b=115010 Mail/News UI must provide detail info on signature/encryption status

r=javi sr=mscott
This commit is contained in:
kaie%netscape.com 2002-01-16 04:29:26 +00:00
Родитель 1c61776f7a
Коммит fba86ece7a
6 изменённых файлов: 311 добавлений и 142 удалений

Просмотреть файл

@ -30,14 +30,17 @@ var smimeHeaderSink =
{
signedStatus: function(aValidSignature)
{
gSignedUINode.collapsed = false;
gSMIMEContainer.collapsed = false;
if (aValidSignature)
{
gSignedUINode.collapsed = false;
gSMIMEContainer.collapsed = false;
gSignedUINode.value = "<signed>";
}
else
{
// show a broken signature icon....
gSignedUINode.value = "<invalid signature>";
}
gSignedUIVisible = true;
@ -45,14 +48,17 @@ var smimeHeaderSink =
encryptionStatus: function(aValidEncryption)
{
gEncryptedUINode.collapsed = false;
gSMIMEContainer.collapsed = false;
if (aValidEncryption)
{
gEncryptedUINode.collapsed = false;
gSMIMEContainer.collapsed = false;
gEncryptedUINode.value = "<encrypted>";
}
else
{
// show a broken encryption icon....
gEncryptedUINode.value = "<invalid encryption>";
}
gEncryptionUIVisible = true;
@ -105,3 +111,6 @@ function msgHdrViewSMIMEOnLoad(event)
addEventListener('messagepane-loaded', msgHdrViewSMIMEOnLoad, true);
function showMessageSecurityInfo()
{
}

Просмотреть файл

@ -29,8 +29,8 @@
<hbox id="expandedHeaderView">
<vbox id="smimeBox" insertafter="expandedHeaders">
<spacer flex="1"/>
<label id="encryptedText" value="&lt;Encrypted&gt;" collapsed="true"/>
<label id="signedText" value="&lt;Signed&gt;" collapsed="true"/>
<label id="encryptedText" onclick="showMessageSecurityInfo();" collapsed="true"/>
<label id="signedText" onclick="showMessageSecurityInfo();" collapsed="true"/>
<spacer flex="1"/>
</vbox>
</hbox>

Просмотреть файл

@ -87,7 +87,8 @@ MimeEncryptedCMSClassInitialize(MimeEncryptedCMSClass *clazz)
}
typedef struct MimeCMSdata {
typedef struct MimeCMSdata
{
int (*output_fn) (const char *buf, PRInt32 buf_size, void *output_closure);
void *output_closure;
nsCOMPtr<nsICMSDecoder> decoder_context;
@ -99,6 +100,31 @@ typedef struct MimeCMSdata {
MimeObject *self;
PRBool parent_is_encrypted_p;
PRBool parent_holds_stamp_p;
MimeCMSdata()
:output_fn(nsnull),
output_closure(nsnull),
ci_is_encrypted(PR_FALSE),
sender_addr(nsnull),
decode_error(PR_FALSE),
verify_error(PR_FALSE),
self(nsnull),
parent_is_encrypted_p(PR_FALSE),
parent_holds_stamp_p(PR_FALSE)
{
}
~MimeCMSdata()
{
PR_FREEIF(sender_addr);
// Do an orderly release of nsICMSDecoder and nsICMSMessage //
if (decoder_context)
{
nsCOMPtr<nsICMSMessage> cinfo;
decoder_context->Finish(getter_AddRefs(cinfo));
}
}
} MimeCMSdata;
@ -311,11 +337,9 @@ MimeCMS_init(MimeObject *obj,
if (!(obj && obj->options && output_fn)) return 0;
opts = obj->options;
data = (MimeCMSdata *) PR_MALLOC(sizeof(*data));
data = new MimeCMSdata;
if (!data) return 0;
nsCRT::memset(data, 0, sizeof(*data));
data->self = obj;
data->output_fn = output_fn;
data->output_closure = output_closure;
@ -371,8 +395,9 @@ MimeCMS_eof (void *crypto_closure, PRBool abort_p)
MimeCMSdata *data = (MimeCMSdata *) crypto_closure;
nsresult rv;
if (!data || !data->output_fn || !data->decoder_context)
return -1;
if (!data || !data->output_fn || !data->decoder_context) {
return -1;
}
/* Hand an EOF to the crypto library. It may call data->output_fn.
(Today, the crypto library has no flushing to do, but maybe there
@ -385,6 +410,11 @@ MimeCMS_eof (void *crypto_closure, PRBool abort_p)
PR_SetError(0, 0);
rv = data->decoder_context->Finish(getter_AddRefs(data->content_info));
/* Is the content info encrypted? */
if (data->content_info) {
data->ci_is_encrypted = PR_TRUE;
}
if (NS_FAILED(rv))
data->verify_error = PR_GetError();
@ -413,18 +443,18 @@ MimeCMS_eof (void *crypto_closure, PRBool abort_p)
smimeHeaderSink = do_QueryInterface(securityInfo);
if (smimeHeaderSink)
{
smimeHeaderSink->EncryptionStatus(NS_SUCCEEDED(rv));
smimeHeaderSink->EncryptionStatus(
data->ci_is_encrypted
&& !data->verify_error
&& !data->decode_error
&& NS_SUCCEEDED(rv)
);
}
} // if channel
} // if msd
data->decoder_context = 0;
/* Is the content info encrypted? */
if (data->content_info) {
data->ci_is_encrypted = PR_TRUE;
}
return 0;
}
@ -433,24 +463,8 @@ MimeCMS_free (void *crypto_closure)
{
MimeCMSdata *data = (MimeCMSdata *) crypto_closure;
if (!data) return;
PR_FREEIF(data->sender_addr);
if (data->content_info)
{
// Free reference to nsICMSMessage //
data->content_info = 0;
}
// Do an orderly release of nsICMSDecoder and nsICMSMessage //
if (data->decoder_context)
{
nsCOMPtr<nsICMSMessage> cinfo;
data->decoder_context->Finish(getter_AddRefs(cinfo));
data->decoder_context = 0;
}
PR_FREEIF(data);
delete data;
}
char *
@ -518,7 +532,7 @@ MimeCMS_generate (void *crypto_closure)
PRBool self_signed_p = PR_FALSE;
PRBool self_encrypted_p = PR_FALSE;
PRBool union_encrypted_p = PR_FALSE;
PRBool good_p = PR_TRUE;
PRBool good_p = PR_FALSE;
PRBool unverified_p = PR_FALSE;
if (!data || !data->output_fn) return 0;
@ -534,20 +548,21 @@ MimeCMS_generate (void *crypto_closure)
PR_SetError(0, 0);
good_p = data->content_info->VerifySignature();
if (!good_p)
{
if (!data->verify_error)
data->verify_error = PR_GetError();
if (data->verify_error >= 0)
data->verify_error = -1;
}
{
if (!data->verify_error)
data->verify_error = PR_GetError();
if (data->verify_error >= 0)
data->verify_error = -1;
}
else
{
good_p = MimeCMSHeadersAndCertsMatch(data->self,
data->content_info,
&data->sender_addr);
if (!good_p && !data->verify_error)
// data->verify_error = SEC_ERROR_CERT_ADDR_MISMATCH; XXX Fix later XXX //
data->verify_error = -1;
if (!good_p && !data->verify_error) {
// data->verify_error = SEC_ERROR_CERT_ADDR_MISMATCH; XXX Fix later XXX //
data->verify_error = -1;
}
}
}
@ -571,36 +586,37 @@ MimeCMS_generate (void *crypto_closure)
/* No content info? Something's horked. Guess. */
self_encrypted_p = PR_TRUE;
union_encrypted_p = PR_TRUE;
good_p = PR_FALSE;
if (!data->decode_error && !data->verify_error)
data->decode_error = -1;
data->decode_error = -1;
}
unverified_p = data->self->options->missing_parts;
if (data->self && data->self->parent)
if (data->self && data->self->parent) {
mime_set_crypto_stamp(data->self->parent, self_signed_p, self_encrypted_p);
}
{
char *stamp_url = 0, *result = nsnull;
if (data->self)
{
if (unverified_p && data->self->options)
// stamp_url = IMAP_CreateReloadAllPartsUrl(data->self->options->url); XXX Fix later XXX //
stamp_url = nsnull;
else
stamp_url = MimeCMS_MakeSAURL(data->self);
}
char *stamp_url = 0, *result = nsnull;
if (data->self)
{
if (unverified_p && data->self->options) {
// stamp_url = IMAP_CreateReloadAllPartsUrl(data->self->options->url); XXX Fix later XXX //
stamp_url = nsnull;
}
else {
stamp_url = MimeCMS_MakeSAURL(data->self);
}
}
result =
MimeHeaders_make_crypto_stamp (union_encrypted_p,
self_signed_p,
good_p,
unverified_p,
data->parent_holds_stamp_p,
stamp_url);
PR_FREEIF(stamp_url);
return result;
result =
MimeHeaders_make_crypto_stamp (union_encrypted_p,
self_signed_p,
good_p,
unverified_p,
data->parent_holds_stamp_p,
stamp_url);
PR_FREEIF(stamp_url);
return result;
}
}

Просмотреть файл

@ -97,7 +97,8 @@ MimeMultipartSignedCMS_initialize (MimeObject *object)
}
typedef struct MimeMultCMSdata {
typedef struct MimeMultCMSdata
{
PRInt16 hash_type;
nsCOMPtr<nsIHash> data_hash_context;
nsCOMPtr<nsICMSDecoder> sig_decoder_context;
@ -110,6 +111,32 @@ typedef struct MimeMultCMSdata {
MimeObject *self;
PRBool parent_is_encrypted_p;
PRBool parent_holds_stamp_p;
MimeMultCMSdata()
:hash_type(0),
sender_addr(nsnull),
decode_error(0),
verify_error(0),
item_data(nsnull),
self(nsnull),
parent_is_encrypted_p(PR_FALSE),
parent_holds_stamp_p(PR_FALSE)
{
}
~MimeMultCMSdata()
{
PR_FREEIF(sender_addr);
// Do a graceful shutdown of the nsICMSDecoder and release the nsICMSMessage //
if (sig_decoder_context)
{
nsCOMPtr<nsICMSMessage> cinfo;
sig_decoder_context->Finish(getter_AddRefs(cinfo));
}
delete [] item_data;
}
} MimeMultCMSdata;
@ -181,10 +208,9 @@ MimeMultCMS_init (MimeObject *obj)
if (hash_type == nsIHash::HASH_AlgNULL) return 0; /* #### bogus message? */
data = (MimeMultCMSdata *) PR_MALLOC(sizeof(*data));
if (!data) return 0;
nsCRT::memset(data, 0, sizeof(*data));
data = new MimeMultCMSdata;
if (!data)
return 0;
data->self = obj;
data->hash_type = hash_type;
@ -202,7 +228,7 @@ MimeMultCMS_init (MimeObject *obj)
data->decode_error = PR_GetError();
if (data->decode_error)
{
PR_Free(data);
delete data;
return 0;
}
}
@ -252,7 +278,7 @@ MimeMultCMS_data_eof (void *crypto_closure, PRBool abort_p)
}
data->data_hash_context->ResultLen(data->hash_type, &data->item_len);
data->item_data = (unsigned char *) PR_MALLOC(data->item_len);
data->item_data = new unsigned char[data->item_len];
if (!data->item_data) return MIME_OUT_OF_MEMORY;
PR_SetError(0, 0);
@ -364,29 +390,7 @@ MimeMultCMS_free (void *crypto_closure)
MimeMultCMSdata *data = (MimeMultCMSdata *) crypto_closure;
if (!data) return;
PR_FREEIF(data->sender_addr);
if (data->data_hash_context)
{
// Release our reference to nsIHash //
data->data_hash_context = 0;
}
// Do a graceful shutdown of the nsICMSDecoder and release the nsICMSMessage //
if (data->sig_decoder_context)
{
nsCOMPtr<nsICMSMessage> cinfo;
data->sig_decoder_context->Finish(getter_AddRefs(cinfo));
}
if (data->content_info)
{
// Release our reference to nsICMSMessage //
data->content_info = 0;
}
PR_FREEIF(data->item_data);
PR_FREEIF(data);
delete data;
}
static char *
@ -394,7 +398,7 @@ MimeMultCMS_generate (void *crypto_closure)
{
MimeMultCMSdata *data = (MimeMultCMSdata *) crypto_closure;
PRBool signed_p = PR_TRUE;
PRBool good_p = PR_TRUE;
PRBool good_p = PR_FALSE;
PRBool encrypted_p;
PRBool unverified_p = PR_FALSE;
nsresult rv;
@ -405,10 +409,12 @@ MimeMultCMS_generate (void *crypto_closure)
{
rv = data->content_info->VerifyDetachedSignature(data->item_data, data->item_len);
if (NS_FAILED(rv)) {
if (!data->verify_error)
if (!data->verify_error) {
data->verify_error = PR_GetError();
if (data->verify_error >= 0)
}
if (data->verify_error >= 0) {
data->verify_error = -1;
}
} else {
good_p = MimeCMSHeadersAndCertsMatch(data->self,
data->content_info,
@ -421,9 +427,9 @@ MimeMultCMS_generate (void *crypto_closure)
#if 0 // XXX Fix this. What do we do here? //
if (SEC_CMSContainsCertsOrCrls(data->content_info))
{
{
/* #### call libsec telling it to import the certs */
}
#endif
/* Don't free these yet -- keep them around for the lifetime of the
@ -441,7 +447,6 @@ MimeMultCMS_generate (void *crypto_closure)
before the signature part, or we ran out of memory, or something
awful has happened. Anyway, it sure ain't good_p.
*/
good_p = PR_FALSE;
}
mime_stream_data *msd = (mime_stream_data *) (data->self->options->stream_closure);
@ -476,27 +481,27 @@ MimeMultCMS_generate (void *crypto_closure)
unverified_p = data->self->options->missing_parts;
if (data->self && data->self->parent)
mime_set_crypto_stamp(data->self->parent, signed_p, encrypted_p);
if (data->self && data->self->parent) {
mime_set_crypto_stamp(data->self->parent, signed_p, encrypted_p);
}
{
char *stamp_url = 0, *result;
if (data->self)
{
if (unverified_p && data->self->options) {
// XXX Fix this stamp_url = IMAP_CreateReloadAllPartsUrl(data->self->options->url); XXX //
} else {
stamp_url = MimeCMS_MakeSAURL(data->self);
char *stamp_url = 0, *result;
if (data->self)
{
if (unverified_p && data->self->options) {
// XXX Fix this stamp_url = IMAP_CreateReloadAllPartsUrl(data->self->options->url); XXX //
} else {
stamp_url = MimeCMS_MakeSAURL(data->self);
}
}
}
result =
MimeHeaders_make_crypto_stamp (encrypted_p, signed_p, good_p,
unverified_p,
data->parent_holds_stamp_p,
stamp_url);
PR_FREEIF(stamp_url);
return result;
result =
MimeHeaders_make_crypto_stamp (encrypted_p, signed_p, good_p,
unverified_p,
data->parent_holds_stamp_p,
stamp_url);
PR_FREEIF(stamp_url);
return result;
}
}

Просмотреть файл

@ -42,6 +42,11 @@
#include "smime.h"
#include "cms.h"
#include "prlog.h"
#ifdef PR_LOGGING
extern PRLogModuleInfo* gPIPNSSLog;
#endif
NS_IMPL_THREADSAFE_ISUPPORTS1(nsHash, nsIHash)
nsHash::nsHash() : m_ctxt(nsnull)
@ -112,31 +117,37 @@ nsCMSMessage::~nsCMSMessage()
NS_IMETHODIMP nsCMSMessage::VerifySignature()
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifySignature\n"));
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsCMSMessage::GetSignerEmailAddress(char * * aEmail)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::GetSignerEmailAddress\n"));
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsCMSMessage::GetSignerCommonName(char ** aName)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::GetSignerCommonName\n"));
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsCMSMessage::ContentIsEncrypted(int *)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::ContentIsEncrypted\n"));
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsCMSMessage::ContentIsSigned(int *)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::ContentIsSigned\n"));
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsCMSMessage::VerifyDetachedSignature(unsigned char* aDigestData, PRUint32 aDigestDataLen)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature\n"));
NSSCMSContentInfo *cinfo = nsnull;
NSSCMSSignedData *sigd = nsnull;
NSSCMSSignerInfo *si;
@ -148,35 +159,49 @@ NS_IMETHODIMP nsCMSMessage::VerifyDetachedSignature(unsigned char* aDigestData,
digest.len = aDigestDataLen;
if (NSS_CMSMessage_IsSigned(m_cmsMsg) == PR_FALSE) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - not signed\n"));
return NS_ERROR_FAILURE;
}
cinfo = NSS_CMSMessage_ContentLevel(m_cmsMsg, 0);
sigd = (NSSCMSSignedData*)NSS_CMSContentInfo_GetContent(cinfo);
if (sigd == nsnull) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - no content info\n"));
goto loser;
}
if (NSS_CMSSignedData_SetDigestValue(sigd, SEC_OID_SHA1, &digest)) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - can't set digest value\n"));
goto loser;
}
// Import certs //
if (NSS_CMSSignedData_ImportCerts(sigd, CERT_GetDefaultCertDB(), certUsageEmailSigner, PR_TRUE) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - can not import certs\n"));
goto loser;
}
nsigners = NSS_CMSSignedData_SignerInfoCount(sigd);
PR_ASSERT(nsigners > 0);
si = NSS_CMSSignedData_GetSignerInfo(sigd, 0);
// We verify the first signer info, only //
if (NSS_CMSSignedData_VerifySignerInfo(sigd, 0, CERT_GetDefaultCertDB(), certUsageEmailSigner) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - unable to verify signature\n"));
#ifdef DEBUG
if (NSSCMSVS_SigningCertNotFound == si->verificationStatus) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - signing cert not found\n"));
}
else if(NSSCMSVS_SigningCertNotTrusted == si->verificationStatus) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - signing cert not trusted\n"));
}
#endif
goto loser;
}
// Save the profile //
si = NSS_CMSSignedData_GetSignerInfo(sigd, 0);
if (NSS_SMIMESignerInfo_SaveSMIMEProfile(si) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - unable to save smime profile\n"));
goto loser;
}
@ -187,6 +212,7 @@ loser:
NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsISupportsArray * aRecipientCerts)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted\n"));
NSSCMSContentInfo *cinfo;
NSSCMSEnvelopedData *envd;
NSSCMSRecipientInfo *recipientInfo;
@ -220,34 +246,41 @@ NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsISupportsArray * aRecipientCerts)
// Find a bulk key algorithm //
if (NSS_SMIMEUtil_FindBulkAlgForRecipients(recipientCerts, &bulkAlgTag,
&keySize) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't find bulk alg for recipients\n"));
goto loser;
}
m_cmsMsg = NSS_CMSMessage_Create(NULL);
if (m_cmsMsg == nsnull) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create new cms message\n"));
goto loser;
}
if ((envd = NSS_CMSEnvelopedData_Create(m_cmsMsg, bulkAlgTag, keySize)) == nsnull) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create enveloped data\n"));
goto loser;
}
cinfo = NSS_CMSMessage_GetContentInfo(m_cmsMsg);
if (NSS_CMSContentInfo_SetContent_EnvelopedData(m_cmsMsg, cinfo, envd) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't set content enveloped data\n"));
goto loser;
}
cinfo = NSS_CMSEnvelopedData_GetContentInfo(envd);
if (NSS_CMSContentInfo_SetContent_Data(m_cmsMsg, cinfo, nsnull, PR_FALSE) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't set content data\n"));
goto loser;
}
// Create and attach recipient information //
for (i=0; recipientCerts[i] != nsnull; i++) {
if ((recipientInfo = NSS_CMSRecipientInfo_Create(m_cmsMsg, recipientCerts[i])) == nsnull) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create recipient info\n"));
goto loser;
}
if (NSS_CMSEnvelopedData_AddRecipient(envd, recipientInfo) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't add recipient info\n"));
goto loser;
}
}
@ -271,6 +304,7 @@ loser:
NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert* aEncryptCert, unsigned char* aDigestData, PRUint32 aDigestDataLen)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned\n"));
NSSCMSContentInfo *cinfo;
NSSCMSSignedData *sigd;
NSSCMSSignerInfo *signerinfo;
@ -285,6 +319,7 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
*/
m_cmsMsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */
if (m_cmsMsg == NULL) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create new message\n"));
goto loser;
}
@ -292,11 +327,13 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
* build chain of objects: message->signedData->data
*/
if ((sigd = NSS_CMSSignedData_Create(m_cmsMsg)) == NULL) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create signed data\n"));
goto loser;
}
cinfo = NSS_CMSMessage_GetContentInfo(m_cmsMsg);
if (NSS_CMSContentInfo_SetContent_SignedData(m_cmsMsg, cinfo, sigd)
!= SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't set content signed data\n"));
goto loser;
}
@ -305,6 +342,7 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
/* we're always passing data in and detaching optionally */
if (NSS_CMSContentInfo_SetContent_Data(m_cmsMsg, cinfo, nsnull, PR_TRUE)
!= SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't set content data\n"));
goto loser;
}
@ -313,6 +351,7 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
*/
if ((signerinfo = NSS_CMSSignerInfo_Create(m_cmsMsg, scert, SEC_OID_SHA1))
== NULL) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create signer info\n"));
goto loser;
}
@ -320,28 +359,34 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChain,
certUsageEmailSigner)
!= SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't include signer cert chain\n"));
goto loser;
}
if (NSS_CMSSignerInfo_AddSigningTime(signerinfo, PR_Now())
!= SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add signing time\n"));
goto loser;
}
if (NSS_CMSSignerInfo_AddSMIMECaps(signerinfo) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add smime caps\n"));
goto loser;
}
if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ecert,
CERT_GetDefaultCertDB())
!= SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add smime enc key prefs\n"));
goto loser;
}
if (NSS_CMSSignedData_AddCertificate(sigd, ecert) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add own encryption certificate\n"));
goto loser;
}
if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add signer info\n"));
goto loser;
}
@ -353,6 +398,7 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
digest.len = aDigestDataLen;
if (NSS_CMSSignedData_SetDigestValue(sigd, SEC_OID_SHA1, &digest)) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't set digest value\n"));
goto loser;
}
}
@ -380,10 +426,12 @@ nsCMSDecoder::~nsCMSDecoder()
/* void start (in NSSCMSContentCallback cb, in voidPtr arg); */
NS_IMETHODIMP nsCMSDecoder::Start(NSSCMSContentCallback cb, void * arg)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSDecoder::Start\n"));
m_ctx = new PipUIContext();
m_dcx = NSS_CMSDecoder_Start(0, cb, arg, 0, m_ctx, 0, 0);
if (!m_dcx) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSDecoder::Start - can't start decoder\n"));
return NS_ERROR_FAILURE;
}
return NS_OK;
@ -392,6 +440,7 @@ NS_IMETHODIMP nsCMSDecoder::Start(NSSCMSContentCallback cb, void * arg)
/* void update (in string bug, in long len); */
NS_IMETHODIMP nsCMSDecoder::Update(const char *buf, PRInt32 len)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSDecoder::Update\n"));
NSS_CMSDecoder_Update(m_dcx, (char *)buf, len);
return NS_OK;
}
@ -399,6 +448,7 @@ NS_IMETHODIMP nsCMSDecoder::Update(const char *buf, PRInt32 len)
/* void finish (); */
NS_IMETHODIMP nsCMSDecoder::Finish(nsICMSMessage ** aCMSMsg)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSDecoder::Finish\n"));
NSSCMSMessage *cmsMsg;
cmsMsg = NSS_CMSDecoder_Finish(m_dcx);
if (cmsMsg) {
@ -423,11 +473,13 @@ nsCMSEncoder::~nsCMSEncoder()
/* void start (); */
NS_IMETHODIMP nsCMSEncoder::Start(nsICMSMessage *aMsg, NSSCMSContentCallback cb, void * arg)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Start\n"));
nsCMSMessage *cmsMsg = NS_STATIC_CAST(nsCMSMessage*, aMsg);
m_ctx = new PipUIContext();
m_ecx = NSS_CMSEncoder_Start(cmsMsg->getCMS(), cb, arg, 0, 0, 0, m_ctx, 0, 0, 0, 0);
if (m_ecx == nsnull) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Start - can't start encoder\n"));
return NS_ERROR_FAILURE;
}
return NS_OK;
@ -436,7 +488,9 @@ NS_IMETHODIMP nsCMSEncoder::Start(nsICMSMessage *aMsg, NSSCMSContentCallback cb,
/* void update (in string aBuf, in long aLen); */
NS_IMETHODIMP nsCMSEncoder::Update(const char *aBuf, PRInt32 aLen)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Update\n"));
if (NSS_CMSEncoder_Update(m_ecx, aBuf, aLen) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Update - can't update encoder\n"));
return NS_ERROR_FAILURE;
}
return NS_OK;
@ -445,7 +499,9 @@ NS_IMETHODIMP nsCMSEncoder::Update(const char *aBuf, PRInt32 aLen)
/* void finish (); */
NS_IMETHODIMP nsCMSEncoder::Finish()
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Finish\n"));
if (NSS_CMSEncoder_Finish(m_ecx) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Finish - can't finish encoder\n"));
return NS_ERROR_FAILURE;
}
return NS_OK;
@ -454,5 +510,6 @@ NS_IMETHODIMP nsCMSEncoder::Finish()
/* void encode (in nsICMSMessage aMsg); */
NS_IMETHODIMP nsCMSEncoder::Encode(nsICMSMessage *aMsg)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Encode\n"));
return NS_ERROR_NOT_IMPLEMENTED;
}

Просмотреть файл

@ -55,6 +55,11 @@
#include "nsIServiceManager.h"
#include "nsIPref.h"
#include "prlog.h"
#ifdef PR_LOGGING
extern PRLogModuleInfo* gPIPNSSLog;
#endif
// Standard ISupports implementation
// NOTE: Should these be the thread-safe versions?
@ -81,6 +86,7 @@ nsCMSSecureMessage::~nsCMSSecureMessage()
NS_IMETHODIMP nsCMSSecureMessage::
GetCertByPrefID(const char *certID, char **_retval)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::GetCertByPrefID\n"));
nsresult rv = NS_OK;
CERTCertificate *cert = 0;
nsXPIDLCString nickname;
@ -90,7 +96,9 @@ GetCertByPrefID(const char *certID, char **_retval)
static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
nsCOMPtr<nsIPref> prefs = do_GetService(kPrefCID, &rv);
if (NS_FAILED(rv)) goto done;
if (NS_FAILED(rv)) {
goto done;
}
rv = prefs->GetCharPref(certID,
getter_Copies(nickname));
@ -100,7 +108,11 @@ GetCertByPrefID(const char *certID, char **_retval)
cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), (char*)nickname.get(),
certUsageEmailRecipient, PR_TRUE, ctx);
if (!cert) { goto done; } /* Success, but no value */
if (!cert) {
/* Success, but no value */
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::GetCertByPrefID - can't find user cert\n"));
goto done;
}
/* Convert the DER to a BASE64 String */
encode(cert->derCert.data, cert->derCert.len, _retval);
@ -115,6 +127,7 @@ done:
nsresult nsCMSSecureMessage::
DecodeCert(const char *value, nsIX509Cert ** _retval)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::DecodeCert\n"));
nsresult rv = NS_OK;
PRInt32 length;
unsigned char *data = 0;
@ -124,7 +137,10 @@ DecodeCert(const char *value, nsIX509Cert ** _retval)
if (!value) { return NS_ERROR_FAILURE; }
rv = decode(value, &data, &length);
if (NS_FAILED(rv)) return rv;
if (NS_FAILED(rv)) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::DecodeCert - can't decode cert\n"));
return rv;
}
nsCOMPtr<nsIX509Cert> cert = new nsNSSCertificate((char *)data, length);
@ -139,6 +155,7 @@ DecodeCert(const char *value, nsIX509Cert ** _retval)
nsresult nsCMSSecureMessage::
SendMessage(const char *msg, const char *base64Cert, char ** _retval)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage\n"));
nsresult rv = NS_OK;
CERTCertificate *cert = 0;
NSSCMSMessage *cmsMsg = 0;
@ -154,14 +171,25 @@ SendMessage(const char *msg, const char *base64Cert, char ** _retval)
/* Step 0. Create a CMS Message */
cmsMsg = NSS_CMSMessage_Create(NULL);
if (!cmsMsg) { rv = NS_ERROR_FAILURE; goto done; }
if (!cmsMsg) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create NSSCMSMessage\n"));
rv = NS_ERROR_FAILURE;
goto done;
}
/* Step 1. Import the certificate into NSS */
rv = decode(base64Cert, &certDER, &derLen);
if (NS_FAILED(rv)) goto done;
if (NS_FAILED(rv)) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't decode / import cert into NSS\n"));
goto done;
}
cert = CERT_DecodeCertFromPackage((char *)certDER, derLen);
if (!cert) { rv = NS_ERROR_FAILURE; goto done; }
if (!cert) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't decode cert from package\n"));
rv = NS_ERROR_FAILURE;
goto done;
}
#if 0
cert->dbhandle = CERT_GetDefaultCertDB(); /* work-around */
@ -173,24 +201,44 @@ SendMessage(const char *msg, const char *base64Cert, char ** _retval)
/* Step 4. Build outer (enveloped) content */
env = NSS_CMSEnvelopedData_Create(cmsMsg, SEC_OID_DES_EDE3_CBC, 0);
if (!env) { rv = NS_ERROR_FAILURE; goto done; }
if (!env) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create envelope data\n"));
rv = NS_ERROR_FAILURE;
goto done;
}
cinfo = NSS_CMSEnvelopedData_GetContentInfo(env);
item.data = (unsigned char *)msg;
item.len = strlen(msg); /* XPCOM equiv?? */
s = NSS_CMSContentInfo_SetContent_Data(cmsMsg, cinfo, 0, PR_FALSE);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
if (s != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't set content data\n"));
rv = NS_ERROR_FAILURE;
goto done;
}
rcpt = NSS_CMSRecipientInfo_Create(cmsMsg, cert);
if (!rcpt) { rv = NS_ERROR_FAILURE; goto done; }
if (!rcpt) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create recipient info\n"));
rv = NS_ERROR_FAILURE;
goto done;
}
s = NSS_CMSEnvelopedData_AddRecipient(env, rcpt);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
if (s != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't add recipient\n"));
rv = NS_ERROR_FAILURE;
goto done;
}
/* Step 5. Add content to message */
cinfo = NSS_CMSMessage_GetContentInfo(cmsMsg);
s = NSS_CMSContentInfo_SetContent_EnvelopedData(cmsMsg, cinfo, env);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
if (s != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't set content enveloped data\n"));
rv = NS_ERROR_FAILURE;
goto done;
}
/* Step 6. Encode */
NSSCMSEncoderContext *ecx;
@ -198,13 +246,25 @@ SendMessage(const char *msg, const char *base64Cert, char ** _retval)
output.data = 0; output.len = 0;
ecx = NSS_CMSEncoder_Start(cmsMsg, 0, 0, &output, arena,
0, 0, 0, 0, 0, 0);
if (!ecx) { rv = NS_ERROR_FAILURE; goto done; }
if (!ecx) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't start cms encoder\n"));
rv = NS_ERROR_FAILURE;
goto done;
}
s = NSS_CMSEncoder_Update(ecx, msg, strlen(msg));
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
if (s != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't update encoder\n"));
rv = NS_ERROR_FAILURE;
goto done;
}
s = NSS_CMSEncoder_Finish(ecx);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
if (s != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't finish encoder\n"));
rv = NS_ERROR_FAILURE;
goto done;
}
/* Step 7. Base64 encode and return the result */
rv = encode(output.data, output.len, _retval);
@ -224,6 +284,7 @@ done:
nsresult nsCMSSecureMessage::
ReceiveMessage(const char *msg, char **_retval)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage\n"));
nsresult rv = NS_OK;
NSSCMSDecoderContext *dcx;
unsigned char *der = 0;
@ -234,17 +295,33 @@ ReceiveMessage(const char *msg, char **_retval)
/* Step 1. Decode the base64 wrapper */
rv = decode(msg, &der, &derLen);
if (NS_FAILED(rv)) goto done;
if (NS_FAILED(rv)) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't base64 decode\n"));
goto done;
}
dcx = NSS_CMSDecoder_Start(0, 0, 0, /* pw */ 0, ctx, /* key */ 0, 0);
if (!dcx) { rv = NS_ERROR_FAILURE; goto done; }
if (!dcx) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't start decoder\n"));
rv = NS_ERROR_FAILURE;
goto done;
}
(void)NSS_CMSDecoder_Update(dcx, (char *)der, derLen);
cmsMsg = NSS_CMSDecoder_Finish(dcx);
if (!cmsMsg) { rv = NS_ERROR_FAILURE; goto done; } /* Memory leak on dcx?? */
if (!cmsMsg) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't finish decoder\n"));
rv = NS_ERROR_FAILURE;
/* Memory leak on dcx?? */
goto done;
}
content = NSS_CMSMessage_GetContent(cmsMsg);
if (!content) { rv = NS_ERROR_FAILURE; goto done; }
if (!content) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't get content\n"));
rv = NS_ERROR_FAILURE;
goto done;
}
/* Copy the data */
*_retval = (char*)malloc(content->len+1);
@ -273,6 +350,7 @@ loser:
nsresult nsCMSSecureMessage::
decode(const char *data, unsigned char **result, PRInt32 * _retval)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::decode\n"));
nsresult rv = NS_OK;
PRUint32 len = PL_strlen(data);
int adjust = 0;
@ -284,7 +362,11 @@ decode(const char *data, unsigned char **result, PRInt32 * _retval)
}
*result = (unsigned char *)PL_Base64Decode(data, len, NULL);
if (!*result) { rv = NS_ERROR_ILLEGAL_VALUE; goto loser; }
if (!*result) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::decode - error decoding base64\n"));
rv = NS_ERROR_ILLEGAL_VALUE;
goto loser;
}
*_retval = (len*3)/4 - adjust;