зеркало из https://github.com/mozilla/pjs.git
b=116334 Allowing conditional usage of NSS 3.4
r=wtc sr=blizzard Should not affect standard build (without having explicitly set NSS_3_4 in the environment)
This commit is contained in:
Родитель
3a6e3f8b94
Коммит
91defc6be5
|
@ -130,8 +130,10 @@ NSS_CO_FLAGS=$(MOZ_CO_FLAGS)
|
|||
!if "$(NSS_CO_TAG)" != ""
|
||||
NSS_CO_FLAGS=$(NSS_CO_FLAGS) -r $(NSS_CO_TAG)
|
||||
!else
|
||||
!ifndef NSS_3_4
|
||||
NSS_CO_FLAGS=$(NSS_CO_FLAGS) -r NSS_CLIENT_TAG
|
||||
!endif
|
||||
!endif
|
||||
|
||||
CVSCO_NSS = cvs $(CVS_FLAGS) co $(NSS_CO_FLAGS)
|
||||
|
||||
|
|
|
@ -55,7 +55,9 @@
|
|||
#MOZ_CO_TAG = <tag>
|
||||
NSPR_CO_TAG = NSPRPUB_PRE_4_2_CLIENT_BRANCH
|
||||
PSM_CO_TAG = #We will now build PSM from the tip instead of a branch.
|
||||
ifndef NSS_3_4
|
||||
NSS_CO_TAG = NSS_CLIENT_TAG
|
||||
endif
|
||||
LDAPCSDK_CO_TAG = LDAPCSDK_40_BRANCH
|
||||
ACCESSIBLE_CO_TAG =
|
||||
GFX2_CO_TAG =
|
||||
|
|
|
@ -28,6 +28,16 @@ VPATH = @srcdir@
|
|||
include $(DEPTH)/config/autoconf.mk
|
||||
|
||||
LOADABLE_ROOT_MODULE = $(LIB_PREFIX)nssckbi$(DLL_SUFFIX)
|
||||
|
||||
ifdef NSS_3_4
|
||||
DEFINES += -DNSS_3_4
|
||||
|
||||
NSS3_LIB = $(LIB_PREFIX)nss3$(DLL_SUFFIX)
|
||||
SMIME3_LIB = $(LIB_PREFIX)smime3$(DLL_SUFFIX)
|
||||
SSL3_LIB = $(LIB_PREFIX)ssl3$(DLL_SUFFIX)
|
||||
SOFTOKEN3_LIB = $(LIB_PREFIX)softokn3$(DLL_SUFFIX)
|
||||
endif
|
||||
|
||||
FREEBL_PURE32_MODULE = libfreebl_pure32_3$(DLL_SUFFIX)
|
||||
FREEBL_HYBRID_MODULE = libfreebl_hybrid_3$(DLL_SUFFIX)
|
||||
|
||||
|
@ -83,6 +93,12 @@ libs::
|
|||
cd $(DIST)/lib; cp -f $(LIB_PREFIX)mozdbm_s.$(LIB_SUFFIX) $(NSS_LIB_PREFIX)dbm.$(LIB_SUFFIX)
|
||||
$(MAKE) -C $(topsrcdir)/security/nss/lib $(DEFAULT_GMAKE_FLAGS)
|
||||
$(INSTALL) -m 755 $(DIST)/lib/$(LOADABLE_ROOT_MODULE) $(DIST)/bin
|
||||
ifdef NSS_3_4
|
||||
$(INSTALL) -m 755 $(DIST)/lib/$(SOFTOKEN3_LIB) $(DIST)/bin
|
||||
$(INSTALL) -m 755 $(DIST)/lib/$(NSS3_LIB) $(DIST)/bin
|
||||
$(INSTALL) -m 755 $(DIST)/lib/$(SSL3_LIB) $(DIST)/bin
|
||||
$(INSTALL) -m 755 $(DIST)/lib/$(SMIME3_LIB) $(DIST)/bin
|
||||
endif
|
||||
ifneq (,$(filter SunOS HP-UX,$(OS_ARCH)))
|
||||
ifneq ($(OS_TEST),i86pc)
|
||||
ifndef HAVE_64BIT_OS
|
||||
|
|
|
@ -96,7 +96,24 @@ REQUIRES = nspr \
|
|||
pipboot \
|
||||
$(NULL)
|
||||
|
||||
ifdef NSS_3_4
|
||||
DEFINES += -DNSS_3_4
|
||||
|
||||
NSS3_LIB = $(LIB_PREFIX)nss3$(DLL_SUFFIX)
|
||||
SMIME3_LIB = $(LIB_PREFIX)smime3$(DLL_SUFFIX)
|
||||
SSL3_LIB = $(LIB_PREFIX)ssl3$(DLL_SUFFIX)
|
||||
SOFTOKEN3_LIB = $(LIB_PREFIX)softokn3$(DLL_SUFFIX)
|
||||
|
||||
EXTRA_LIBS = \
|
||||
$(DIST)/lib/$(LIB_PREFIX)crmf.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(SMIME3_LIB) \
|
||||
$(DIST)/lib/$(SSL3_LIB) \
|
||||
$(DIST)/lib/$(NSS3_LIB) \
|
||||
$(DIST)/lib/$(SOFTOKEN3_LIB) \
|
||||
$(NULL)
|
||||
else
|
||||
EXTRA_LIBS = $(NSS_LIBS)
|
||||
endif
|
||||
|
||||
EXTRA_DEPS = $(EXTRA_LIBS)
|
||||
|
||||
|
|
|
@ -81,6 +81,17 @@ LINCS = $(LINCS) \
|
|||
$(NULL)
|
||||
|
||||
|
||||
!if defined(NSS_3_4)
|
||||
CFLAGS=$(CFLAGS) -DNSS_3_4
|
||||
|
||||
SUB_LIBRARIES = \
|
||||
$(DIST)/lib/crmf.lib \
|
||||
$(DIST)/lib/smime3.lib \
|
||||
$(DIST)/lib/ssl3.lib \
|
||||
$(DIST)/lib/nss3.lib \
|
||||
$(DIST)/lib/softokn3.lib \
|
||||
$(NULL)
|
||||
!else
|
||||
SUB_LIBRARIES = \
|
||||
$(DIST)/lib/smime.lib \
|
||||
$(DIST)/lib/crmf.lib \
|
||||
|
@ -97,6 +108,7 @@ SUB_LIBRARIES = \
|
|||
$(DIST)/lib/secutil.lib \
|
||||
$(DIST)/lib/dbm.lib \
|
||||
$(NULL)
|
||||
!endif
|
||||
|
||||
LLIBS = \
|
||||
$(LIBNSPR) \
|
||||
|
@ -134,4 +146,9 @@ include <$(DEPTH)\config\rules.mak>
|
|||
|
||||
libs:: $(DLL)
|
||||
$(MAKE_INSTALL) $(DIST)\lib\nssckbi.dll $(DIST)\bin
|
||||
|
||||
!if defined(NSS_3_4)
|
||||
$(MAKE_INSTALL) $(DIST)\lib\softokn3.dll $(DIST)\bin
|
||||
$(MAKE_INSTALL) $(DIST)\lib\nss3.dll $(DIST)\bin
|
||||
$(MAKE_INSTALL) $(DIST)\lib\smime3.dll $(DIST)\bin
|
||||
$(MAKE_INSTALL) $(DIST)\lib\ssl3.dll $(DIST)\bin
|
||||
!endif
|
||||
|
|
|
@ -63,6 +63,9 @@
|
|||
extern "C" {
|
||||
#include "crmf.h"
|
||||
#include "crmfi.h"
|
||||
#ifdef NSS_3_4
|
||||
#include "pk11pqg.h"
|
||||
#endif
|
||||
}
|
||||
#include "cmmf.h"
|
||||
#include "nssb64.h"
|
||||
|
@ -230,7 +233,7 @@ NS_INTERFACE_MAP_END_THREADSAFE
|
|||
NS_IMPL_THREADSAFE_ADDREF(nsCryptoRunArgs)
|
||||
NS_IMPL_THREADSAFE_RELEASE(nsCryptoRunArgs)
|
||||
|
||||
#if 1
|
||||
#ifndef NSS_3_4
|
||||
/*
|
||||
* We're cheating for now so that escrowing keys on smart cards
|
||||
* will work. The NSS team gave us their blessing to do this
|
||||
|
@ -239,6 +242,9 @@ NS_IMPL_THREADSAFE_RELEASE(nsCryptoRunArgs)
|
|||
extern "C" SECKEYPrivateKey*
|
||||
pk11_loadPrivKey(PK11SlotInfo *slot,SECKEYPrivateKey *privKey,
|
||||
SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive);
|
||||
#define __FUNCTIONNAME_PK11_LoadPrivKey pk11_loadPrivKey
|
||||
#else
|
||||
#define __FUNCTIONNAME_PK11_LoadPrivKey PK11_LoadPrivKey
|
||||
#endif
|
||||
|
||||
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
||||
|
@ -486,6 +492,18 @@ cryptojs_interpret_key_gen_type(char *keyAlg)
|
|||
return invalidKeyGen;
|
||||
}
|
||||
|
||||
#ifdef NSS_3_4
|
||||
#define __FUNCTIONNAME_PK11_PQG_ParamGen PK11_PQG_ParamGen
|
||||
#define __FUNCTIONNAME_PK11_PQG_DestroyVerify PK11_PQG_DestroyVerify
|
||||
#define __FUNCTIONNAME_PK11_PQG_DestroyParams PK11_PQG_DestroyParams
|
||||
#define __WRAPPER_SEC_ASN1EncodeItem_Param4(p) SEC_ASN1_GET(p)
|
||||
#else
|
||||
#define __FUNCTIONNAME_PK11_PQG_ParamGen PQG_ParamGen
|
||||
#define __FUNCTIONNAME_PK11_PQG_DestroyVerify PQG_DestroyVerify
|
||||
#define __FUNCTIONNAME_PK11_PQG_DestroyParams PQG_DestroyParams
|
||||
#define __WRAPPER_SEC_ASN1EncodeItem_Param4(p) p
|
||||
#endif
|
||||
|
||||
//Take the string passed into us via crypto.generateCRMFRequest
|
||||
//as the keygen type parameter and convert it to parameters
|
||||
//we can actually pass to the PKCS#11 layer.
|
||||
|
@ -533,13 +551,13 @@ nsConvertToActualKeyGenParams(PRUint32 keyGenMech, char *params,
|
|||
returnParams = nsnull;
|
||||
break;
|
||||
}
|
||||
rv = PQG_ParamGen(0, &pqgParams, &vfy);
|
||||
rv = __FUNCTIONNAME_PK11_PQG_ParamGen(0, &pqgParams, &vfy);
|
||||
if (vfy) {
|
||||
PQG_DestroyVerify(vfy);
|
||||
__FUNCTIONNAME_PK11_PQG_DestroyVerify(vfy);
|
||||
}
|
||||
if (rv != SECSuccess) {
|
||||
if (pqgParams) {
|
||||
PQG_DestroyParams(pqgParams);
|
||||
__FUNCTIONNAME_PK11_PQG_DestroyParams(pqgParams);
|
||||
}
|
||||
return nsnull;
|
||||
}
|
||||
|
@ -580,7 +598,7 @@ nsFreeKeyGenParams(CK_MECHANISM_TYPE keyGenMechanism, void *params)
|
|||
nsMemory::Free(params);
|
||||
break;
|
||||
case CKM_DSA_KEY_PAIR_GEN:
|
||||
PQG_DestroyParams(NS_STATIC_CAST(PQGParams*,params));
|
||||
__FUNCTIONNAME_PK11_PQG_DestroyParams(NS_STATIC_CAST(PQGParams*,params));
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -691,7 +709,7 @@ cryptojs_generateOneKeyPair(JSContext *cx, nsKeyPairInfo *keyPairInfo,
|
|||
//If we generated the key pair on the internal slot because the
|
||||
// keys were going to be escrowed, move the keys over right now.
|
||||
if (willEscrow && intSlot) {
|
||||
SECKEYPrivateKey *newPrivKey = pk11_loadPrivKey(origSlot,
|
||||
SECKEYPrivateKey *newPrivKey = __FUNCTIONNAME_PK11_LoadPrivKey(origSlot,
|
||||
keyPairInfo->privKey,
|
||||
keyPairInfo->pubKey,
|
||||
PR_TRUE, PR_TRUE);
|
||||
|
@ -923,7 +941,7 @@ nsSetRegToken(CRMFCertRequest *certReq, char *regToken)
|
|||
src.data = (unsigned char*)regToken;
|
||||
src.len = nsCRT::strlen(regToken);
|
||||
SECItem *derEncoded = SEC_ASN1EncodeItem(nsnull, nsnull, &src,
|
||||
SEC_UTF8StringTemplate);
|
||||
__WRAPPER_SEC_ASN1EncodeItem_Param4(SEC_UTF8StringTemplate));
|
||||
|
||||
if (!derEncoded)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
@ -951,7 +969,7 @@ nsSetAuthenticator(CRMFCertRequest *certReq, char *authenticator)
|
|||
src.data = (unsigned char*)authenticator;
|
||||
src.len = nsCRT::strlen(authenticator);
|
||||
SECItem *derEncoded = SEC_ASN1EncodeItem(nsnull, nsnull, &src,
|
||||
SEC_UTF8StringTemplate);
|
||||
__WRAPPER_SEC_ASN1EncodeItem_Param4(SEC_UTF8StringTemplate));
|
||||
if (!derEncoded)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
|
@ -1770,12 +1788,16 @@ nsCertAlreadyExists(SECItem *derCert)
|
|||
if (!arena)
|
||||
return PR_FALSE; //What else could we return?
|
||||
|
||||
#ifdef NSS_3_4
|
||||
cert = CERT_FindCertByDERCert(handle, derCert);
|
||||
#else
|
||||
SECItem key;
|
||||
SECStatus srv = CERT_KeyFromDERCert(arena, derCert, &key);
|
||||
if (srv != SECSuccess)
|
||||
return PR_FALSE;
|
||||
|
||||
cert = CERT_FindCertByKey(handle, &key);
|
||||
#endif
|
||||
if (cert) {
|
||||
if (cert->isperm && !cert->nickname && !cert->emailAddr) {
|
||||
//If the cert doesn't have a nickname or email addr, it is
|
||||
|
@ -1898,10 +1920,17 @@ nsCrypto::ImportUserCertificates(const nsAReadableString& aNickname,
|
|||
// Let's figure out which nickname to give the cert. If
|
||||
// a certificate with the same subject name already exists,
|
||||
// then just use that one, otherwise, get the default nickname.
|
||||
#ifdef NSS_3_4
|
||||
if (currCert->nickname) {
|
||||
localNick = currCert->nickname;
|
||||
}
|
||||
#else
|
||||
if (currCert->subjectList && currCert->subjectList->entry &&
|
||||
currCert->subjectList->entry->nickname) {
|
||||
localNick = currCert->subjectList->entry->nickname;
|
||||
} else if (nickname == nsnull || nickname[0] == '\0') {
|
||||
}
|
||||
#endif
|
||||
else if (nickname == nsnull || nickname[0] == '\0') {
|
||||
localNick = default_nickname(currCert, ctx);
|
||||
freeLocalNickname = PR_TRUE;
|
||||
} else {
|
||||
|
|
|
@ -22,7 +22,9 @@
|
|||
|
||||
extern "C" {
|
||||
#include "secdert.h"
|
||||
#ifndef NSS_3_4
|
||||
#include "keydbt.h"
|
||||
#endif
|
||||
}
|
||||
#include "nspr.h"
|
||||
#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
|
||||
|
@ -31,6 +33,11 @@ extern "C" {
|
|||
#include "cryptohi.h"
|
||||
#include "base64.h"
|
||||
#include "secasn1.h"
|
||||
#ifdef NSS_3_4
|
||||
extern "C" {
|
||||
#include "pk11pqg.h"
|
||||
}
|
||||
#endif
|
||||
#include "nsProxiedService.h"
|
||||
#include "nsKeygenHandler.h"
|
||||
#include "nsVoidArray.h"
|
||||
|
@ -75,6 +82,27 @@ DERTemplate CERTPublicKeyAndChallengeTemplate[] =
|
|||
{ 0, }
|
||||
};
|
||||
|
||||
#ifdef NSS_3_4
|
||||
DERTemplate SECAlgorithmIDTemplate[] = {
|
||||
{ DER_SEQUENCE,
|
||||
0, NULL, sizeof(SECAlgorithmID) },
|
||||
{ DER_OBJECT_ID,
|
||||
offsetof(SECAlgorithmID,algorithm), },
|
||||
{ DER_OPTIONAL | DER_ANY,
|
||||
offsetof(SECAlgorithmID,parameters), },
|
||||
{ 0, }
|
||||
};
|
||||
|
||||
const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
|
||||
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(PQGParams,prime) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
|
||||
{ 0, }
|
||||
};
|
||||
#endif
|
||||
|
||||
|
||||
static NS_DEFINE_IID(kFormProcessorIID, NS_IFORMPROCESSOR_IID);
|
||||
static NS_DEFINE_IID(kIDOMHTMLSelectElementIID, NS_IDOMHTMLSELECTELEMENT_IID);
|
||||
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
||||
|
@ -135,7 +163,11 @@ pqg_prime_bits(char *str)
|
|||
|
||||
done:
|
||||
if (params)
|
||||
#ifdef NSS_3_4
|
||||
PK11_PQG_DestroyParams(params);
|
||||
#else
|
||||
PQG_DestroyParams(params);
|
||||
#endif
|
||||
return primeBits;
|
||||
}
|
||||
|
||||
|
|
|
@ -32,7 +32,6 @@
|
|||
* may use your version of this file under either the MPL or the
|
||||
* GPL.
|
||||
*
|
||||
* $Id: nsNSSCertificate.cpp,v 1.58 2001-12-16 11:41:09 jaggernaut%netscape.com Exp $
|
||||
*/
|
||||
|
||||
#include "prmem.h"
|
||||
|
@ -659,7 +658,13 @@ nsNSSCertificate::~nsNSSCertificate()
|
|||
if (mCertType == nsNSSCertificate::USER_CERT) {
|
||||
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
|
||||
PK11_DeleteTokenCertAndKey(mCert, cxt);
|
||||
} else if (!mCert->slot) {
|
||||
} else
|
||||
#ifdef NSS_3_4
|
||||
if (!PK11_IsReadOnly(mCert->slot))
|
||||
#else
|
||||
if (!mCert->slot)
|
||||
#endif
|
||||
{
|
||||
// If the cert isn't a user cert and it is on an external token,
|
||||
// then we'll just leave it as untrusted, but won't delete it
|
||||
// from the cert db.
|
||||
|
@ -852,21 +857,52 @@ nsNSSCertificate::FormatUIStrings(const nsAutoString &nickname, nsAutoString &ni
|
|||
return rv;
|
||||
}
|
||||
|
||||
|
||||
#ifdef NSS_3_4
|
||||
#define NS_NSS_LONG 4
|
||||
#define NS_NSS_GET_LONG(x) ((((unsigned long)((x)[0])) << 24) | \
|
||||
(((unsigned long)((x)[1])) << 16) | \
|
||||
(((unsigned long)((x)[2])) << 8) | \
|
||||
((unsigned long)((x)[3])) )
|
||||
#define NS_NSS_PUT_LONG(src,dest) (dest)[0] = (((src) >> 24) & 0xff); \
|
||||
(dest)[1] = (((src) >> 16) & 0xff); \
|
||||
(dest)[2] = (((src) >> 8) & 0xff); \
|
||||
(dest)[3] = ((src) & 0xff);
|
||||
#endif
|
||||
|
||||
|
||||
/* readonly attribute string dbKey; */
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificate::GetDbKey(char * *aDbKey)
|
||||
{
|
||||
SECStatus srv;
|
||||
SECItem key;
|
||||
|
||||
NS_ENSURE_ARG(aDbKey);
|
||||
*aDbKey = nsnull;
|
||||
#ifdef NSS_3_4
|
||||
key.len = NS_NSS_LONG*4+mCert->serialNumber.len+mCert->derIssuer.len;
|
||||
key.data = (unsigned char *)nsMemory::Alloc(key.len);
|
||||
NS_NSS_PUT_LONG(0,key.data); // later put moduleID
|
||||
NS_NSS_PUT_LONG(0,&key.data[NS_NSS_LONG]); // later put slotID
|
||||
NS_NSS_PUT_LONG(mCert->serialNumber.len,&key.data[NS_NSS_LONG*2]);
|
||||
NS_NSS_PUT_LONG(mCert->derIssuer.len,&key.data[NS_NSS_LONG*3]);
|
||||
memcpy(&key.data[NS_NSS_LONG*4],mCert->serialNumber.data,
|
||||
mCert->serialNumber.len);
|
||||
memcpy(&key.data[NS_NSS_LONG*4+mCert->serialNumber.len],
|
||||
mCert->derIssuer.data, mCert->derIssuer.len);
|
||||
#else
|
||||
SECStatus srv;
|
||||
srv = CERT_KeyFromIssuerAndSN(mCert->arena, &mCert->derIssuer,
|
||||
&mCert->serialNumber, &key);
|
||||
if (srv != SECSuccess) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
#endif
|
||||
|
||||
*aDbKey = NSSBase64_EncodeItem(nsnull, nsnull, 0, &key);
|
||||
#ifdef NSS_3_4
|
||||
nsMemory::Free(key.data); // SECItem is a 'c' type without a destrutor
|
||||
#endif
|
||||
return (*aDbKey) ? NS_OK : NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
|
@ -1742,6 +1778,12 @@ ProcessRawBytes(SECItem *data, nsString &text)
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
#ifdef NSS_3_4
|
||||
#define __WRAPPER_SEC_ASN1DecodeItem_Param3(p) SEC_ASN1_GET(p)
|
||||
#else
|
||||
#define __WRAPPER_SEC_ASN1DecodeItem_Param3(p) p
|
||||
#endif
|
||||
|
||||
static nsresult
|
||||
ProcessNSCertTypeExtensions(SECItem *extData,
|
||||
nsString &text,
|
||||
|
@ -1750,7 +1792,8 @@ ProcessNSCertTypeExtensions(SECItem *extData,
|
|||
SECItem decoded;
|
||||
decoded.data = nsnull;
|
||||
decoded.len = 0;
|
||||
SEC_ASN1DecodeItem(nsnull, &decoded, SEC_BitStringTemplate, extData);
|
||||
SEC_ASN1DecodeItem(nsnull, &decoded,
|
||||
__WRAPPER_SEC_ASN1DecodeItem_Param3(SEC_BitStringTemplate), extData);
|
||||
unsigned char nsCertType = decoded.data[0];
|
||||
nsString local;
|
||||
nsMemory::Free(decoded.data);
|
||||
|
@ -1806,7 +1849,8 @@ ProcessKeyUsageExtension(SECItem *extData, nsString &text,
|
|||
SECItem decoded;
|
||||
decoded.data = nsnull;
|
||||
decoded.len = 0;
|
||||
SEC_ASN1DecodeItem(nsnull, &decoded, SEC_BitStringTemplate, extData);
|
||||
SEC_ASN1DecodeItem(nsnull, &decoded,
|
||||
__WRAPPER_SEC_ASN1DecodeItem_Param3(SEC_BitStringTemplate), extData);
|
||||
unsigned char keyUsage = decoded.data[0];
|
||||
nsString local;
|
||||
nsMemory::Free(decoded.data);
|
||||
|
@ -2551,14 +2595,37 @@ nsNSSCertificateDB::GetCertByDBKey(const char *aDBkey, nsIPK11Token *aToken,
|
|||
{
|
||||
SECItem keyItem = {siBuffer, nsnull, 0};
|
||||
SECItem *dummy;
|
||||
#ifdef NSS_3_4
|
||||
CERTIssuerAndSN issuerSN;
|
||||
unsigned long moduleID,slotID;
|
||||
#endif
|
||||
*_cert = nsnull;
|
||||
if (!aDBkey) return NS_ERROR_FAILURE;
|
||||
dummy = NSSBase64_DecodeBuffer(nsnull, &keyItem, aDBkey,
|
||||
(PRUint32)PL_strlen(aDBkey));
|
||||
#ifdef NSS_3_4
|
||||
// the future is now, the cert is not longer loaded into temp db's forn now
|
||||
// just fail
|
||||
CERTCertificate *cert;
|
||||
|
||||
// someday maybe we can speed up the search using the moduleID and slotID
|
||||
moduleID = NS_NSS_GET_LONG(keyItem.data);
|
||||
slotID = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG]);
|
||||
|
||||
// build the issuer/SN structure
|
||||
issuerSN.serialNumber.len = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG*2]);
|
||||
issuerSN.derIssuer.len = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG*3]);
|
||||
issuerSN.serialNumber.data= &keyItem.data[NS_NSS_LONG*4];
|
||||
issuerSN.derIssuer.data= &keyItem.data[NS_NSS_LONG*4+
|
||||
issuerSN.serialNumber.len];
|
||||
|
||||
cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN);
|
||||
#else
|
||||
// In the future, this should actually look on the token. But for now,
|
||||
// take it for granted that the cert has been loaded into the temp db.
|
||||
CERTCertificate *cert = CERT_FindCertByKey(CERT_GetDefaultCertDB(),
|
||||
&keyItem);
|
||||
#endif
|
||||
PR_FREEIF(keyItem.data);
|
||||
if (cert) {
|
||||
nsNSSCertificate *nssCert = new nsNSSCertificate(cert);
|
||||
|
@ -2630,7 +2697,17 @@ nsNSSCertificateDB::GetCertsByType(PRUint32 aType,
|
|||
nsresult rv = NS_NewISupportsArray(getter_AddRefs(certarray));
|
||||
if (NS_FAILED(rv)) return PR_FALSE;
|
||||
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
|
||||
#ifdef NSS_3_4
|
||||
if (aType == nsIX509Cert::USER_CERT) {
|
||||
certList = PK11_ListCerts(PK11CertListUser, cxt);
|
||||
} else if (aType == nsIX509Cert::CA_CERT) {
|
||||
certList = PK11_ListCerts(PK11CertListCA, cxt); /* or RootUnique? */
|
||||
} else {
|
||||
certList = PK11_ListCerts(PK11CertListUnique, cxt);
|
||||
}
|
||||
#else
|
||||
certList = PK11_ListCerts(PK11CertListUnique, cxt);
|
||||
#endif
|
||||
CERTCertListNode *node;
|
||||
int i, count = 0;
|
||||
for (node = CERT_LIST_HEAD(certList);
|
||||
|
@ -3153,10 +3230,20 @@ nsNSSCertificateDB::ImportUserCertificate(char *data, PRUint32 length, nsIInterf
|
|||
PK11_FreeSlot(slot);
|
||||
|
||||
/* pick a nickname for the cert */
|
||||
#ifdef NSS_3_4
|
||||
if (cert->nickname) {
|
||||
/* sigh, we need a call to look up other certs with this subject and
|
||||
* identify nicknames from them. We can no longer walk down internal
|
||||
* database structures rjr */
|
||||
nickname = cert->nickname;
|
||||
}
|
||||
#else
|
||||
if (cert->subjectList && cert->subjectList->entry &&
|
||||
cert->subjectList->entry->nickname) {
|
||||
nickname = cert->subjectList->entry->nickname;
|
||||
} else {
|
||||
}
|
||||
#endif
|
||||
else {
|
||||
nickname = default_nickname(cert, ctx);
|
||||
}
|
||||
|
||||
|
@ -3526,14 +3613,20 @@ nsNSSCertificateDB::GetOCSPResponders(nsISupportsArray ** aResponders)
|
|||
return rv;
|
||||
}
|
||||
|
||||
#ifdef NSS_3_4
|
||||
sec_rv = PK11_TraverseSlotCerts(::GetOCSPResponders,
|
||||
respondersArray,
|
||||
nsnull);
|
||||
#else
|
||||
sec_rv = SEC_TraversePermCerts(CERT_GetDefaultCertDB(),
|
||||
::GetOCSPResponders,
|
||||
respondersArray);
|
||||
if (sec_rv == SECSuccess) {
|
||||
sec_rv = PK11_TraverseSlotCerts(::GetOCSPResponders,
|
||||
respondersArray,
|
||||
nsnull);
|
||||
respondersArray,
|
||||
nsnull);
|
||||
}
|
||||
#endif
|
||||
if (sec_rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
|
@ -3676,7 +3769,7 @@ nsNSSCertificateDB::ImportCrl (char *aData, PRUint32 aLength, nsIURI * aURI, PRU
|
|||
}
|
||||
} else {
|
||||
sec_rv = SEC_ASN1DecodeItem(arena,
|
||||
&sd, CERT_SignedDataTemplate,
|
||||
&sd, __WRAPPER_SEC_ASN1DecodeItem_Param3(CERT_SignedDataTemplate),
|
||||
&derCrl);
|
||||
if (sec_rv != SECSuccess) {
|
||||
goto loser;
|
||||
|
@ -4273,8 +4366,13 @@ nsNSSCertificateDB::GetCertByEmailAddress(nsIPK11Token *aToken, const char *aEma
|
|||
SECStatus sec_rv;
|
||||
nsresult rv = NS_OK;
|
||||
|
||||
#ifdef NSS_3_4
|
||||
// fix this... rjr
|
||||
certList = nsnull;
|
||||
#else
|
||||
certList = CERT_CreateEmailAddrCertList(nsnull, CERT_GetDefaultCertDB(),
|
||||
(char*)aEmailAddress, PR_Now(), PR_TRUE);
|
||||
#endif
|
||||
if (certList == nsnull) {
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto loser;
|
||||
|
|
|
@ -40,11 +40,19 @@
|
|||
#include "nsIX509Cert.h"
|
||||
#include "nsIX509CertDB.h"
|
||||
|
||||
#ifdef NSS_3_4
|
||||
/* private NSS defines used by PSM */
|
||||
/* (must be declated before cert.h) */
|
||||
#define CERT_NewTempCertificate __CERT_NewTempCertificate
|
||||
#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm
|
||||
#endif
|
||||
|
||||
#include "prtypes.h"
|
||||
#include "cert.h"
|
||||
#include "secitem.h"
|
||||
#include "nsString.h"
|
||||
|
||||
|
||||
class nsINSSComponent;
|
||||
|
||||
/* Certificate */
|
||||
|
|
|
@ -77,7 +77,9 @@
|
|||
#include "ocsp.h"
|
||||
#include "cms.h"
|
||||
extern "C" {
|
||||
#ifndef NSS_3_4
|
||||
#include "pkcs11.h"
|
||||
#endif
|
||||
#include "pkcs12.h"
|
||||
#include "p12plcy.h"
|
||||
}
|
||||
|
@ -922,6 +924,7 @@ nsNSSComponent::InitializeNSS()
|
|||
ConfigureInternalPKCS11Token();
|
||||
|
||||
if (::NSS_InitReadWrite(profileStr) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr));
|
||||
|
||||
if (supress_warning_preference) {
|
||||
which_nss_problem = problem_none;
|
||||
|
@ -932,6 +935,7 @@ nsNSSComponent::InitializeNSS()
|
|||
|
||||
// try to init r/o
|
||||
if (NSS_Init(profileStr) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init in r/o either\n"));
|
||||
which_nss_problem = problem_no_security_at_all;
|
||||
|
||||
NSS_NoDB_Init(profileStr);
|
||||
|
@ -987,22 +991,37 @@ nsNSSComponent::InitializeNSS()
|
|||
if (problem_none != which_nss_problem) {
|
||||
nsString message;
|
||||
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS problem, trying to bring up GUI error message\n"));
|
||||
|
||||
// We might want to use different messages, depending on what failed.
|
||||
// For now, let's use the same message.
|
||||
nsresult rv = GetPIPNSSBundleString(NS_LITERAL_STRING("NSSInitProblem").get(), message);
|
||||
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get error string\n"));
|
||||
nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService("@mozilla.org/embedcomp/window-watcher;1"));
|
||||
if (wwatch) {
|
||||
if (!wwatch) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get window watcher\n"));
|
||||
}
|
||||
else {
|
||||
nsCOMPtr<nsIPrompt> prompter;
|
||||
wwatch->GetNewPrompter(0, getter_AddRefs(prompter));
|
||||
if (prompter) {
|
||||
if (!prompter) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get window prompter\n"));
|
||||
}
|
||||
else {
|
||||
nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID));
|
||||
if (proxyman) {
|
||||
if (!proxyman) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get proxy manager\n"));
|
||||
}
|
||||
else {
|
||||
nsCOMPtr<nsIPrompt> proxyPrompt;
|
||||
proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ, NS_GET_IID(nsIPrompt),
|
||||
prompter, PROXY_SYNC, getter_AddRefs(proxyPrompt));
|
||||
if (proxyPrompt) {
|
||||
if (!proxyPrompt) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get proxy for nsIPrompt\n"));
|
||||
}
|
||||
else {
|
||||
proxyPrompt->Alert(nsnull, message.get());
|
||||
}
|
||||
}
|
||||
|
@ -1171,8 +1190,12 @@ static PRBool DecryptionAllowedCallback(SECAlgorithmID *algid,
|
|||
return SECMIME_DecryptionAllowed(algid, bulkkey);
|
||||
}
|
||||
|
||||
#ifdef NSS_3_4
|
||||
static void * GetPasswordKeyCallback(void *arg, void *handle)
|
||||
#else
|
||||
static SECItem * GetPasswordKeyCallback(void *arg,
|
||||
SECKEYKeyDBHandle *handle)
|
||||
#endif
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -280,7 +280,12 @@ NS_IMETHODIMP
|
|||
nsPKCS11ModuleDB::GetInternal(nsIPKCS11Module **_retval)
|
||||
{
|
||||
nsCOMPtr<nsIPKCS11Module> module =
|
||||
#ifdef NSS_3_4
|
||||
new nsPKCS11Module(SECMOD_CreateModule(NULL,SECMOD_INT_NAME,
|
||||
NULL,SECMOD_INT_FLAGS));
|
||||
#else
|
||||
new nsPKCS11Module(SECMOD_GetInternalModule());
|
||||
#endif
|
||||
if (!module)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
*_retval = module;
|
||||
|
@ -293,7 +298,12 @@ NS_IMETHODIMP
|
|||
nsPKCS11ModuleDB::GetInternalFIPS(nsIPKCS11Module **_retval)
|
||||
{
|
||||
nsCOMPtr<nsIPKCS11Module> module =
|
||||
#ifdef NSS_3_4
|
||||
new nsPKCS11Module(SECMOD_CreateModule(NULL, SECMOD_FIPS_NAME, NULL,
|
||||
SECMOD_FIPS_FLAGS));
|
||||
#else
|
||||
new nsPKCS11Module(SECMOD_GetFIPSInternal());
|
||||
#endif
|
||||
if (!module)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
*_retval = module;
|
||||
|
|
Загрузка…
Ссылка в новой задаче