStringVersion; -} diff --git a/security/psm/lib/client/cmtpkcs7.c b/security/psm/lib/client/cmtpkcs7.c index 69a940eeb7c..e69de29bb2d 100644 --- a/security/psm/lib/client/cmtpkcs7.c +++ b/security/psm/lib/client/cmtpkcs7.c @@ -1,664 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2) -#include -#include -#include -#include -#else -#ifdef XP_MAC -#include "macsocket.h" -#else /* Windows */ -#include -#include -#endif -#endif -#include -#include "cmtcmn.h" -#include "cmtutils.h" -#include "messages.h" -#include "rsrcids.h" - -typedef struct _CMTP7Private { - CMTPrivate priv; - CMTP7ContentCallback cb; - void *cb_arg; -} CMTP7Private; - -CMTStatus CMT_PKCS7DecoderStart(PCMT_CONTROL control, void* clientContext, CMUint32 * connectionID, CMInt32 * result, - CMTP7ContentCallback cb, void *cb_arg) -{ - CMTItem message; - CMTStatus rv; - CMTP7Private *priv=NULL; - SingleItemMessage request; - DataConnectionReply reply; - - /* Check passed in parameters */ - if (!control) { - goto loser; - } - - request.item = CMT_CopyPtrToItem(clientContext); - - /* Encode message */ - if (CMT_EncodeMessage(SingleItemMessageTemplate, &message, &request) != CMTSuccess) { - goto loser; - } - - /* Set the message request type */ - message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7DECODE_STREAM; - - /* Send the message. */ - if (CMT_SendMessage(control, &message) == CMTFailure) { - goto loser; - } - - /* Validate the message reply type */ - if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7DECODE_STREAM)) { - goto loser; - } - - /* Decode the reply */ - if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) { - goto loser; - } - - /* Success */ - if (reply.result == 0) { - CMTSocket sock; - - priv = (CMTP7Private *)malloc(sizeof(CMTP7Private)); - if (priv == NULL) - goto loser; - priv->priv.dest = (CMTReclaimFunc) free; - priv->cb = cb; - priv->cb_arg = cb_arg; - sock = control->sockFuncs.socket(0); - if (sock == NULL) { - goto loser; - } - - if (control->sockFuncs.connect(sock, (short)reply.port, - NULL) != CMTSuccess) { - goto loser; - } - - if (control->sockFuncs.send(sock, control->nonce.data, - control->nonce.len) != control->nonce.len){ - goto loser; - } - - /* Save connection info */ - if (CMT_AddDataConnection(control, sock, reply.connID) - != CMTSuccess) { - goto loser; - } - *connectionID = reply.connID; - - rv = CMT_SetPrivate(control, reply.connID, &priv->priv); - if (rv != CMTSuccess) - goto loser; - - return CMTSuccess; - } - -loser: - if (priv) { - free(priv); - } - - *result = reply.result; - return CMTFailure; -} - -CMTStatus CMT_PKCS7DecoderUpdate(PCMT_CONTROL control, CMUint32 connectionID, const char * buf, CMUint32 len) -{ - CMUint32 sent; - CMTP7Private *priv; - unsigned long nbytes; - char read_buf[128]; - CMTSocket sock, ctrlsock, selSock, sockArr[2]; - - /* Do some parameter checking */ - if (!control || !buf) { - goto loser; - } - - /* Get the data socket */ - if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) { - goto loser; - } - - priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID); - if (priv == NULL) - goto loser; - - /* Write the data to the socket */ - sent = CMT_WriteThisMany(control, sock, (void*)buf, len); - if (sent != len) { - goto loser; - } - - ctrlsock = control->sock; - sockArr[0] = ctrlsock; - sockArr[1] = sock; - while ((selSock = control->sockFuncs.select(sockArr,2,1))) - { - if (selSock == ctrlsock) { - CMT_ProcessEvent(control); - } else { - nbytes = control->sockFuncs.recv(sock, read_buf, sizeof(read_buf)); - if (nbytes == -1) { - goto loser; - } - if (nbytes == 0) { - break; - } - priv->cb(priv->cb_arg, read_buf, nbytes); - } - } - - return CMTSuccess; -loser: - return CMTFailure; -} - -CMTStatus CMT_PKCS7DecoderFinish(PCMT_CONTROL control, CMUint32 connectionID, - CMUint32 * resourceID) -{ - CMTP7Private *priv; - long nbytes; - char buf[128]; - CMTSocket sock, ctrlsock, selSock, sockArr[2]; -#ifndef XP_MAC - int numTries = 0; -#endif - - /* Do some parameter checking */ - if (!control) { - goto loser; - } - - priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID); - if (priv == NULL) - goto loser; - - if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) { - goto loser; - } - - ctrlsock = control->sock; - /* drain socket before we close it */ - control->sockFuncs.shutdown(sock); - sockArr[0] = sock; - sockArr[1] = ctrlsock; - /* Let's see if doing a poll first gets rid of a weird bug where we - * lock up the client. - * There are some cases where the server doesn't put up data fast - * enough, so we should loop on this poll instead of just trying it - * once. - */ -#ifndef XP_MAC - poll_sockets: - if (control->sockFuncs.select(sockArr,2,1) != NULL) -#endif - { - while (1) { - selSock = control->sockFuncs.select(sockArr,2,0); - if (selSock == ctrlsock) { - CMT_ProcessEvent(control); - } else if (selSock == sock) { - nbytes = control->sockFuncs.recv(sock, buf, sizeof(buf)); - if (nbytes < 0) { - goto loser; - } else if (nbytes == 0) { - break; - } - if (priv->cb) - priv->cb(priv->cb_arg, buf, nbytes); - } - } - } -#ifndef XP_MAC - else { -#ifdef WIN32 - if (numTries < 20) { - Sleep(100); - numTries++; - goto poll_sockets; - } -#endif -#ifdef XP_UNIX - if (numTries < 25) { - numTries += sleep(1); - goto poll_sockets; - } -#endif - } -#endif - - if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) { - goto loser; - } - - /* Get the PKCS7 content info */ - if (CMT_GetRIDAttribute(control, connectionID, SSM_FID_P7CONN_CONTENT_INFO, - resourceID) == CMTFailure) { - goto loser; - } - - return CMTSuccess; - -loser: - if (control) { - CMT_CloseDataConnection(control, connectionID); - } - - return CMTFailure; -} - -CMTStatus CMT_PKCS7DestroyContentInfo(PCMT_CONTROL control, CMUint32 resourceID) -{ - if (!control) { - goto loser; - } - - /* Delete the resource */ - if (CMT_DestroyResource(control, resourceID, SSM_FID_P7CONN_CONTENT_INFO) == CMTFailure) { - goto loser; - } - return CMTSuccess; - -loser: - return CMTFailure; -} - -CMTStatus CMT_PKCS7VerifyDetachedSignature(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 certUsage, CMUint32 hashAlgID, CMUint32 keepCerts, CMTItem* digest, CMInt32 * result) -{ - CMTItem message; - VerifyDetachedSigRequest request; - SingleNumMessage reply; - - /* Do some parameter checking */ - if (!control || !digest || !result) { - goto loser; - } - - /* Set the request */ - request.pkcs7ContentID = resourceID; - request.certUsage = certUsage; - request.hashAlgID = hashAlgID; - request.keepCert = (CMBool) keepCerts; - request.hash = *digest; - - /* Encode the request */ - if (CMT_EncodeMessage(VerifyDetachedSigRequestTemplate, &message, &request) != CMTSuccess) { - goto loser; - } - - /* Set the message request type */ - message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_VERIFY_DETACHED_SIG; - - /* Send the message */ - if (CMT_SendMessage(control, &message) == CMTFailure) { - goto loser; - } - - /* Validate the message reply type */ - if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING |SSM_VERIFY_DETACHED_SIG)) { - goto loser; - } - - /* Decode the reply */ - if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) { - goto loser; - } - - *result = reply.value; - return CMTSuccess; -loser: - *result = reply.value; - return CMTFailure; -} - -CMTStatus CMT_PKCS7VerifySignature(PCMT_CONTROL control, CMUint32 pubKeyAlgID, - CMTItem *pubKeyParams, CMTItem *signerPubKey, - CMTItem *computedHash, CMTItem *signature, - CMInt32 *result) -{ - return CMTFailure; -} - -CMTStatus CMT_CreateSigned(PCMT_CONTROL control, CMUint32 scertRID, - CMUint32 ecertRID, CMUint32 dig_alg, - CMTItem *digest, CMUint32 *ciRID, CMInt32 *errCode) -{ - CMTItem message; - CreateSignedRequest request; - CreateContentInfoReply reply; - char checkMessageForError = 0; - - /* Do some parameter checking */ - if (!control || !scertRID || !digest || !ciRID) { - goto loser; - } - - /* Set the request */ - request.scertRID = scertRID; - request.ecertRID = ecertRID; - request.dig_alg = dig_alg; - request.digest = *digest; - - /* Encode the request */ - if (CMT_EncodeMessage(CreateSignedRequestTemplate, &message, &request) != CMTSuccess) { - goto loser; - } - - /* Set the message request type */ - message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_SIGNED; - - /* Send the message */ - if (CMT_SendMessage(control, &message) == CMTFailure) { - goto loser; - } - checkMessageForError = 1; - /* Validate the message reply type */ - if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_SIGNED)) { - goto loser; - } - - /* Decode the reply */ - if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) != CMTSuccess) { - goto loser; - } - - *ciRID = reply.ciRID; - if (reply.result == 0) { - return CMTSuccess; - } - -loser: - if (checkMessageForError && - CMT_DecodeMessage(SingleNumMessageTemplate, - &reply, &message) == CMTSuccess) { - *errCode = reply.errorCode; - } else { - *errCode = 0; - } - return CMTFailure; -} - -CMTStatus CMT_CreateEncrypted(PCMT_CONTROL control, CMUint32 scertRID, - CMUint32 *rcertRIDs, CMUint32 *ciRID) -{ - CMTItem message; - CMInt32 nrcerts; - CreateEncryptedRequest request; - CreateContentInfoReply reply; - - /* Do some parameter checking */ - if (!control || !scertRID || !rcertRIDs || !ciRID) { - goto loser; - } - - /* Calculate the number of certs */ - for (nrcerts =0; rcertRIDs[nrcerts] != 0; nrcerts++) { - /* Nothing */ - ; - } - - /* Set up the request */ - request.scertRID = scertRID; - request.nrcerts = nrcerts; - request.rcertRIDs = (long *) rcertRIDs; - - /* Encode the request */ - if (CMT_EncodeMessage(CreateEncryptedRequestTemplate, &message, &request) != CMTSuccess) { - goto loser; - } - - /* Set the message request type */ - message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_ENCRYPTED; - - /* Send the message */ - if (CMT_SendMessage(control, &message) == CMTFailure) { - goto loser; - } - - /* Validate the message response type */ - if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_ENCRYPTED)) { - goto loser; - } - - /* Decode the reply */ - if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) != CMTSuccess) { - goto loser; - } - - *ciRID = reply.ciRID; - if (reply.result == 0) { - return CMTSuccess; - } -loser: - return CMTFailure; -} - -CMTStatus CMT_PKCS7EncoderStart(PCMT_CONTROL control, CMUint32 ciRID, - CMUint32 *connectionID, CMTP7ContentCallback cb, - void *cb_arg) -{ - CMTItem message; - CMTStatus rv; - CMTP7Private *priv; - PKCS7DataConnectionRequest request; - DataConnectionReply reply; - - /* Check passed in parameters */ - if (!control || !ciRID) { - goto loser; - } - - /* Set up the request */ - request.resID = ciRID; - request.clientContext.len = 0; - request.clientContext.data = NULL; - - /* Encode the request */ - if (CMT_EncodeMessage(PKCS7DataConnectionRequestTemplate, &message, &request) != CMTSuccess) { - goto loser; - } - - /* Set the message request type */ - message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7ENCODE_STREAM; - - /* Send the message */ - if (CMT_SendMessage(control, &message) == CMTFailure) { - goto loser; - } - - /* Validate the message reply type */ - if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7ENCODE_STREAM)) { - goto loser; - } - - /* Decode the reply */ - if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) { - goto loser; - } - - /* Success */ - if (reply.result == 0) { - CMTSocket sock; - - priv = (CMTP7Private *)malloc(sizeof(CMTP7Private)); - if (priv == NULL) - goto loser; - priv->priv.dest = (CMTReclaimFunc) free; - priv->cb = cb; - priv->cb_arg = cb_arg; - - sock = control->sockFuncs.socket(0); - if (sock == NULL) { - goto loser; - } - if (control->sockFuncs.connect(sock, (short)reply.port, - NULL) != CMTSuccess) { - goto loser; - } - if (control->sockFuncs.send(sock, control->nonce.data, - control->nonce.len) != control->nonce.len) { - goto loser; - } - /* Save connection info */ - if (CMT_AddDataConnection(control, sock, reply.connID) - != CMTSuccess) { - goto loser; - } - *connectionID = reply.connID; - - rv = CMT_SetPrivate(control, reply.connID, &priv->priv); - if (rv != CMTSuccess) - goto loser; - return CMTSuccess; - } -loser: - return CMTFailure; -} - -CMTStatus CMT_PKCS7EncoderUpdate(PCMT_CONTROL control, CMUint32 connectionID, - const char *buf, CMUint32 len) -{ - CMUint32 sent; - CMTP7Private *priv; - unsigned long nbytes; - char read_buf[128]; - CMTSocket sock, ctrlsock, sockArr[2], selSock; - - /* Do some parameter checking */ - if (!control || !connectionID || !buf) { - goto loser; - } - - /* Get the data socket */ - if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) { - goto loser; - } - - priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID); - if (priv == NULL) - goto loser; - - /* Write the data to the socket */ - sent = CMT_WriteThisMany(control, sock, (void*)buf, len); - if (sent != len) { - goto loser; - } - ctrlsock = control->sock; - sockArr[0] = ctrlsock; - sockArr[1] = sock; - while ((selSock = control->sockFuncs.select(sockArr, 2, 1)) != NULL) - { - if (selSock == ctrlsock) { - CMT_ProcessEvent(control); - } else { - nbytes = control->sockFuncs.recv(sock, read_buf, sizeof(read_buf)); - if (nbytes == -1) { - goto loser; - } else if (nbytes == 0) { - break; - } else { - priv->cb(priv->cb_arg, read_buf, nbytes); - } - } - } - return CMTSuccess; - -loser: - - return CMTFailure; -} - -CMTStatus CMT_PKCS7EncoderFinish(PCMT_CONTROL control, CMUint32 connectionID) -{ - CMTP7Private *priv; - CMInt32 nbytes; - char buf[128]; - CMTSocket sock, ctrlsock, sockArr[2], selSock; - - /* Do some parameter checking */ - if (!control) { - goto loser; - } - - priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID); - if (priv == NULL) - goto loser; - - if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) { - goto loser; - } - - ctrlsock = control->sock; - sockArr[0] = ctrlsock; - sockArr[1] = sock; - control->sockFuncs.shutdown(sock); - while (1) { - selSock = control->sockFuncs.select(sockArr, 2, 0); - if (selSock == ctrlsock) { - CMT_ProcessEvent(control); - } else if (selSock == sock) { - nbytes = control->sockFuncs.recv(sock, buf, sizeof(buf)); - if (nbytes < 0) { - goto loser; - } else if (nbytes == 0) { - break; - } else { - priv->cb(priv->cb_arg, buf, nbytes); - } - } - } - if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) { - goto loser; - } - - return CMTSuccess; - -loser: - if (control) { - CMT_CloseDataConnection(control, connectionID); - } - - return CMTFailure; -} diff --git a/security/psm/lib/client/cmtutils.c b/security/psm/lib/client/cmtutils.c index 003f7f513bd..e69de29bb2d 100644 --- a/security/psm/lib/client/cmtutils.c +++ b/security/psm/lib/client/cmtutils.c @@ -1,648 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2) -#include -#include -#include -#else -#ifdef XP_MAC -#include "macsocket.h" -#else /* Windows */ -#include -#include -#endif -#endif -#include "cmtcmn.h" -#include "cmtutils.h" -#include "newproto.h" -#include - -/* Local defines */ -#if 0 -#define PSM_WAIT_BEFORE_SLEEP (CM_TicksPerSecond() * 60) -#define PSM_SPINTIME PSM_WAIT_BEFORE_SLEEP -#define PSM_KEEP_CONNECTION_ALIVE (PSM_WAIT_BEFORE_SLEEP * 900) -#endif - -/* If you want to dump the messages sent between the plug-in and the PSM - * server, then remove the comment for the appropriate define. - */ -#if 0 -#define PRINT_SEND_MESSAGES -#define PRINT_RECEIVE_MESSAGES -#endif - -#ifdef PRINT_SEND_MESSAGES -#ifndef DEBUG_MESSAGES -#define DEBUG_MESSAGES -#endif /*DEBUG_MESSAGES*/ -#endif /*PRINT_SEND_MESSAGES*/ - -#ifdef PRINT_RECEIVE_MESSAGES -#ifndef DEBUG_MESSAGES -#define DEBUG_MESSAGES -#endif /*DEBUG_MESSAGES*/ -#endif /*PRINT_RECEIVE_MESSAGES*/ - -#ifdef DEBUG_MESSAGES -#define LOG(x) do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \ - fprintf(f, x); fclose(f); } } while(0); -#define LOG_S(x) do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \ - fprintf(f, "%s", x); fclose(f); } } while(0); -#define ASSERT(x) if (!(x)) { LOG("ASSERT:"); LOG(#x); LOG("\n"); exit(-1); } -#else -#define LOG(x) -#define LOG_S(x) -#define ASSERT(x) -#endif - -CMUint32 -cmt_Strlen(char *str) -{ - CMUint32 len = strlen(str); - return sizeof(CMInt32) + (((len + 3)/4)*4); -} - -CMUint32 -cmt_Bloblen(CMTItem *blob) -{ - return sizeof(CMInt32) + (((blob->len +3)/4)*4); -} - -char * -cmt_PackString(char *buf, char *str) -{ - CMUint32 len = strlen(str); - CMUint32 networkLen = htonl(len); - CMUint32 padlen = ((len + 3)/4)*4; - - memcpy(buf, &networkLen, sizeof(CMUint32)); - memcpy(buf + sizeof(CMUint32), str, len); - memset(buf + sizeof(CMUint32) + len, 0, padlen - len); - - return buf+sizeof(CMUint32)+padlen; -} - -char * -cmt_PackBlob(char *buf, CMTItem *blob) -{ - CMUint32 len = blob->len; - CMUint32 networkLen = htonl(len); - CMUint32 padlen = (((blob->len + 3)/4)*4); - - *((CMUint32*)buf) = networkLen; - memcpy(buf + sizeof(CMUint32), blob->data, len); - memset(buf + sizeof(CMUint32) + len, 0, padlen - len); - - return buf + sizeof(CMUint32) + padlen; -} - -char * -cmt_UnpackString(char *buf, char **str) -{ - char *p = NULL; - CMUint32 len, padlen; - - /* Get the string length */ - len = ntohl(*(CMUint32*)buf); - - /* Get the padded length */ - padlen = ((len + 3)/4)*4; - - /* Allocate the string and copy the data */ - p = (char *) malloc(len + 1); - if (!p) { - goto loser; - } - /* Copy the data and NULL terminate */ - memcpy(p, buf+sizeof(CMUint32), len); - p[len] = 0; - - *str = p; - return buf+sizeof(CMUint32)+padlen; -loser: - *str = NULL; - if (p) { - free(p); - } - return buf+sizeof(CMUint32)+padlen; -} - -char * -cmt_UnpackBlob(char *buf, CMTItem **blob) -{ - CMTItem *p = NULL; - CMUint32 len, padlen; - - /* Get the blob length */ - len = ntohl(*(CMUint32*)buf); - - /* Get the padded length */ - padlen = ((len + 3)/4)*4; - - /* Allocate the CMTItem for the blob */ - p = (CMTItem*)malloc(sizeof(CMTItem)); - if (!p) { - goto loser; - } - p->len = len; - p->data = (unsigned char *) malloc(len); - if (!p->data) { - goto loser; - } - - /* Copy that data across */ - memcpy(p->data, buf+sizeof(CMUint32), len); - *blob = p; - - return buf+sizeof(CMUint32)+padlen; - -loser: - *blob = NULL; - CMT_FreeMessage(p); - - return buf+sizeof(CMUint32)+padlen; -} - -#ifdef DEBUG_MESSAGES -void prettyPrintMessage(CMTItem *msg) -{ - int numLines = ((msg->len+7)/8); - char curBuffer[9], *cursor, string[2], hexVal[8]; - char hexArray[25]; - int i, j, numToCopy; - - /*Try printing out 8 bytes at a time. */ - LOG("\n**********************************************************\n"); - LOG("About to pretty Print Message\n\n"); - curBuffer[9] = '\0'; - hexArray[24] = '\0'; - hexVal[2] = '\0'; - string[1] = '\0'; - LOG("Header Info\n"); - LOG("Message Type: "); - sprintf(hexArray, "%lx\n", msg->type); - LOG(hexArray); - LOG("Message Length: "); - sprintf (hexArray, "%ld\n\n", msg->len); - LOG(hexArray); - LOG("Body of Message\n"); - for (i=0, cursor=msg->data; ilen - (unsigned int)((unsigned long)cursor-(unsigned long)msg->data)) < 8) ? - msg->len - (unsigned int)((unsigned long)cursor-(unsigned long)msg->data) : 8; - memcpy(curBuffer, cursor, 8); - for (j=0;jtype & SSM_CATEGORY_MASK); - switch (msgCategory) { - case SSM_REPLY_OK_MESSAGE: - done = CM_TRUE; - break; - case SSM_REPLY_ERR_MESSAGE: - done = CM_TRUE; - break; - case SSM_EVENT_MESSAGE: - CMT_DispatchEvent(control, message); - break; - /* XXX FIX THIS!!! For the moment I'm ignoring all other types */ - default: - break; - } - } - return CMTSuccess; - loser: - return CMTFailure; -} - -CMTStatus CMT_SendMessage(PCMT_CONTROL control, CMTItem* message) -{ - CMTStatus status; -#ifdef PRINT_SEND_MESSAGES - LOG("About to print message sent to PSM\n"); - prettyPrintMessage(message); -#endif - - /* Acquire lock on the control connection */ - CMT_LOCK(control->mutex); - - /* Try to send pending random data */ - if (message->type != (SSM_REQUEST_MESSAGE | SSM_HELLO_MESSAGE)) - { - /* If we've already said hello, then flush random data - just before sending the request. */ - status = CMT_FlushPendingRandomData(control); - if (status != CMTSuccess) - goto loser; - } - - status = CMT_TransmitMessage(control, message); - if (status != CMTSuccess) { - goto loser; - } - - if (CMT_ReadMessageDispatchEvents(control, message) != CMTSuccess) { - goto loser; - } - /* Release the control connection lock */ - CMT_UNLOCK(control->mutex); - return CMTSuccess; -loser: - /* Release the control connection lock */ - CMT_UNLOCK(control->mutex); - return CMTFailure; -} - -CMTStatus CMT_TransmitMessage(PCMT_CONTROL control, CMTItem * message) -{ - CMTMessageHeader header; - CMUint32 sent; - - /* Set up the message header */ - header.type = htonl(message->type); - header.len = htonl(message->len); - - /* Send the message header */ - sent = CMT_WriteThisMany(control, control->sock, - (void *)&header, sizeof(CMTMessageHeader)); - if (sent != sizeof(CMTMessageHeader)) { - goto loser; - } - - /* Send the message body */ - sent = CMT_WriteThisMany(control, control->sock, (void *)message->data, - message->len); - if (sent != message->len) { - goto loser; - } - - /* Free the buffer */ - free(message->data); - message->data = NULL; - return CMTSuccess; - -loser: - return CMTFailure; -} - -CMTStatus CMT_ReceiveMessage(PCMT_CONTROL control, CMTItem * response) -{ - CMTMessageHeader header; - CMUint32 numread; - - /* Get the message header */ - numread = CMT_ReadThisMany(control, control->sock, - (void *)&header, sizeof(CMTMessageHeader)); - if (numread != sizeof(CMTMessageHeader)) { - goto loser; - } - - response->type = ntohl(header.type); - response->len = ntohl(header.len); - response->data = (unsigned char *) malloc(response->len); - if (response->data == NULL) { - goto loser; - } - - numread = CMT_ReadThisMany(control, control->sock, - (void *)(response->data), response->len); - if (numread != response->len) { - goto loser; - } - -#ifdef PRINT_RECEIVE_MESSAGES - LOG("About to print message received from PSM.\n"); - prettyPrintMessage(response); -#endif /*PRINT_RECEIVE_MESSAGES*/ - return CMTSuccess; -loser: - if (response->data) { - free(response->data); - } - return CMTFailure; -} - -CMUint32 CMT_ReadThisMany(PCMT_CONTROL control, CMTSocket sock, - void * buffer, CMUint32 thisMany) -{ - CMUint32 total = 0; - - while (total < thisMany) { - int got; - got = control->sockFuncs.recv(sock, (void*)((char*)buffer + total), - thisMany-total); - if (got < 0 ) { - break; - } - total += got; - } - return total; -} - -CMUint32 CMT_WriteThisMany(PCMT_CONTROL control, CMTSocket sock, - void * buffer, CMUint32 thisMany) -{ - CMUint32 total = 0; - - while (total < thisMany) { - CMInt32 got; - got = control->sockFuncs.send(sock, (void*)((char*)buffer+total), - thisMany-total); - if (got < 0) { - break; - } - total += got; - } - return total; -} - -CMTItem* CMT_ConstructMessage(CMUint32 type, CMUint32 length) -{ - CMTItem * p; - - p = (CMTItem*)malloc(sizeof(CMTItem)); - if (!p) { - goto loser; - } - - p->type = type; - p->len = length; - p->data = (unsigned char *) malloc(length); - if (!p->data) { - goto loser; - } - return p; - -loser: - CMT_FreeMessage(p); - return NULL; -} - -void CMT_FreeMessage(CMTItem * p) -{ - if (p != NULL) { - if (p->data != NULL) { - free(p->data); - } - free(p); - } -} - -CMTStatus CMT_AddDataConnection(PCMT_CONTROL control, CMTSocket sock, - CMUint32 connectionID) -{ - PCMT_DATA ptr; - - /* This is the first connection */ - if (control->cmtDataConnections == NULL) { - control->cmtDataConnections = ptr = - (PCMT_DATA)calloc(sizeof(CMT_DATA), 1); - if (!ptr) { - goto loser; - } - } else { - /* Position at the last entry */ - for (ptr = control->cmtDataConnections; (ptr != NULL && ptr->next - != NULL); ptr = ptr->next); - ptr->next = (PCMT_DATA)calloc(sizeof(CMT_DATA), 1); - if (!ptr->next) { - goto loser; - } - /* Fix up the pointers */ - ptr->next->previous = ptr; - ptr = ptr->next; - } - - /* Fill in the data */ - ptr->sock = sock; - ptr->connectionID = connectionID; - - return CMTSuccess; -loser: - return CMTFailure; -} - -int -CMT_DestroyDataConnection(PCMT_CONTROL control, CMTSocket sock) -{ - PCMT_DATA ptr, pptr = NULL; - int rv=CMTSuccess; - - if (!control) return rv; - - control->sockFuncs.close(sock); - for (ptr = control->cmtDataConnections; ptr != NULL; - pptr = ptr, ptr = ptr->next) { - if (ptr->sock == sock) { - if (pptr == NULL) { - /* node is at head */ - control->cmtDataConnections = ptr->next; - if (ptr->priv != NULL) - ptr->priv->dest(ptr->priv); - free(ptr); - return rv; - } - /* node is elsewhere */ - pptr->next = ptr->next; - if (ptr->priv != NULL) - ptr->priv->dest(ptr->priv); - free(ptr); - return rv; - } - } - return rv; -} - -CMTStatus CMT_CloseDataConnection(PCMT_CONTROL control, CMUint32 connectionID) -{ - /* PCMT_DATA ptr, pptr = NULL; */ - CMTSocket sock; - /* int rv;*/ - - /* Get the socket for this connection */ - if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) { - goto loser; - } - - /* Free data connection associated with this socket */ - if (CMT_DestroyDataConnection(control, sock) == CMTFailure) { - goto loser; - } - - return CMTSuccess; -loser: - return CMTFailure; -} - -CMTStatus CMT_GetDataConnectionID(PCMT_CONTROL control, CMTSocket sock, CMUint32 * connectionID) -{ - PCMT_DATA ptr; - - for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) { - if (ptr->sock == sock) { - *connectionID = ptr->connectionID; - return CMTSuccess; - } - } - - return CMTFailure; -} - -CMTStatus CMT_GetDataSocket(PCMT_CONTROL control, CMUint32 connectionID, CMTSocket * sock) -{ - PCMT_DATA ptr; - - for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) { - if (ptr->connectionID == connectionID) { - *sock = ptr->sock; - return CMTSuccess; - } - } - - return CMTFailure; -} - - -CMTStatus CMT_SetPrivate(PCMT_CONTROL control, CMUint32 connectionID, - CMTPrivate *cmtpriv) -{ - PCMT_DATA ptr; - - for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) { - if (ptr->connectionID == connectionID) { - ptr->priv = cmtpriv; - return CMTSuccess; - } - } - return CMTFailure; -} - -CMTPrivate *CMT_GetPrivate(PCMT_CONTROL control, CMUint32 connectionID) -{ - PCMT_DATA ptr; - - for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) { - if (ptr->connectionID == connectionID) { - return ptr->priv; - } - } - return NULL; -} - -void CMT_FreeItem(CMTItem *p) -{ - CMT_FreeMessage(p); -} - -CMTItem CMT_CopyPtrToItem(void* p) -{ - CMTItem value = {0, NULL, 0}; - - if (!p) { - return value; - } - - value.len = sizeof(p); - value.data = (unsigned char *) malloc(value.len); - memcpy(value.data, &p, value.len); - - return value; -} - -void * CMT_CopyItemToPtr(CMTItem value) -{ - void * p = NULL; - - if (value.len == sizeof(void*)) { - memcpy(&p, value.data, value.len); - } - - return p; -} - -CMTStatus CMT_ReferenceControlConnection(PCMT_CONTROL control) -{ CMT_LOCK(control->mutex); - control->refCount++; - CMT_UNLOCK(control->mutex); - return CMTSuccess; -} - -void -CMT_LockConnection(PCMT_CONTROL control) -{ - CMT_LOCK(control->mutex); -} - -void -CMT_UnlockConnection(PCMT_CONTROL control) -{ - CMT_UNLOCK(control->mutex); -} diff --git a/security/psm/server/Makefile b/security/psm/server/Makefile index 7e0be64fd96..86d4f762b85 100644 --- a/security/psm/server/Makefile +++ b/security/psm/server/Makefile @@ -172,24 +172,35 @@ MKSHLIB = $(CCC) $(DSO_LDOPTS) MKPROG = $(CCC) endif +ifeq ($(OS_ARCH),OS2) +NSPR_LINK_LIBS = \ + $(DIST)/lib/plc4.lib \ + $(DIST)/lib/plds4.lib \ + $(DIST)lib/nspr4.lib + +XPCOM_LINK_LIBS = $(DIST)/lib/xpcom.lib +CPLUSPLUSRUNTIME = so32dll.lib tcp32.lib +PROTOCOL_LIBS = $(DIST)/lib/libprotocol.lib +endif + EXTRA_LIBS += \ - $(DIST)/lib/libssl.a \ - $(DIST)/lib/libnss.a \ - $(DIST)/lib/libssl.a \ - $(DIST)/lib/libcrmf.a \ - $(DIST)/lib/libpkcs12.a \ - $(DIST)/lib/libpkcs7.a \ - $(DIST)/lib/libcerthi.a \ - $(DIST)/lib/libpk11wrap.a \ - $(DIST)/lib/libcryptohi.a \ - $(DIST)/lib/libcerthi.a \ - $(DIST)/lib/libpk11wrap.a \ - $(DIST)/lib/libsoftoken.a \ - $(DIST)/lib/libcertdb.a \ - $(DIST)/lib/libfreebl.a \ - $(DIST)/lib/libsecutil.a \ - $(DIST)/lib/libdbm.a \ - $(DIST)/lib/libnlslayer.a \ + $(DIST)/lib/libssl.$(LIB_SUFFIX)\ + $(DIST)/lib/libnss.$(LIB_SUFFIX)\ + $(DIST)/lib/libssl.$(LIB_SUFFIX)\ + $(DIST)/lib/libcrmf.$(LIB_SUFFIX)\ + $(DIST)/lib/libpkcs12.$(LIB_SUFFIX)\ + $(DIST)/lib/libpkcs7.$(LIB_SUFFIX)\ + $(DIST)/lib/libcerthi.$(LIB_SUFFIX)\ + $(DIST)/lib/libpk11wrap.$(LIB_SUFFIX)\ + $(DIST)/lib/libcryptohi.$(LIB_SUFFIX)\ + $(DIST)/lib/libcerthi.$(LIB_SUFFIX)\ + $(DIST)/lib/libpk11wrap.$(LIB_SUFFIX)\ + $(DIST)/lib/libsoftoken.$(LIB_SUFFIX)\ + $(DIST)/lib/libcertdb.$(LIB_SUFFIX)\ + $(DIST)/lib/libfreebl.$(LIB_SUFFIX)\ + $(DIST)/lib/libsecutil.$(LIB_SUFFIX)\ + $(DIST)/lib/libdbm.$(LIB_SUFFIX)\ + $(DIST)/lib/libnlslayer.$(LIB_SUFFIX)\ $(NSPR_LINK_LIBS) \ $(XPCOM_LINK_LIBS) \ $(CPLUSPLUSRUNTIME) \ @@ -212,10 +223,29 @@ UI_DIST = ../ui/$(PLATFORM) endif install:: +ifeq ($(OS_ARCH),OS2) + $(NSINSTALL) -m 644 ../ui/$(PLATFORM)/psm_bin.properties $(DIST)/bin/psmdata/ui + $(NSINSTALL) -m 644 ../ui/$(PLATFORM)/psm_doc.properties $(DIST)/bin/psmdata/ui + $(NSINSTALL) -m 644 ../ui/$(PLATFORM)/psm_text.properties $(DIST)/bin/psmdata/ui + $(NSINSTALL) -m 644 ../ui/$(PLATFORM)/psm_ui.properties $(DIST)/bin/psmdata/ui + $(NSINSTALL) -m 644 ../doc/04digsgn.gif $(DIST)/bin/psmdata/doc + $(NSINSTALL) -m 644 ../doc/06pcrypt.gif $(DIST)/bin/psmdata/doc + $(NSINSTALL) -m 644 ../doc/bannerrn.gif $(DIST)/bin/psmdata/doc + $(NSINSTALL) -m 644 ../doc/cartbanner.gif $(DIST)/bin/psmdata/doc + $(NSINSTALL) -m 644 ../doc/next.gif $(DIST)/bin/psmdata/doc + $(NSINSTALL) -m 644 ../doc/prev.gif $(DIST)/bin/psmdata/doc + $(NSINSTALL) -m 644 ../doc/cmcjavascriptapi.html $(DIST)/bin/psmdata/doc + $(NSINSTALL) -m 644 ../doc/psmtest.html $(DIST)/bin/psmdata/doc + $(NSINSTALL) -m 644 ../doc/release_notes.html $(DIST)/bin/psmdata/doc + $(NSINSTALL) -m 644 ../doc/contents.htm $(DIST)/bin/psmdata/doc + $(NSINSTALL) -m 644 ../doc/glossary.htm $(DIST)/bin/psmdata/doc + $(NSINSTALL) -m 644 ../doc/help.htm $(DIST)/bin/psmdata/doc +else $(NSINSTALL) -m 644 $(UI_DIST)/psm*.properties $(DIST)/bin/psmdata/ui $(NSINSTALL) -m 644 ../doc/*.gif ../doc/*.html ../doc/*.htm $(DIST)/bin/psmdata/doc +endif #os2 $(NSINSTALL) -m 755 $(DIST)/lib/$(DLL_PREFIX)nssckbi.$(DLL_SUFFIX) $(DIST)/bin -ifneq ($(OS_ARCH), WINNT) +ifneq (,$(filter-out OS2 WINNT, $(OS_ARCH))) $(NSINSTALL) -m 775 start-psm $(DIST)/bin endif diff --git a/security/psm/server/main.cpp b/security/psm/server/main.cpp index f8ac142d280..e69de29bb2d 100644 --- a/security/psm/server/main.cpp +++ b/security/psm/server/main.cpp @@ -1,51 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -extern "C" int psm_main(int argc, char *argv[]); - -#if defined(XP_PC) && !defined(DEBUG) -#include - -int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrevInst, - LPSTR lpszLine, int nShow) -#else -int main(int argc, char *argv[]) -#endif -{ -#if defined(XP_PC) && !defined(DEBUG) - int argc = 0; - char *argv[] = {"", NULL}; -#endif - return psm_main(argc, argv); -} diff --git a/security/psm/server/p12res.c b/security/psm/server/p12res.c index 064fe59f44b..e69de29bb2d 100644 --- a/security/psm/server/p12res.c +++ b/security/psm/server/p12res.c @@ -1,1025 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#include "p12res.h" -#include "minihttp.h" -#include "pk11func.h" -#include "secmod.h" -#include "p12.h" -#include "p12plcy.h" -#include "secerr.h" -#include "newproto.h" -#include "messages.h" -#include "advisor.h" -#include "nlslayer.h" - -#define SSMRESOURCE(object) (&object->super) - -#define PKCS12_IN_BUFFER_SIZE 2048 - -static SSMStatus -ssmpkcs12context_createpkcs12file(SSMPKCS12Context *cx, - PRBool forceAuthenticate, - CERTCertificate **certArr, - PRIntn numCerts); -#ifdef XP_MAC - -char* SSM_ConvertMacPathToUnix(char *path) -{ - char *cursor; - int len; - - len = PL_strlen(path); - cursor = PR_Realloc(path, len+2); - memmove(cursor+1, cursor, len+1); - path = cursor; - *cursor = '/'; - while ((cursor = PL_strchr(cursor, ':')) != NULL) { - *cursor = '/'; - cursor++; - } - return path; -} - -#endif - -SECStatus -SSM_UnicodeConversion(SECItem *dest, SECItem *src, - PRBool toUnicode, PRBool swapBytes) -{ - unsigned int allocLen; - - if(!dest || !src) { - return SECFailure; - } - - allocLen = ((toUnicode) ? (src->len << 2) : src->len); - if (allocLen == 0) { - /* empty string: we need to pad it by 2 bytes */ - allocLen = 2; - } - - dest->data = SSM_ZNEW_ARRAY(unsigned char, allocLen); - if(!SSM_UCS2_ASCIIConversion(toUnicode, src->data, src->len, - dest->data, allocLen, &dest->len, - swapBytes)) { - PR_Free(dest->data); - dest->data = NULL; - return SECFailure; - } - return SECSuccess; -} - -SSMStatus -SSMPKCS12Context_Create(void *arg, SSMControlConnection *ctrl, - SSMResource **res) -{ - SSMPKCS12Context *cxt = NULL; - SSMPKCS12CreateArg *createArg = (SSMPKCS12CreateArg*)arg; - SSMStatus rv; - - cxt = SSM_ZNEW(SSMPKCS12Context); - if (cxt == NULL) { - return SSM_ERR_OUT_OF_MEMORY; - } - rv = SSMPKCS12Context_Init(ctrl,cxt,SSM_RESTYPE_PKCS12_CONTEXT , - createArg->isExportContext); - if (rv != PR_SUCCESS) { - goto loser; - } - *res = SSMRESOURCE(cxt); - return PR_SUCCESS; - loser: - if (cxt != NULL) { - SSM_FreeResource(SSMRESOURCE(cxt)); - } - *res = NULL; - return rv; -} - -SSMStatus -SSMPKCS12Context_Init(SSMControlConnection *ctrl, SSMPKCS12Context *res, - SSMResourceType type, PRBool isExportContext) -{ - res->m_isExportContext = isExportContext; - res->m_password = NULL; - res->m_inputProcessed = PR_FALSE; - res->m_file = NULL; - res->m_digestFile = NULL; - res->m_error = PR_FALSE; - return SSMResource_Init(ctrl, SSMRESOURCE(res), type); -} - -SSMStatus -SSMPKCS12Context_Destroy(SSMResource *res, PRBool doFree) -{ - SSMPKCS12Context *cxt = (SSMPKCS12Context*)res; - - SSMResource_Destroy(res, PR_FALSE); - if (cxt->m_password != NULL) { - PR_Free(cxt->m_password); - cxt->m_password = NULL; - } - if (cxt->m_cert != NULL) { - CERT_DestroyCertificate(cxt->m_cert); - cxt->m_cert = NULL; - } - if (doFree) { - PR_Free(res); - } - return PR_SUCCESS; -} - -static SSMStatus -SSMPKCS12Context_HandlePasswordRequest(SSMResource *res, - HTTPRequest *req) -{ - char *password, *confirmPassword; - SSMPKCS12Context *p12Cxt = (SSMPKCS12Context*)res; - SSMStatus rv = SSM_FAILURE; - - /* Let's get the password out of the dialog. */ - if (res->m_buttonType != SSM_BUTTON_OK) { - goto loser; - } - rv = SSM_HTTPParamValue(req, "passwd", &password); - if (rv != SSM_SUCCESS) { - goto loser; - } - rv = SSM_HTTPParamValue(req, "confirmPasswd", &confirmPassword); - if (rv != SSM_SUCCESS) { - goto loser; - } - if (strcmp(password, confirmPassword) != 0) { - /* Should re-prompt, but for now we fail. */ - rv = SSM_FAILURE; - goto loser; - } - p12Cxt->m_password = PL_strdup(password); - goto done; - loser: - p12Cxt->m_password = NULL; - done: - SSM_LockResource(res); - SSM_NotifyResource(res); - SSM_UnlockResource(res); - SSM_HTTPDefaultCommandHandler(req); - p12Cxt->m_inputProcessed = PR_TRUE; - return rv; -} - -SSMStatus -SSMPKCS12Context_FormSubmitHandler(SSMResource *res, HTTPRequest *req) -{ - char *formName; - SSMStatus rv=SSM_FAILURE; - - rv = SSM_HTTPParamValue(req, "formName", &formName); - if (rv != SSM_SUCCESS) { - goto loser; - } - if (!strcmp(formName, "cert_backup_form")) { - rv = SSMPKCS12Context_HandlePasswordRequest(res, req); - } else if (!strcmp(formName, "set_db_password")) { - rv = SSM_SetDBPasswordHandler(req); - } else { - goto loser; - } - return rv; - loser: - SSM_HTTPDefaultCommandHandler(req); - return SSM_FAILURE; -} - -static void -ssmpkcs12context_writetoexportfile(void *arg, const char *buf, - unsigned long len) -{ - SSMPKCS12Context *p12Cxt = (SSMPKCS12Context*)arg; - PRUint32 bytesWritten; - - if (p12Cxt == NULL) { - return; - } - if (p12Cxt->m_file == NULL) { - p12Cxt->m_error = PR_TRUE; - return; - } - bytesWritten = PR_Write(p12Cxt->m_file, buf, len); - if (bytesWritten != len) { - p12Cxt->m_error = PR_TRUE; - } -} - -SSMStatus -SSMPKCS12Context_CreatePKCS12FileForMultipleCerts(SSMPKCS12Context *p12Cxt, - PRBool forceAuthenticate, - CERTCertificate **certArr, - PRIntn numCerts) -{ - return ssmpkcs12context_createpkcs12file(p12Cxt, forceAuthenticate, - certArr, numCerts); -} - -SSMStatus -SSMPKCS12Context_CreatePKCS12File(SSMPKCS12Context *cxt, - PRBool forceAuthenticate) -{ - return ssmpkcs12context_createpkcs12file(cxt, forceAuthenticate, - &cxt->m_cert, 1); -} - -static SSMStatus -ssmpkcs12context_createpkcs12file(SSMPKCS12Context *cxt, - PRBool forceAuthenticate, - CERTCertificate **certArr, - PRIntn numCerts) -{ - SEC_PKCS12ExportContext *p12ecx = NULL; - SEC_PKCS12SafeInfo *keySafe = NULL, *certSafe = NULL; - SECItem pwitem = { siBuffer, NULL, 0 }; - PK11SlotInfo *slot = NULL; - PK11SlotInfo *slotToUse = NULL; - SSMControlConnection *ctrl; - SSMStatus rv=SSM_FAILURE; - int i; - - if (cxt == NULL || certArr == NULL || numCerts == 0) { - return SSM_ERR_BAD_REQUEST; - } - /* - * We're about to send the UI event requesting the password to use - * when encrypting - */ - SSM_LockResource(&cxt->super); - cxt->m_inputProcessed = PR_FALSE; - rv = SSMControlConnection_SendUIEvent(SSMRESOURCE(cxt)->m_connection, - "get", "cert_backup", - SSMRESOURCE(cxt), - (numCerts > 1) ? "multipleCerts=1" : - NULL, - &SSMRESOURCE(cxt)->m_clientContext, - PR_TRUE); - if (rv != SSM_SUCCESS) { - SSM_UnlockResource(SSMRESOURCE(cxt)); - goto loser; - } - /* - * Wait until the form is submitted to proceed. We'll get notified. - */ - SSM_WaitResource(SSMRESOURCE(cxt), PR_INTERVAL_NO_TIMEOUT); - SSM_UnlockResource(SSMRESOURCE(cxt)); - if (cxt->m_password == NULL || - cxt->super.m_buttonType == SSM_BUTTON_CANCEL) { - rv = SSM_ERR_NO_PASSWORD; - goto loser; - } - /* Wait for the dialog box to go down so that when it disappears, - * the window doesn't take away the password prompt. - */ - PR_Sleep(PR_TicksPerSecond()); - - ctrl = SSMRESOURCE(cxt)->m_connection; - pwitem.data = (unsigned char *) cxt->m_password; - pwitem.len = strlen(cxt->m_password); - PK11_FindObjectForCert(certArr[0], ctrl, &slot); - if (slot == NULL) { - rv = SSM_FAILURE; - goto loser; - } - slotToUse = slot; - if (forceAuthenticate && PK11_NeedLogin(slot)) { - PK11_Logout(slot); - } - if (PK11_Authenticate(slot, PR_TRUE, ctrl) != SECSuccess) { - rv = SSM_ERR_BAD_DB_PASSWORD; - goto loser; - } - p12ecx = SEC_PKCS12CreateExportContext(NULL, NULL, slot, ctrl); - - if (p12ecx == NULL) { - rv = SSM_FAILURE; - goto loser; - } - if (SEC_PKCS12AddPasswordIntegrity(p12ecx, &pwitem, SEC_OID_SHA1) - != SECSuccess) { - rv = SSM_ERR_BAD_PASSWORD; - goto loser; - } - for (i=0; i m_connection->m_certdb, - keySafe, NULL, PR_TRUE, &pwitem, - SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC) - != SECSuccess) { - rv = SSM_FAILURE; - goto loser; - } - } - /* Done with the password, free it */ - PR_Free(cxt->m_password); - cxt->m_password = NULL; - rv = SSM_RequestFilePathFromUser(SSMRESOURCE(cxt), - "pkcs12_export_file_prompt", - "*.p12", - PR_FALSE); - if (rv != SSM_SUCCESS || cxt->super.m_fileName == NULL) { - rv = SSM_ERR_BAD_FILENAME; - goto loser; - } -#ifdef XP_MAC - cxt->super.m_fileName = SSM_ConvertMacPathToUnix(cxt->super.m_fileName); -#endif - cxt->m_file = PR_Open (cxt->super.m_fileName, - PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0600); - if (cxt->m_file == NULL) { - rv = SSM_ERR_BAD_FILENAME; - goto loser; - } - if (SEC_PKCS12Encode(p12ecx, ssmpkcs12context_writetoexportfile, cxt) - != SECSuccess) { - rv = SSM_FAILURE; - goto loser; - } - PR_Close(cxt->m_file); - if (slotToUse) { - PK11_FreeSlot(slotToUse); - } - SEC_PKCS12DestroyExportContext(p12ecx); - return SSM_SUCCESS; - loser: - if (p12ecx != NULL) { - SEC_PKCS12DestroyExportContext(p12ecx); - } - if (slot && cxt->m_cert && (slot != cxt->m_cert->slot)) { - PK11_FreeSlot(slot); - } - PR_FREEIF(cxt->m_password); - cxt->m_password = NULL; - return rv; -} - -void ssm_switch_endian(unsigned char *buf, unsigned int len) -{ - unsigned int i; - unsigned char tmp; - - for (i=0; im_connection->m_dirRoot, - filePathSep, - ".nsm_p12_tmp"); - if (tmpFileName == NULL) { - return SECFailure; - } -#ifdef XP_MAC - tmpFileName = SSM_ConvertMacPathToUnix(tmpFileName); -#endif - if (readData) { - cxt->m_digestFile = PR_Open(tmpFileName, - PR_RDONLY, 0400); - } else { - cxt->m_digestFile = PR_Open(tmpFileName, - PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE, - 0600); - } - cxt->m_tempFilePath = tmpFileName; - if (cxt->m_digestFile == NULL) { - cxt->m_error = PR_TRUE; - return SECFailure; - } - return SECSuccess; -} - -static SECStatus -ssmpkcs12context_digestclose(void *arg, PRBool removeFile) -{ - SSMPKCS12Context *cxt = (SSMPKCS12Context*)arg; - - if (cxt == NULL || cxt->m_digestFile == NULL) { - return SECFailure; - } - PR_Close(cxt->m_digestFile); - cxt->m_digestFile = NULL; - if (removeFile) { - PR_Delete(cxt->m_tempFilePath); - PR_Free(cxt->m_tempFilePath); - cxt->m_tempFilePath = NULL; - } - return SECSuccess; -} - -static int -ssmpkcs12context_digestread(void *arg, unsigned char *buf, unsigned long len) -{ - SSMPKCS12Context *cxt = (SSMPKCS12Context*)arg; - - if (cxt == NULL || cxt->m_digestFile == NULL) { - return -1; - } - if (buf == NULL || len == 0) { - return -1; - } - return PR_Read(cxt->m_digestFile, buf, len); -} - -static int -ssmpkcs12context_digestwrite(void *arg, unsigned char *buf, unsigned long len) -{ - SSMPKCS12Context *cxt = (SSMPKCS12Context *)arg; - - if (cxt == NULL || cxt->m_digestFile == NULL) { - return -1; - } - if (buf == NULL || len == 0) { - return -1; - } - return PR_Write(cxt->m_digestFile, buf, len); -} - -SECItem* -SSM_NicknameCollisionCallback(SECItem *old_nick, PRBool *cancel, - void *wincx) -{ - /* We don't handle this yet */ - *cancel = PR_TRUE; - return NULL; -} - -static PK11SlotInfo* -SSMPKCS12Context_ChooseSlotForImport(SSMPKCS12Context *cxt, - PK11SlotList *slotList) -{ - char mech[20]; - SSMStatus rv; - - PR_snprintf(mech, 20, "mech=%d&task=import&unused=unused", CKM_RSA_PKCS); - SSM_LockUIEvent(&cxt->super); - rv = SSMControlConnection_SendUIEvent(cxt->super.m_connection, - "get", - "select_token", - &cxt->super, - mech, - &SSMRESOURCE(cxt)->m_clientContext, - PR_TRUE); - if (rv != SSM_SUCCESS) { - SSM_UnlockResource(&cxt->super); - return NULL; - } - SSM_WaitUIEvent(&cxt->super, PR_INTERVAL_NO_TIMEOUT); - /* Wait so damn window goes away without swallowing up - * the password prompt that will come up next. - */ - PR_Sleep(PR_TicksPerSecond()); - return (PK11SlotInfo*)cxt->super.m_uiData; -} - -static PK11SlotInfo* -SSMPKCS12Context_GetSlotForImport(SSMPKCS12Context *cxt) -{ - PK11SlotList *slotList; - PK11SlotInfo *slot = NULL; - - slotList = PK11_GetAllTokens(CKM_RSA_PKCS, PR_TRUE, PR_TRUE, - cxt->super.m_connection); - if (slotList == NULL || slotList->head == NULL) { - /* Couldn't find a slot, let's try the internal slot - * and see what happens - */ - slot = PK11_GetInternalKeySlot(); - } else if (slotList->head->next == NULL) { - /* - * Only one slot, return it. - */ - slot = PK11_ReferenceSlot(slotList->head->slot); - } else { - slot = SSMPKCS12Context_ChooseSlotForImport(cxt, slotList); - } - if (slotList) - PK11_FreeSlotList(slotList); - return slot; -} - -SSMStatus -SSMPKCS12Context_RestoreCertFromPKCS12File(SSMPKCS12Context *cxt) -{ - SSMStatus rv; - SECItem passwdReq; - char *prompt=NULL; - PK11SlotInfo *slot=NULL; - SEC_PKCS12DecoderContext *p12dcx=NULL; - PRBool swapUnicode = PR_FALSE; - unsigned char *buf=NULL; - SECItem pwItem = { siBuffer, NULL, 0 }, uniPwItem = { siBuffer, NULL, 0 }; - SECStatus srv; - CERTCertList *certList=NULL; - CERTCertListNode *node=NULL; - PromptRequest request; - - if (cxt == NULL || cxt->m_isExportContext) { - return SSM_FAILURE; - } -#ifdef IS_LITTLE_ENDIAN - swapUnicode = PR_TRUE; -#endif - - rv = SSM_RequestFilePathFromUser(SSMRESOURCE(cxt), - "pkcs12_import_file_prompt", - "*.p12", - PR_TRUE); - if (rv != SSM_SUCCESS || cxt->super.m_fileName == NULL) { - rv = SSM_ERR_BAD_FILENAME; - goto loser; - } - prompt = SSM_GetCharFromKey("pkcs12_request_password_prompt", - "ISO-8859-1"); - if (prompt == NULL) { - rv = SSM_FAILURE; - goto loser; - } - request.resID = SSMRESOURCE(cxt)->m_id; - request.prompt = prompt; - request.clientContext = SSMRESOURCE(cxt)->m_clientContext; - if (CMT_EncodeMessage(PromptRequestTemplate, (CMTItem*)&passwdReq, &request) != CMTSuccess) { - rv = SSM_FAILURE; - goto loser; - } - passwdReq.type = (SECItemType) (SSM_EVENT_MESSAGE | SSM_PROMPT_EVENT); - SSM_LockResource(SSMRESOURCE(cxt)); - cxt->m_password = NULL; - rv = SSM_SendQMessage(SSMRESOURCE(cxt)->m_connection->m_controlOutQ, - 20, - passwdReq.type, - passwdReq.len, - (char*)passwdReq.data, - PR_TRUE); - SSM_WaitResource(SSMRESOURCE(cxt), SSM_PASSWORD_WAIT_TIME); - SSM_UnlockResource(SSMRESOURCE(cxt)); - if (cxt->m_password == NULL) { - rv = SSM_ERR_NO_PASSWORD; - goto loser; - } -#ifdef XP_MAC - - /*NSPR wants the path to be a UNIX style path. So let's convert it here for MAC.*/ - SSMRESOURCE(cxt)->m_fileName = SSM_ConvertMacPathToUnix(SSMRESOURCE(cxt)->m_fileName); - -#endif - cxt->m_file = PR_Open(SSMRESOURCE(cxt)->m_fileName, - PR_RDONLY, 0400); - if (cxt->m_file == NULL) { - rv = SSM_ERR_BAD_FILENAME; - goto loser; - } - slot = SSMPKCS12Context_GetSlotForImport(cxt); - if (slot == NULL) { - goto loser; - } - - if (PK11_NeedLogin(slot)) { - /* we should log out only if the slot needs login */ - PK11_Logout(slot); - } - - /* User has not initialize DB, ask for a password. */ - if (PK11_NeedUserInit(slot)) { - rv = SSM_SetUserPassword(slot, SSMRESOURCE(cxt)); - if (rv != SSM_SUCCESS) { - rv = SSM_ERR_NEED_USER_INIT_DB; - goto loser; - } - } - - if (PK11_Authenticate(slot, PR_FALSE, SSMRESOURCE(cxt)->m_connection) - != SECSuccess) { - rv = SSM_ERR_BAD_DB_PASSWORD; - goto loser; - } - pwItem.data = (unsigned char *) cxt->m_password; - pwItem.len = strlen(cxt->m_password); - if (SSM_UnicodeConversion(&uniPwItem, &pwItem, PR_TRUE, - swapUnicode) != SECSuccess) { - rv = SSM_ERR_BAD_PASSWORD; - goto loser; - } - p12dcx = SEC_PKCS12DecoderStart(&uniPwItem, slot, - SSMRESOURCE(cxt)->m_connection, - ssmpkcs12context_digestopen, - ssmpkcs12context_digestclose, - ssmpkcs12context_digestread, - ssmpkcs12context_digestwrite, - cxt); - if (p12dcx == NULL) { - rv = SSM_FAILURE; - goto loser; - } - buf = SSM_NEW_ARRAY(unsigned char, PKCS12_IN_BUFFER_SIZE); - if (buf == NULL) { - rv = SSM_ERR_OUT_OF_MEMORY; - goto loser; - } - - while (PR_TRUE) { - int readLen = PR_Read(cxt->m_file, buf, PKCS12_IN_BUFFER_SIZE); - if (readLen < 0) { - rv = SSM_FAILURE; - goto loser; - } - srv = SEC_PKCS12DecoderUpdate(p12dcx, buf, readLen); - if (srv != SECSuccess || readLen != PKCS12_IN_BUFFER_SIZE) { - break; - } - } - if (srv != SECSuccess) { - rv = SSM_ERR_CANNOT_DECODE; - goto loser; - } - if (SEC_PKCS12DecoderVerify(p12dcx) != SECSuccess) { - rv = SSM_FAILURE; - goto loser; - } - if (SEC_PKCS12DecoderValidateBags(p12dcx, SSM_NicknameCollisionCallback) - != SECSuccess) { - if (PORT_GetError() == SEC_ERROR_PKCS12_DUPLICATE_DATA) { - rv = SSM_PKCS12_CERT_ALREADY_EXISTS; - } else { - rv = SSM_FAILURE; - } - goto loser; - } - if (SEC_PKCS12DecoderImportBags(p12dcx) != SECSuccess) { - rv = SSM_FAILURE; - goto loser; - } - PR_Close(cxt->m_file); - cxt->m_file = NULL; - PR_Free(prompt); - PK11_FreeSlot(slot); - - certList = SEC_PKCS12DecoderGetCerts(p12dcx); - if (certList != NULL) { - for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList); - node = CERT_LIST_NEXT(node)) { - if ((node->cert->trust) && - (node->cert->trust->emailFlags & CERTDB_USER) && - CERT_VerifyCertNow(cxt->super.m_connection->m_certdb, - node->cert, PR_TRUE, certUsageEmailSigner, - cxt) == SSM_SUCCESS) { - rv = SSM_UseAsDefaultEmailIfNoneSet(cxt->super.m_connection, - node->cert, PR_FALSE); - if (rv == SSM_SUCCESS) { - /* We just made this cert the default new cert */ - rv = SSM_ERR_NEW_DEF_MAIL_CERT; - break; - } - } - } - CERT_DestroyCertList(certList); - certList = NULL; - } - - SEC_PKCS12DecoderFinish(p12dcx); - return (rv == SSM_ERR_NEW_DEF_MAIL_CERT) ? rv : SSM_SUCCESS; -loser: - if (cxt->m_file != NULL) { - PR_Close(cxt->m_file); - cxt->m_file = NULL; - } - if (prompt != NULL) { - PR_Free(prompt); - } - if (slot != NULL) { - PK11_FreeSlot(slot); - } - if (p12dcx != NULL) { - SEC_PKCS12DecoderFinish(p12dcx); - } - if (buf != NULL) { - PR_Free(buf); - } - cxt->m_error = PR_TRUE; - return rv; -} - -SSMStatus -SSMPKCS12Context_ProcessPromptReply(SSMResource *res, - char *reply) -{ - SSMPKCS12Context *cxt = (SSMPKCS12Context*)res; - - if (!SSM_IsAKindOf(res, SSM_RESTYPE_PKCS12_CONTEXT)) { - return PR_FAILURE; - } - cxt->m_password = reply?PL_strdup(reply):NULL; - SSM_LockResource(res); - SSM_NotifyResource(res); - SSM_UnlockResource(res); - return PR_SUCCESS; -} - -SSMStatus -SSMPKCS12Context_Print(SSMResource *res, - char *fmt, - PRIntn numParams, - char **value, - char **resultStr) -{ - char mechStr[48]; - SSMStatus rv = SSM_FAILURE; - - PR_ASSERT(resultStr != NULL); - if (resultStr == NULL) { - rv = SSM_FAILURE; - goto done; - } - if (numParams) { - rv = SSMResource_Print(res, fmt, numParams, value, resultStr); - goto done; - } - PR_snprintf(mechStr, 48, "%d", CKM_RSA_PKCS); - *resultStr = PR_smprintf(fmt, res->m_id, mechStr, ""); - - rv = (*resultStr == NULL) ? SSM_FAILURE : SSM_SUCCESS; - done: - return rv; -} - -void SSMPKCS12Context_BackupMultipleCertsThread(void *arg) -{ - SSMPKCS12Context *p12Cxt = (SSMPKCS12Context*)arg; - SSMStatus rv; - SSMControlConnection *connection = p12Cxt->super.m_connection; - PRIntn i; - - SSM_RegisterThread("PKCS12", NULL); - SSM_DEBUG("About to backup some certs.\n"); - - rv = SSMControlConnection_SendUIEvent(connection, - "get", "backup_new_cert", - &p12Cxt->super, NULL, - &p12Cxt->super.m_clientContext, - PR_TRUE); - PR_ASSERT(SSMRESOURCE(p12Cxt)->m_buttonType == SSM_BUTTON_NONE); - if (rv == SSM_SUCCESS) { - while (SSMRESOURCE(p12Cxt)->m_buttonType == SSM_BUTTON_NONE) { - SSM_WaitForOKCancelEvent(SSMRESOURCE(p12Cxt), - PR_INTERVAL_NO_TIMEOUT); - } - } - /* - * Eventhough we tell Nova to use a context it provided to us, - * it still tries to use the top-most window to bring up the - * next dialog. Meaning I still have to insert this freakin' - * sleep. - * - * XXX -javi - */ - PR_Sleep(PR_TicksPerSecond()); - /* - * Create a single P12 file containing all of the certs that - * were just issued. - */ - SSMPKCS12Context_CreatePKCS12FileForMultipleCerts(p12Cxt, PR_FALSE, - p12Cxt->arg->certs, - p12Cxt->arg->numCerts); - -#if 0 - for (i=0; iarg->numCerts;i++) { - p12Cxt->m_cert = p12Cxt->arg->certs[i]; - SSMPKCS12Context_CreatePKCS12File(p12Cxt, PR_FALSE); - /* - * ARGH!! If we do more than one, then Communicator crashes - * because it tries to use a window that no longer exists as - * the base for the next window. - */ - PR_Sleep(PR_TicksPerSecond()); - } -#endif - PR_Free(p12Cxt->arg->certs); - PR_Free(p12Cxt->arg); - p12Cxt->arg = NULL; - p12Cxt->m_thread = NULL; - SSM_FreeResource(&p12Cxt->super); - SSM_DEBUG("Done backing up certs.\n"); -} - -SSMStatus -SSM_WarnPKCS12Incompatibility(SSMTextGenContext *cx) -{ - SSMStatus rv; - char *value; - - rv = SSM_HTTPParamValue(cx->m_request, "multipleCerts", &value); - PR_FREEIF(cx->m_result); - cx->m_result = NULL; - if (rv == SSM_SUCCESS) { - rv = SSM_FindUTF8StringInBundles(cx, "pkcs12_incompatible_warn", - &cx->m_result); - if (rv != SSM_SUCCESS) { - cx->m_result = PL_strdup(""); - } - } else { - cx->m_result = PL_strdup(""); - } - return SSM_SUCCESS; -} -