mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

b=116334 Allowing conditional usage of NSS 3.4 

r=wtc sr=blizzard
Should not affect standard build (without having explicitly set NSS_3_4 in the environment)
This commit is contained in:
kaie%netscape.com 2002-01-10 00:47:07 +00:00
Родитель 3a6e3f8b94
Коммит 91defc6be5
11 изменённых файлов: 277 добавлений и 23 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
client.mak
Просмотреть файл

@ -130,8 +130,10 @@ NSS_CO_FLAGS=$(MOZ_CO_FLAGS)
!if "$(NSS_CO_TAG)" != "" !if "$(NSS_CO_TAG)" != ""
NSS_CO_FLAGS=$(NSS_CO_FLAGS) -r $(NSS_CO_TAG) NSS_CO_FLAGS=$(NSS_CO_FLAGS) -r $(NSS_CO_TAG)
!else !else
!ifndef NSS_3_4
NSS_CO_FLAGS=$(NSS_CO_FLAGS) -r NSS_CLIENT_TAG NSS_CO_FLAGS=$(NSS_CO_FLAGS) -r NSS_CLIENT_TAG
!endif !endif
!endif
CVSCO_NSS = cvs $(CVS_FLAGS) co $(NSS_CO_FLAGS) CVSCO_NSS = cvs $(CVS_FLAGS) co $(NSS_CO_FLAGS)

2
client.mk
Просмотреть файл

@ -55,7 +55,9 @@
#MOZ_CO_TAG = <tag> #MOZ_CO_TAG = <tag>
NSPR_CO_TAG = NSPRPUB_PRE_4_2_CLIENT_BRANCH NSPR_CO_TAG = NSPRPUB_PRE_4_2_CLIENT_BRANCH
PSM_CO_TAG = #We will now build PSM from the tip instead of a branch. PSM_CO_TAG = #We will now build PSM from the tip instead of a branch.
ifndef NSS_3_4
NSS_CO_TAG = NSS_CLIENT_TAG NSS_CO_TAG = NSS_CLIENT_TAG
endif
LDAPCSDK_CO_TAG = LDAPCSDK_40_BRANCH LDAPCSDK_CO_TAG = LDAPCSDK_40_BRANCH
ACCESSIBLE_CO_TAG = ACCESSIBLE_CO_TAG =
GFX2_CO_TAG = GFX2_CO_TAG =

16
security/manager/Makefile.in
Просмотреть файл

@ -28,6 +28,16 @@ VPATH = @srcdir@
include $(DEPTH)/config/autoconf.mk include $(DEPTH)/config/autoconf.mk
LOADABLE_ROOT_MODULE = $(LIB_PREFIX)nssckbi$(DLL_SUFFIX) LOADABLE_ROOT_MODULE = $(LIB_PREFIX)nssckbi$(DLL_SUFFIX)
ifdef NSS_3_4
DEFINES += -DNSS_3_4
NSS3_LIB = $(LIB_PREFIX)nss3$(DLL_SUFFIX)
SMIME3_LIB = $(LIB_PREFIX)smime3$(DLL_SUFFIX)
SSL3_LIB = $(LIB_PREFIX)ssl3$(DLL_SUFFIX)
SOFTOKEN3_LIB = $(LIB_PREFIX)softokn3$(DLL_SUFFIX)
endif
FREEBL_PURE32_MODULE = libfreebl_pure32_3$(DLL_SUFFIX) FREEBL_PURE32_MODULE = libfreebl_pure32_3$(DLL_SUFFIX)
FREEBL_HYBRID_MODULE = libfreebl_hybrid_3$(DLL_SUFFIX) FREEBL_HYBRID_MODULE = libfreebl_hybrid_3$(DLL_SUFFIX)
@ -83,6 +93,12 @@ libs::
cd $(DIST)/lib; cp -f $(LIB_PREFIX)mozdbm_s.$(LIB_SUFFIX) $(NSS_LIB_PREFIX)dbm.$(LIB_SUFFIX) cd $(DIST)/lib; cp -f $(LIB_PREFIX)mozdbm_s.$(LIB_SUFFIX) $(NSS_LIB_PREFIX)dbm.$(LIB_SUFFIX)
$(MAKE) -C $(topsrcdir)/security/nss/lib $(DEFAULT_GMAKE_FLAGS) $(MAKE) -C $(topsrcdir)/security/nss/lib $(DEFAULT_GMAKE_FLAGS)
$(INSTALL) -m 755 $(DIST)/lib/$(LOADABLE_ROOT_MODULE) $(DIST)/bin $(INSTALL) -m 755 $(DIST)/lib/$(LOADABLE_ROOT_MODULE) $(DIST)/bin
ifdef NSS_3_4
$(INSTALL) -m 755 $(DIST)/lib/$(SOFTOKEN3_LIB) $(DIST)/bin
$(INSTALL) -m 755 $(DIST)/lib/$(NSS3_LIB) $(DIST)/bin
$(INSTALL) -m 755 $(DIST)/lib/$(SSL3_LIB) $(DIST)/bin
$(INSTALL) -m 755 $(DIST)/lib/$(SMIME3_LIB) $(DIST)/bin
endif
ifneq (,$(filter SunOS HP-UX,$(OS_ARCH))) ifneq (,$(filter SunOS HP-UX,$(OS_ARCH)))
ifneq ($(OS_TEST),i86pc) ifneq ($(OS_TEST),i86pc)
ifndef HAVE_64BIT_OS ifndef HAVE_64BIT_OS

17
security/manager/ssl/src/Makefile.in
Просмотреть файл

@ -96,7 +96,24 @@ REQUIRES = nspr \
pipboot \ pipboot \
$(NULL) $(NULL)
ifdef NSS_3_4
DEFINES += -DNSS_3_4
NSS3_LIB = $(LIB_PREFIX)nss3$(DLL_SUFFIX)
SMIME3_LIB = $(LIB_PREFIX)smime3$(DLL_SUFFIX)
SSL3_LIB = $(LIB_PREFIX)ssl3$(DLL_SUFFIX)
SOFTOKEN3_LIB = $(LIB_PREFIX)softokn3$(DLL_SUFFIX)
EXTRA_LIBS = \
$(DIST)/lib/$(LIB_PREFIX)crmf.$(LIB_SUFFIX) \
$(DIST)/lib/$(SMIME3_LIB) \
$(DIST)/lib/$(SSL3_LIB) \
$(DIST)/lib/$(NSS3_LIB) \
$(DIST)/lib/$(SOFTOKEN3_LIB) \
$(NULL)
else
EXTRA_LIBS = $(NSS_LIBS) EXTRA_LIBS = $(NSS_LIBS)
endif
EXTRA_DEPS = $(EXTRA_LIBS) EXTRA_DEPS = $(EXTRA_LIBS)

19
security/manager/ssl/src/makefile.win
Просмотреть файл

@ -81,6 +81,17 @@ LINCS = $(LINCS) \
$(NULL) $(NULL)
!if defined(NSS_3_4)
CFLAGS=$(CFLAGS) -DNSS_3_4
SUB_LIBRARIES = \
$(DIST)/lib/crmf.lib \
$(DIST)/lib/smime3.lib \
$(DIST)/lib/ssl3.lib \
$(DIST)/lib/nss3.lib \
$(DIST)/lib/softokn3.lib \
$(NULL)
!else
SUB_LIBRARIES = \ SUB_LIBRARIES = \
$(DIST)/lib/smime.lib \ $(DIST)/lib/smime.lib \
$(DIST)/lib/crmf.lib \ $(DIST)/lib/crmf.lib \
@ -97,6 +108,7 @@ SUB_LIBRARIES = \
$(DIST)/lib/secutil.lib \ $(DIST)/lib/secutil.lib \
$(DIST)/lib/dbm.lib \ $(DIST)/lib/dbm.lib \
$(NULL) $(NULL)
!endif
LLIBS = \ LLIBS = \
$(LIBNSPR) \ $(LIBNSPR) \
@ -134,4 +146,9 @@ include <$(DEPTH)\config\rules.mak>
libs:: $(DLL) libs:: $(DLL)
$(MAKE_INSTALL) $(DIST)\lib\nssckbi.dll $(DIST)\bin $(MAKE_INSTALL) $(DIST)\lib\nssckbi.dll $(DIST)\bin
!if defined(NSS_3_4)
$(MAKE_INSTALL) $(DIST)\lib\softokn3.dll $(DIST)\bin
$(MAKE_INSTALL) $(DIST)\lib\nss3.dll $(DIST)\bin
$(MAKE_INSTALL) $(DIST)\lib\smime3.dll $(DIST)\bin
$(MAKE_INSTALL) $(DIST)\lib\ssl3.dll $(DIST)\bin
!endif

47
security/manager/ssl/src/nsCrypto.cpp
Просмотреть файл

@ -63,6 +63,9 @@
extern "C" { extern "C" {
#include "crmf.h" #include "crmf.h"
#include "crmfi.h" #include "crmfi.h"
#ifdef NSS_3_4
#include "pk11pqg.h"
#endif
} }
#include "cmmf.h" #include "cmmf.h"
#include "nssb64.h" #include "nssb64.h"
@ -230,7 +233,7 @@ NS_INTERFACE_MAP_END_THREADSAFE
NS_IMPL_THREADSAFE_ADDREF(nsCryptoRunArgs) NS_IMPL_THREADSAFE_ADDREF(nsCryptoRunArgs)
NS_IMPL_THREADSAFE_RELEASE(nsCryptoRunArgs) NS_IMPL_THREADSAFE_RELEASE(nsCryptoRunArgs)
#if 1 #ifndef NSS_3_4
/* /*
* We're cheating for now so that escrowing keys on smart cards * We're cheating for now so that escrowing keys on smart cards
* will work. The NSS team gave us their blessing to do this * will work. The NSS team gave us their blessing to do this
@ -239,6 +242,9 @@ NS_IMPL_THREADSAFE_RELEASE(nsCryptoRunArgs)
extern "C" SECKEYPrivateKey* extern "C" SECKEYPrivateKey*
pk11_loadPrivKey(PK11SlotInfo *slot,SECKEYPrivateKey *privKey, pk11_loadPrivKey(PK11SlotInfo *slot,SECKEYPrivateKey *privKey,
SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive); SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive);
#define __FUNCTIONNAME_PK11_LoadPrivKey pk11_loadPrivKey
#else
#define __FUNCTIONNAME_PK11_LoadPrivKey PK11_LoadPrivKey
#endif #endif
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
@ -486,6 +492,18 @@ cryptojs_interpret_key_gen_type(char *keyAlg)
return invalidKeyGen; return invalidKeyGen;
} }
#ifdef NSS_3_4
#define __FUNCTIONNAME_PK11_PQG_ParamGen PK11_PQG_ParamGen
#define __FUNCTIONNAME_PK11_PQG_DestroyVerify PK11_PQG_DestroyVerify
#define __FUNCTIONNAME_PK11_PQG_DestroyParams PK11_PQG_DestroyParams
#define __WRAPPER_SEC_ASN1EncodeItem_Param4(p) SEC_ASN1_GET(p)
#else
#define __FUNCTIONNAME_PK11_PQG_ParamGen PQG_ParamGen
#define __FUNCTIONNAME_PK11_PQG_DestroyVerify PQG_DestroyVerify
#define __FUNCTIONNAME_PK11_PQG_DestroyParams PQG_DestroyParams
#define __WRAPPER_SEC_ASN1EncodeItem_Param4(p) p
#endif
//Take the string passed into us via crypto.generateCRMFRequest //Take the string passed into us via crypto.generateCRMFRequest
//as the keygen type parameter and convert it to parameters //as the keygen type parameter and convert it to parameters
//we can actually pass to the PKCS#11 layer. //we can actually pass to the PKCS#11 layer.
@ -533,13 +551,13 @@ nsConvertToActualKeyGenParams(PRUint32 keyGenMech, char *params,
returnParams = nsnull; returnParams = nsnull;
break; break;
} }
rv = PQG_ParamGen(0, &pqgParams, &vfy); rv = __FUNCTIONNAME_PK11_PQG_ParamGen(0, &pqgParams, &vfy);
if (vfy) { if (vfy) {
PQG_DestroyVerify(vfy); __FUNCTIONNAME_PK11_PQG_DestroyVerify(vfy);
} }
if (rv != SECSuccess) { if (rv != SECSuccess) {
if (pqgParams) { if (pqgParams) {
PQG_DestroyParams(pqgParams); __FUNCTIONNAME_PK11_PQG_DestroyParams(pqgParams);
} }
return nsnull; return nsnull;
} }
@ -580,7 +598,7 @@ nsFreeKeyGenParams(CK_MECHANISM_TYPE keyGenMechanism, void *params)
nsMemory::Free(params); nsMemory::Free(params);
break; break;
case CKM_DSA_KEY_PAIR_GEN: case CKM_DSA_KEY_PAIR_GEN:
PQG_DestroyParams(NS_STATIC_CAST(PQGParams*,params)); __FUNCTIONNAME_PK11_PQG_DestroyParams(NS_STATIC_CAST(PQGParams*,params));
break; break;
} }
} }
@ -691,7 +709,7 @@ cryptojs_generateOneKeyPair(JSContext *cx, nsKeyPairInfo *keyPairInfo,
//If we generated the key pair on the internal slot because the //If we generated the key pair on the internal slot because the
// keys were going to be escrowed, move the keys over right now. // keys were going to be escrowed, move the keys over right now.
if (willEscrow && intSlot) { if (willEscrow && intSlot) {
SECKEYPrivateKey *newPrivKey = pk11_loadPrivKey(origSlot, SECKEYPrivateKey *newPrivKey = __FUNCTIONNAME_PK11_LoadPrivKey(origSlot,
keyPairInfo->privKey, keyPairInfo->privKey,
keyPairInfo->pubKey, keyPairInfo->pubKey,
PR_TRUE, PR_TRUE); PR_TRUE, PR_TRUE);
@ -923,7 +941,7 @@ nsSetRegToken(CRMFCertRequest *certReq, char *regToken)
src.data = (unsigned char*)regToken; src.data = (unsigned char*)regToken;
src.len = nsCRT::strlen(regToken); src.len = nsCRT::strlen(regToken);
SECItem *derEncoded = SEC_ASN1EncodeItem(nsnull, nsnull, &src, SECItem *derEncoded = SEC_ASN1EncodeItem(nsnull, nsnull, &src,
SEC_UTF8StringTemplate); __WRAPPER_SEC_ASN1EncodeItem_Param4(SEC_UTF8StringTemplate));
if (!derEncoded) if (!derEncoded)
return NS_ERROR_FAILURE; return NS_ERROR_FAILURE;
@ -951,7 +969,7 @@ nsSetAuthenticator(CRMFCertRequest *certReq, char *authenticator)
src.data = (unsigned char*)authenticator; src.data = (unsigned char*)authenticator;
src.len = nsCRT::strlen(authenticator); src.len = nsCRT::strlen(authenticator);
SECItem *derEncoded = SEC_ASN1EncodeItem(nsnull, nsnull, &src, SECItem *derEncoded = SEC_ASN1EncodeItem(nsnull, nsnull, &src,
SEC_UTF8StringTemplate); __WRAPPER_SEC_ASN1EncodeItem_Param4(SEC_UTF8StringTemplate));
if (!derEncoded) if (!derEncoded)
return NS_ERROR_FAILURE; return NS_ERROR_FAILURE;
@ -1770,12 +1788,16 @@ nsCertAlreadyExists(SECItem *derCert)
if (!arena) if (!arena)
return PR_FALSE; //What else could we return? return PR_FALSE; //What else could we return?
#ifdef NSS_3_4
cert = CERT_FindCertByDERCert(handle, derCert);
#else
SECItem key; SECItem key;
SECStatus srv = CERT_KeyFromDERCert(arena, derCert, &key); SECStatus srv = CERT_KeyFromDERCert(arena, derCert, &key);
if (srv != SECSuccess) if (srv != SECSuccess)
return PR_FALSE; return PR_FALSE;
cert = CERT_FindCertByKey(handle, &key); cert = CERT_FindCertByKey(handle, &key);
#endif
if (cert) { if (cert) {
if (cert->isperm && !cert->nickname && !cert->emailAddr) { if (cert->isperm && !cert->nickname && !cert->emailAddr) {
//If the cert doesn't have a nickname or email addr, it is //If the cert doesn't have a nickname or email addr, it is
@ -1898,10 +1920,17 @@ nsCrypto::ImportUserCertificates(const nsAReadableString& aNickname,
// Let's figure out which nickname to give the cert. If // Let's figure out which nickname to give the cert. If
// a certificate with the same subject name already exists, // a certificate with the same subject name already exists,
// then just use that one, otherwise, get the default nickname. // then just use that one, otherwise, get the default nickname.
#ifdef NSS_3_4
if (currCert->nickname) {
localNick = currCert->nickname;
}
#else
if (currCert->subjectList && currCert->subjectList->entry && if (currCert->subjectList && currCert->subjectList->entry &&
currCert->subjectList->entry->nickname) { currCert->subjectList->entry->nickname) {
localNick = currCert->subjectList->entry->nickname; localNick = currCert->subjectList->entry->nickname;
} else if (nickname == nsnull || nickname[0] == '\0') { }
#endif
else if (nickname == nsnull || nickname[0] == '\0') {
localNick = default_nickname(currCert, ctx); localNick = default_nickname(currCert, ctx);
freeLocalNickname = PR_TRUE; freeLocalNickname = PR_TRUE;
} else { } else {

32
security/manager/ssl/src/nsKeygenHandler.cpp
Просмотреть файл

@ -22,7 +22,9 @@
extern "C" { extern "C" {
#include "secdert.h" #include "secdert.h"
#ifndef NSS_3_4
#include "keydbt.h" #include "keydbt.h"
#endif
} }
#include "nspr.h" #include "nspr.h"
#include "nsNSSComponent.h" // for PIPNSS string bundle calls. #include "nsNSSComponent.h" // for PIPNSS string bundle calls.
@ -31,6 +33,11 @@ extern "C" {
#include "cryptohi.h" #include "cryptohi.h"
#include "base64.h" #include "base64.h"
#include "secasn1.h" #include "secasn1.h"
#ifdef NSS_3_4
extern "C" {
#include "pk11pqg.h"
}
#endif
#include "nsProxiedService.h" #include "nsProxiedService.h"
#include "nsKeygenHandler.h" #include "nsKeygenHandler.h"
#include "nsVoidArray.h" #include "nsVoidArray.h"
@ -75,6 +82,27 @@ DERTemplate CERTPublicKeyAndChallengeTemplate[] =
{ 0, } { 0, }
}; };
#ifdef NSS_3_4
DERTemplate SECAlgorithmIDTemplate[] = {
{ DER_SEQUENCE,
0, NULL, sizeof(SECAlgorithmID) },
{ DER_OBJECT_ID,
offsetof(SECAlgorithmID,algorithm), },
{ DER_OPTIONAL | DER_ANY,
offsetof(SECAlgorithmID,parameters), },
{ 0, }
};
const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
{ SEC_ASN1_INTEGER, offsetof(PQGParams,prime) },
{ SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) },
{ SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
{ 0, }
};
#endif
static NS_DEFINE_IID(kFormProcessorIID, NS_IFORMPROCESSOR_IID); static NS_DEFINE_IID(kFormProcessorIID, NS_IFORMPROCESSOR_IID);
static NS_DEFINE_IID(kIDOMHTMLSelectElementIID, NS_IDOMHTMLSELECTELEMENT_IID); static NS_DEFINE_IID(kIDOMHTMLSelectElementIID, NS_IDOMHTMLSELECTELEMENT_IID);
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
@ -135,7 +163,11 @@ pqg_prime_bits(char *str)
done: done:
if (params) if (params)
#ifdef NSS_3_4
PK11_PQG_DestroyParams(params);
#else
PQG_DestroyParams(params); PQG_DestroyParams(params);
#endif
return primeBits; return primeBits;
} }

116
security/manager/ssl/src/nsNSSCertificate.cpp
Просмотреть файл

@ -32,7 +32,6 @@
* may use your version of this file under either the MPL or the * may use your version of this file under either the MPL or the
* GPL. * GPL.
* *
* $Id: nsNSSCertificate.cpp,v 1.58 2001-12-16 11:41:09 jaggernaut%netscape.com Exp $
*/ */
#include "prmem.h" #include "prmem.h"
@ -659,7 +658,13 @@ nsNSSCertificate::~nsNSSCertificate()
if (mCertType == nsNSSCertificate::USER_CERT) { if (mCertType == nsNSSCertificate::USER_CERT) {
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext(); nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
PK11_DeleteTokenCertAndKey(mCert, cxt); PK11_DeleteTokenCertAndKey(mCert, cxt);
} else if (!mCert->slot) { } else
#ifdef NSS_3_4
if (!PK11_IsReadOnly(mCert->slot))
#else
if (!mCert->slot)
#endif
{
// If the cert isn't a user cert and it is on an external token, // If the cert isn't a user cert and it is on an external token,
// then we'll just leave it as untrusted, but won't delete it // then we'll just leave it as untrusted, but won't delete it
// from the cert db. // from the cert db.
@ -852,21 +857,52 @@ nsNSSCertificate::FormatUIStrings(const nsAutoString &nickname, nsAutoString &ni
return rv; return rv;
} }
#ifdef NSS_3_4
#define NS_NSS_LONG 4
#define NS_NSS_GET_LONG(x) ((((unsigned long)((x)[0])) << 24) | \
(((unsigned long)((x)[1])) << 16) | \
(((unsigned long)((x)[2])) << 8) | \
((unsigned long)((x)[3])) )
#define NS_NSS_PUT_LONG(src,dest) (dest)[0] = (((src) >> 24) & 0xff); \
(dest)[1] = (((src) >> 16) & 0xff); \
(dest)[2] = (((src) >> 8) & 0xff); \
(dest)[3] = ((src) & 0xff);
#endif
/* readonly attribute string dbKey; */ /* readonly attribute string dbKey; */
NS_IMETHODIMP NS_IMETHODIMP
nsNSSCertificate::GetDbKey(char * *aDbKey) nsNSSCertificate::GetDbKey(char * *aDbKey)
{ {
SECStatus srv;
SECItem key; SECItem key;
NS_ENSURE_ARG(aDbKey); NS_ENSURE_ARG(aDbKey);
*aDbKey = nsnull; *aDbKey = nsnull;
#ifdef NSS_3_4
key.len = NS_NSS_LONG*4+mCert->serialNumber.len+mCert->derIssuer.len;
key.data = (unsigned char *)nsMemory::Alloc(key.len);
NS_NSS_PUT_LONG(0,key.data); // later put moduleID
NS_NSS_PUT_LONG(0,&key.data[NS_NSS_LONG]); // later put slotID
NS_NSS_PUT_LONG(mCert->serialNumber.len,&key.data[NS_NSS_LONG*2]);
NS_NSS_PUT_LONG(mCert->derIssuer.len,&key.data[NS_NSS_LONG*3]);
memcpy(&key.data[NS_NSS_LONG*4],mCert->serialNumber.data,
mCert->serialNumber.len);
memcpy(&key.data[NS_NSS_LONG*4+mCert->serialNumber.len],
mCert->derIssuer.data, mCert->derIssuer.len);
#else
SECStatus srv;
srv = CERT_KeyFromIssuerAndSN(mCert->arena, &mCert->derIssuer, srv = CERT_KeyFromIssuerAndSN(mCert->arena, &mCert->derIssuer,
&mCert->serialNumber, &key); &mCert->serialNumber, &key);
if (srv != SECSuccess) { if (srv != SECSuccess) {
return NS_ERROR_FAILURE; return NS_ERROR_FAILURE;
} }
#endif
*aDbKey = NSSBase64_EncodeItem(nsnull, nsnull, 0, &key); *aDbKey = NSSBase64_EncodeItem(nsnull, nsnull, 0, &key);
#ifdef NSS_3_4
nsMemory::Free(key.data); // SECItem is a 'c' type without a destrutor
#endif
return (*aDbKey) ? NS_OK : NS_ERROR_FAILURE; return (*aDbKey) ? NS_OK : NS_ERROR_FAILURE;
} }
@ -1742,6 +1778,12 @@ ProcessRawBytes(SECItem *data, nsString &text)
return NS_OK; return NS_OK;
} }
#ifdef NSS_3_4
#define __WRAPPER_SEC_ASN1DecodeItem_Param3(p) SEC_ASN1_GET(p)
#else
#define __WRAPPER_SEC_ASN1DecodeItem_Param3(p) p
#endif
static nsresult static nsresult
ProcessNSCertTypeExtensions(SECItem *extData, ProcessNSCertTypeExtensions(SECItem *extData,
nsString &text, nsString &text,
@ -1750,7 +1792,8 @@ ProcessNSCertTypeExtensions(SECItem *extData,
SECItem decoded; SECItem decoded;
decoded.data = nsnull; decoded.data = nsnull;
decoded.len = 0; decoded.len = 0;
SEC_ASN1DecodeItem(nsnull, &decoded, SEC_BitStringTemplate, extData); SEC_ASN1DecodeItem(nsnull, &decoded,
__WRAPPER_SEC_ASN1DecodeItem_Param3(SEC_BitStringTemplate), extData);
unsigned char nsCertType = decoded.data[0]; unsigned char nsCertType = decoded.data[0];
nsString local; nsString local;
nsMemory::Free(decoded.data); nsMemory::Free(decoded.data);
@ -1806,7 +1849,8 @@ ProcessKeyUsageExtension(SECItem *extData, nsString &text,
SECItem decoded; SECItem decoded;
decoded.data = nsnull; decoded.data = nsnull;
decoded.len = 0; decoded.len = 0;
SEC_ASN1DecodeItem(nsnull, &decoded, SEC_BitStringTemplate, extData); SEC_ASN1DecodeItem(nsnull, &decoded,
__WRAPPER_SEC_ASN1DecodeItem_Param3(SEC_BitStringTemplate), extData);
unsigned char keyUsage = decoded.data[0]; unsigned char keyUsage = decoded.data[0];
nsString local; nsString local;
nsMemory::Free(decoded.data); nsMemory::Free(decoded.data);
@ -2551,14 +2595,37 @@ nsNSSCertificateDB::GetCertByDBKey(const char *aDBkey, nsIPK11Token *aToken,
{ {
SECItem keyItem = {siBuffer, nsnull, 0}; SECItem keyItem = {siBuffer, nsnull, 0};
SECItem *dummy; SECItem *dummy;
#ifdef NSS_3_4
CERTIssuerAndSN issuerSN;
unsigned long moduleID,slotID;
#endif
*_cert = nsnull; *_cert = nsnull;
if (!aDBkey) return NS_ERROR_FAILURE; if (!aDBkey) return NS_ERROR_FAILURE;
dummy = NSSBase64_DecodeBuffer(nsnull, &keyItem, aDBkey, dummy = NSSBase64_DecodeBuffer(nsnull, &keyItem, aDBkey,
(PRUint32)PL_strlen(aDBkey)); (PRUint32)PL_strlen(aDBkey));
#ifdef NSS_3_4
// the future is now, the cert is not longer loaded into temp db's forn now
// just fail
CERTCertificate *cert;
// someday maybe we can speed up the search using the moduleID and slotID
moduleID = NS_NSS_GET_LONG(keyItem.data);
slotID = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG]);
// build the issuer/SN structure
issuerSN.serialNumber.len = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG*2]);
issuerSN.derIssuer.len = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG*3]);
issuerSN.serialNumber.data= &keyItem.data[NS_NSS_LONG*4];
issuerSN.derIssuer.data= &keyItem.data[NS_NSS_LONG*4+
issuerSN.serialNumber.len];
cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN);
#else
// In the future, this should actually look on the token. But for now, // In the future, this should actually look on the token. But for now,
// take it for granted that the cert has been loaded into the temp db. // take it for granted that the cert has been loaded into the temp db.
CERTCertificate *cert = CERT_FindCertByKey(CERT_GetDefaultCertDB(), CERTCertificate *cert = CERT_FindCertByKey(CERT_GetDefaultCertDB(),
&keyItem); &keyItem);
#endif
PR_FREEIF(keyItem.data); PR_FREEIF(keyItem.data);
if (cert) { if (cert) {
nsNSSCertificate *nssCert = new nsNSSCertificate(cert); nsNSSCertificate *nssCert = new nsNSSCertificate(cert);
@ -2630,7 +2697,17 @@ nsNSSCertificateDB::GetCertsByType(PRUint32 aType,
nsresult rv = NS_NewISupportsArray(getter_AddRefs(certarray)); nsresult rv = NS_NewISupportsArray(getter_AddRefs(certarray));
if (NS_FAILED(rv)) return PR_FALSE; if (NS_FAILED(rv)) return PR_FALSE;
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext(); nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
#ifdef NSS_3_4
if (aType == nsIX509Cert::USER_CERT) {
certList = PK11_ListCerts(PK11CertListUser, cxt);
} else if (aType == nsIX509Cert::CA_CERT) {
certList = PK11_ListCerts(PK11CertListCA, cxt); /* or RootUnique? */
} else {
certList = PK11_ListCerts(PK11CertListUnique, cxt);
}
#else
certList = PK11_ListCerts(PK11CertListUnique, cxt); certList = PK11_ListCerts(PK11CertListUnique, cxt);
#endif
CERTCertListNode *node; CERTCertListNode *node;
int i, count = 0; int i, count = 0;
for (node = CERT_LIST_HEAD(certList); for (node = CERT_LIST_HEAD(certList);
@ -3153,10 +3230,20 @@ nsNSSCertificateDB::ImportUserCertificate(char *data, PRUint32 length, nsIInterf
PK11_FreeSlot(slot); PK11_FreeSlot(slot);
/* pick a nickname for the cert */ /* pick a nickname for the cert */
#ifdef NSS_3_4
if (cert->nickname) {
/* sigh, we need a call to look up other certs with this subject and
* identify nicknames from them. We can no longer walk down internal
* database structures rjr */
nickname = cert->nickname;
}
#else
if (cert->subjectList && cert->subjectList->entry && if (cert->subjectList && cert->subjectList->entry &&
cert->subjectList->entry->nickname) { cert->subjectList->entry->nickname) {
nickname = cert->subjectList->entry->nickname; nickname = cert->subjectList->entry->nickname;
} else { }
#endif
else {
nickname = default_nickname(cert, ctx); nickname = default_nickname(cert, ctx);
} }
@ -3526,14 +3613,20 @@ nsNSSCertificateDB::GetOCSPResponders(nsISupportsArray ** aResponders)
return rv; return rv;
} }
#ifdef NSS_3_4
sec_rv = PK11_TraverseSlotCerts(::GetOCSPResponders,
respondersArray,
nsnull);
#else
sec_rv = SEC_TraversePermCerts(CERT_GetDefaultCertDB(), sec_rv = SEC_TraversePermCerts(CERT_GetDefaultCertDB(),
::GetOCSPResponders, ::GetOCSPResponders,
respondersArray); respondersArray);
if (sec_rv == SECSuccess) { if (sec_rv == SECSuccess) {
sec_rv = PK11_TraverseSlotCerts(::GetOCSPResponders, sec_rv = PK11_TraverseSlotCerts(::GetOCSPResponders,
respondersArray, respondersArray,
nsnull); nsnull);
} }
#endif
if (sec_rv != SECSuccess) { if (sec_rv != SECSuccess) {
goto loser; goto loser;
} }
@ -3676,7 +3769,7 @@ nsNSSCertificateDB::ImportCrl (char *aData, PRUint32 aLength, nsIURI * aURI, PRU
} }
} else { } else {
sec_rv = SEC_ASN1DecodeItem(arena, sec_rv = SEC_ASN1DecodeItem(arena,
&sd, CERT_SignedDataTemplate, &sd, __WRAPPER_SEC_ASN1DecodeItem_Param3(CERT_SignedDataTemplate),
&derCrl); &derCrl);
if (sec_rv != SECSuccess) { if (sec_rv != SECSuccess) {
goto loser; goto loser;
@ -4273,8 +4366,13 @@ nsNSSCertificateDB::GetCertByEmailAddress(nsIPK11Token *aToken, const char *aEma
SECStatus sec_rv; SECStatus sec_rv;
nsresult rv = NS_OK; nsresult rv = NS_OK;
#ifdef NSS_3_4
// fix this... rjr
certList = nsnull;
#else
certList = CERT_CreateEmailAddrCertList(nsnull, CERT_GetDefaultCertDB(), certList = CERT_CreateEmailAddrCertList(nsnull, CERT_GetDefaultCertDB(),
(char*)aEmailAddress, PR_Now(), PR_TRUE); (char*)aEmailAddress, PR_Now(), PR_TRUE);
#endif
if (certList == nsnull) { if (certList == nsnull) {
rv = NS_ERROR_FAILURE; rv = NS_ERROR_FAILURE;
goto loser; goto loser;

8
security/manager/ssl/src/nsNSSCertificate.h
Просмотреть файл

@ -40,11 +40,19 @@
#include "nsIX509Cert.h" #include "nsIX509Cert.h"
#include "nsIX509CertDB.h" #include "nsIX509CertDB.h"
#ifdef NSS_3_4
/* private NSS defines used by PSM */
/* (must be declated before cert.h) */
#define CERT_NewTempCertificate __CERT_NewTempCertificate
#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm
#endif
#include "prtypes.h" #include "prtypes.h"
#include "cert.h" #include "cert.h"
#include "secitem.h" #include "secitem.h"
#include "nsString.h" #include "nsString.h"
class nsINSSComponent; class nsINSSComponent;
/* Certificate */ /* Certificate */

31
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -77,7 +77,9 @@
#include "ocsp.h" #include "ocsp.h"
#include "cms.h" #include "cms.h"
extern "C" { extern "C" {
#ifndef NSS_3_4
#include "pkcs11.h" #include "pkcs11.h"
#endif
#include "pkcs12.h" #include "pkcs12.h"
#include "p12plcy.h" #include "p12plcy.h"
} }
@ -922,6 +924,7 @@ nsNSSComponent::InitializeNSS()
ConfigureInternalPKCS11Token(); ConfigureInternalPKCS11Token();
if (::NSS_InitReadWrite(profileStr) != SECSuccess) { if (::NSS_InitReadWrite(profileStr) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr));
if (supress_warning_preference) { if (supress_warning_preference) {
which_nss_problem = problem_none; which_nss_problem = problem_none;
@ -932,6 +935,7 @@ nsNSSComponent::InitializeNSS()
// try to init r/o // try to init r/o
if (NSS_Init(profileStr) != SECSuccess) { if (NSS_Init(profileStr) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init in r/o either\n"));
which_nss_problem = problem_no_security_at_all; which_nss_problem = problem_no_security_at_all;
NSS_NoDB_Init(profileStr); NSS_NoDB_Init(profileStr);
@ -987,22 +991,37 @@ nsNSSComponent::InitializeNSS()
if (problem_none != which_nss_problem) { if (problem_none != which_nss_problem) {
nsString message; nsString message;
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS problem, trying to bring up GUI error message\n"));
// We might want to use different messages, depending on what failed. // We might want to use different messages, depending on what failed.
// For now, let's use the same message. // For now, let's use the same message.
nsresult rv = GetPIPNSSBundleString(NS_LITERAL_STRING("NSSInitProblem").get(), message); nsresult rv = GetPIPNSSBundleString(NS_LITERAL_STRING("NSSInitProblem").get(), message);
if (NS_SUCCEEDED(rv)) { if (NS_SUCCEEDED(rv)) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get error string\n"));
nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService("@mozilla.org/embedcomp/window-watcher;1")); nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService("@mozilla.org/embedcomp/window-watcher;1"));
if (wwatch) { if (!wwatch) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get window watcher\n"));
}
else {
nsCOMPtr<nsIPrompt> prompter; nsCOMPtr<nsIPrompt> prompter;
wwatch->GetNewPrompter(0, getter_AddRefs(prompter)); wwatch->GetNewPrompter(0, getter_AddRefs(prompter));
if (prompter) { if (!prompter) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get window prompter\n"));
}
else {
nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID)); nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID));
if (proxyman) { if (!proxyman) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get proxy manager\n"));
}
else {
nsCOMPtr<nsIPrompt> proxyPrompt; nsCOMPtr<nsIPrompt> proxyPrompt;
proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ, NS_GET_IID(nsIPrompt), proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ, NS_GET_IID(nsIPrompt),
prompter, PROXY_SYNC, getter_AddRefs(proxyPrompt)); prompter, PROXY_SYNC, getter_AddRefs(proxyPrompt));
if (proxyPrompt) { if (!proxyPrompt) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get proxy for nsIPrompt\n"));
}
else {
proxyPrompt->Alert(nsnull, message.get()); proxyPrompt->Alert(nsnull, message.get());
} }
} }
@ -1171,8 +1190,12 @@ static PRBool DecryptionAllowedCallback(SECAlgorithmID *algid,
return SECMIME_DecryptionAllowed(algid, bulkkey); return SECMIME_DecryptionAllowed(algid, bulkkey);
} }
#ifdef NSS_3_4
static void * GetPasswordKeyCallback(void *arg, void *handle)
#else
static SECItem * GetPasswordKeyCallback(void *arg, static SECItem * GetPasswordKeyCallback(void *arg,
SECKEYKeyDBHandle *handle) SECKEYKeyDBHandle *handle)
#endif
{ {
return NULL; return NULL;
} }

10
security/manager/ssl/src/nsPKCS11Slot.cpp
Просмотреть файл

@ -280,7 +280,12 @@ NS_IMETHODIMP
nsPKCS11ModuleDB::GetInternal(nsIPKCS11Module **_retval) nsPKCS11ModuleDB::GetInternal(nsIPKCS11Module **_retval)
{ {
nsCOMPtr<nsIPKCS11Module> module = nsCOMPtr<nsIPKCS11Module> module =
#ifdef NSS_3_4
new nsPKCS11Module(SECMOD_CreateModule(NULL,SECMOD_INT_NAME,
NULL,SECMOD_INT_FLAGS));
#else
new nsPKCS11Module(SECMOD_GetInternalModule()); new nsPKCS11Module(SECMOD_GetInternalModule());
#endif
if (!module) if (!module)
return NS_ERROR_OUT_OF_MEMORY; return NS_ERROR_OUT_OF_MEMORY;
*_retval = module; *_retval = module;
@ -293,7 +298,12 @@ NS_IMETHODIMP
nsPKCS11ModuleDB::GetInternalFIPS(nsIPKCS11Module **_retval) nsPKCS11ModuleDB::GetInternalFIPS(nsIPKCS11Module **_retval)
{ {
nsCOMPtr<nsIPKCS11Module> module = nsCOMPtr<nsIPKCS11Module> module =
#ifdef NSS_3_4
new nsPKCS11Module(SECMOD_CreateModule(NULL, SECMOD_FIPS_NAME, NULL,
SECMOD_FIPS_FLAGS));
#else
new nsPKCS11Module(SECMOD_GetFIPSInternal()); new nsPKCS11Module(SECMOD_GetFIPSInternal());
#endif
if (!module) if (!module)
return NS_ERROR_OUT_OF_MEMORY; return NS_ERROR_OUT_OF_MEMORY;
*_retval = module; *_retval = module;