зеркало из https://github.com/mozilla/pjs.git
b=115010 Mail/News UI must provide detail info on signature/encryption status
r=javi sr=mscott
This commit is contained in:
Родитель
1c61776f7a
Коммит
fba86ece7a
|
@ -30,14 +30,17 @@ var smimeHeaderSink =
|
|||
{
|
||||
signedStatus: function(aValidSignature)
|
||||
{
|
||||
gSignedUINode.collapsed = false;
|
||||
gSMIMEContainer.collapsed = false;
|
||||
|
||||
if (aValidSignature)
|
||||
{
|
||||
gSignedUINode.collapsed = false;
|
||||
gSMIMEContainer.collapsed = false;
|
||||
gSignedUINode.value = "<signed>";
|
||||
}
|
||||
else
|
||||
{
|
||||
// show a broken signature icon....
|
||||
gSignedUINode.value = "<invalid signature>";
|
||||
}
|
||||
|
||||
gSignedUIVisible = true;
|
||||
|
@ -45,14 +48,17 @@ var smimeHeaderSink =
|
|||
|
||||
encryptionStatus: function(aValidEncryption)
|
||||
{
|
||||
gEncryptedUINode.collapsed = false;
|
||||
gSMIMEContainer.collapsed = false;
|
||||
|
||||
if (aValidEncryption)
|
||||
{
|
||||
gEncryptedUINode.collapsed = false;
|
||||
gSMIMEContainer.collapsed = false;
|
||||
gEncryptedUINode.value = "<encrypted>";
|
||||
}
|
||||
else
|
||||
{
|
||||
// show a broken encryption icon....
|
||||
gEncryptedUINode.value = "<invalid encryption>";
|
||||
}
|
||||
|
||||
gEncryptionUIVisible = true;
|
||||
|
@ -105,3 +111,6 @@ function msgHdrViewSMIMEOnLoad(event)
|
|||
|
||||
addEventListener('messagepane-loaded', msgHdrViewSMIMEOnLoad, true);
|
||||
|
||||
function showMessageSecurityInfo()
|
||||
{
|
||||
}
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
<hbox id="expandedHeaderView">
|
||||
<vbox id="smimeBox" insertafter="expandedHeaders">
|
||||
<spacer flex="1"/>
|
||||
<label id="encryptedText" value="<Encrypted>" collapsed="true"/>
|
||||
<label id="signedText" value="<Signed>" collapsed="true"/>
|
||||
<label id="encryptedText" onclick="showMessageSecurityInfo();" collapsed="true"/>
|
||||
<label id="signedText" onclick="showMessageSecurityInfo();" collapsed="true"/>
|
||||
<spacer flex="1"/>
|
||||
</vbox>
|
||||
</hbox>
|
||||
|
|
|
@ -87,7 +87,8 @@ MimeEncryptedCMSClassInitialize(MimeEncryptedCMSClass *clazz)
|
|||
}
|
||||
|
||||
|
||||
typedef struct MimeCMSdata {
|
||||
typedef struct MimeCMSdata
|
||||
{
|
||||
int (*output_fn) (const char *buf, PRInt32 buf_size, void *output_closure);
|
||||
void *output_closure;
|
||||
nsCOMPtr<nsICMSDecoder> decoder_context;
|
||||
|
@ -99,6 +100,31 @@ typedef struct MimeCMSdata {
|
|||
MimeObject *self;
|
||||
PRBool parent_is_encrypted_p;
|
||||
PRBool parent_holds_stamp_p;
|
||||
|
||||
MimeCMSdata()
|
||||
:output_fn(nsnull),
|
||||
output_closure(nsnull),
|
||||
ci_is_encrypted(PR_FALSE),
|
||||
sender_addr(nsnull),
|
||||
decode_error(PR_FALSE),
|
||||
verify_error(PR_FALSE),
|
||||
self(nsnull),
|
||||
parent_is_encrypted_p(PR_FALSE),
|
||||
parent_holds_stamp_p(PR_FALSE)
|
||||
{
|
||||
}
|
||||
|
||||
~MimeCMSdata()
|
||||
{
|
||||
PR_FREEIF(sender_addr);
|
||||
|
||||
// Do an orderly release of nsICMSDecoder and nsICMSMessage //
|
||||
if (decoder_context)
|
||||
{
|
||||
nsCOMPtr<nsICMSMessage> cinfo;
|
||||
decoder_context->Finish(getter_AddRefs(cinfo));
|
||||
}
|
||||
}
|
||||
} MimeCMSdata;
|
||||
|
||||
|
||||
|
@ -311,11 +337,9 @@ MimeCMS_init(MimeObject *obj,
|
|||
if (!(obj && obj->options && output_fn)) return 0;
|
||||
|
||||
opts = obj->options;
|
||||
data = (MimeCMSdata *) PR_MALLOC(sizeof(*data));
|
||||
data = new MimeCMSdata;
|
||||
if (!data) return 0;
|
||||
|
||||
nsCRT::memset(data, 0, sizeof(*data));
|
||||
|
||||
data->self = obj;
|
||||
data->output_fn = output_fn;
|
||||
data->output_closure = output_closure;
|
||||
|
@ -371,8 +395,9 @@ MimeCMS_eof (void *crypto_closure, PRBool abort_p)
|
|||
MimeCMSdata *data = (MimeCMSdata *) crypto_closure;
|
||||
nsresult rv;
|
||||
|
||||
if (!data || !data->output_fn || !data->decoder_context)
|
||||
return -1;
|
||||
if (!data || !data->output_fn || !data->decoder_context) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Hand an EOF to the crypto library. It may call data->output_fn.
|
||||
(Today, the crypto library has no flushing to do, but maybe there
|
||||
|
@ -385,6 +410,11 @@ MimeCMS_eof (void *crypto_closure, PRBool abort_p)
|
|||
PR_SetError(0, 0);
|
||||
rv = data->decoder_context->Finish(getter_AddRefs(data->content_info));
|
||||
|
||||
/* Is the content info encrypted? */
|
||||
if (data->content_info) {
|
||||
data->ci_is_encrypted = PR_TRUE;
|
||||
}
|
||||
|
||||
if (NS_FAILED(rv))
|
||||
data->verify_error = PR_GetError();
|
||||
|
||||
|
@ -413,18 +443,18 @@ MimeCMS_eof (void *crypto_closure, PRBool abort_p)
|
|||
smimeHeaderSink = do_QueryInterface(securityInfo);
|
||||
if (smimeHeaderSink)
|
||||
{
|
||||
smimeHeaderSink->EncryptionStatus(NS_SUCCEEDED(rv));
|
||||
smimeHeaderSink->EncryptionStatus(
|
||||
data->ci_is_encrypted
|
||||
&& !data->verify_error
|
||||
&& !data->decode_error
|
||||
&& NS_SUCCEEDED(rv)
|
||||
);
|
||||
}
|
||||
} // if channel
|
||||
} // if msd
|
||||
|
||||
data->decoder_context = 0;
|
||||
|
||||
/* Is the content info encrypted? */
|
||||
if (data->content_info) {
|
||||
data->ci_is_encrypted = PR_TRUE;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -433,24 +463,8 @@ MimeCMS_free (void *crypto_closure)
|
|||
{
|
||||
MimeCMSdata *data = (MimeCMSdata *) crypto_closure;
|
||||
if (!data) return;
|
||||
|
||||
PR_FREEIF(data->sender_addr);
|
||||
|
||||
if (data->content_info)
|
||||
{
|
||||
// Free reference to nsICMSMessage //
|
||||
data->content_info = 0;
|
||||
}
|
||||
|
||||
// Do an orderly release of nsICMSDecoder and nsICMSMessage //
|
||||
if (data->decoder_context)
|
||||
{
|
||||
nsCOMPtr<nsICMSMessage> cinfo;
|
||||
data->decoder_context->Finish(getter_AddRefs(cinfo));
|
||||
data->decoder_context = 0;
|
||||
}
|
||||
|
||||
PR_FREEIF(data);
|
||||
|
||||
delete data;
|
||||
}
|
||||
|
||||
char *
|
||||
|
@ -518,7 +532,7 @@ MimeCMS_generate (void *crypto_closure)
|
|||
PRBool self_signed_p = PR_FALSE;
|
||||
PRBool self_encrypted_p = PR_FALSE;
|
||||
PRBool union_encrypted_p = PR_FALSE;
|
||||
PRBool good_p = PR_TRUE;
|
||||
PRBool good_p = PR_FALSE;
|
||||
PRBool unverified_p = PR_FALSE;
|
||||
|
||||
if (!data || !data->output_fn) return 0;
|
||||
|
@ -534,20 +548,21 @@ MimeCMS_generate (void *crypto_closure)
|
|||
PR_SetError(0, 0);
|
||||
good_p = data->content_info->VerifySignature();
|
||||
if (!good_p)
|
||||
{
|
||||
if (!data->verify_error)
|
||||
data->verify_error = PR_GetError();
|
||||
if (data->verify_error >= 0)
|
||||
data->verify_error = -1;
|
||||
}
|
||||
{
|
||||
if (!data->verify_error)
|
||||
data->verify_error = PR_GetError();
|
||||
if (data->verify_error >= 0)
|
||||
data->verify_error = -1;
|
||||
}
|
||||
else
|
||||
{
|
||||
good_p = MimeCMSHeadersAndCertsMatch(data->self,
|
||||
data->content_info,
|
||||
&data->sender_addr);
|
||||
if (!good_p && !data->verify_error)
|
||||
// data->verify_error = SEC_ERROR_CERT_ADDR_MISMATCH; XXX Fix later XXX //
|
||||
data->verify_error = -1;
|
||||
if (!good_p && !data->verify_error) {
|
||||
// data->verify_error = SEC_ERROR_CERT_ADDR_MISMATCH; XXX Fix later XXX //
|
||||
data->verify_error = -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -571,36 +586,37 @@ MimeCMS_generate (void *crypto_closure)
|
|||
/* No content info? Something's horked. Guess. */
|
||||
self_encrypted_p = PR_TRUE;
|
||||
union_encrypted_p = PR_TRUE;
|
||||
good_p = PR_FALSE;
|
||||
if (!data->decode_error && !data->verify_error)
|
||||
data->decode_error = -1;
|
||||
data->decode_error = -1;
|
||||
}
|
||||
|
||||
unverified_p = data->self->options->missing_parts;
|
||||
|
||||
if (data->self && data->self->parent)
|
||||
if (data->self && data->self->parent) {
|
||||
mime_set_crypto_stamp(data->self->parent, self_signed_p, self_encrypted_p);
|
||||
|
||||
}
|
||||
|
||||
{
|
||||
char *stamp_url = 0, *result = nsnull;
|
||||
if (data->self)
|
||||
{
|
||||
if (unverified_p && data->self->options)
|
||||
// stamp_url = IMAP_CreateReloadAllPartsUrl(data->self->options->url); XXX Fix later XXX //
|
||||
stamp_url = nsnull;
|
||||
else
|
||||
stamp_url = MimeCMS_MakeSAURL(data->self);
|
||||
}
|
||||
char *stamp_url = 0, *result = nsnull;
|
||||
if (data->self)
|
||||
{
|
||||
if (unverified_p && data->self->options) {
|
||||
// stamp_url = IMAP_CreateReloadAllPartsUrl(data->self->options->url); XXX Fix later XXX //
|
||||
stamp_url = nsnull;
|
||||
}
|
||||
else {
|
||||
stamp_url = MimeCMS_MakeSAURL(data->self);
|
||||
}
|
||||
}
|
||||
|
||||
result =
|
||||
MimeHeaders_make_crypto_stamp (union_encrypted_p,
|
||||
self_signed_p,
|
||||
good_p,
|
||||
unverified_p,
|
||||
data->parent_holds_stamp_p,
|
||||
stamp_url);
|
||||
PR_FREEIF(stamp_url);
|
||||
return result;
|
||||
result =
|
||||
MimeHeaders_make_crypto_stamp (union_encrypted_p,
|
||||
self_signed_p,
|
||||
good_p,
|
||||
unverified_p,
|
||||
data->parent_holds_stamp_p,
|
||||
stamp_url);
|
||||
PR_FREEIF(stamp_url);
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -97,7 +97,8 @@ MimeMultipartSignedCMS_initialize (MimeObject *object)
|
|||
}
|
||||
|
||||
|
||||
typedef struct MimeMultCMSdata {
|
||||
typedef struct MimeMultCMSdata
|
||||
{
|
||||
PRInt16 hash_type;
|
||||
nsCOMPtr<nsIHash> data_hash_context;
|
||||
nsCOMPtr<nsICMSDecoder> sig_decoder_context;
|
||||
|
@ -110,6 +111,32 @@ typedef struct MimeMultCMSdata {
|
|||
MimeObject *self;
|
||||
PRBool parent_is_encrypted_p;
|
||||
PRBool parent_holds_stamp_p;
|
||||
|
||||
MimeMultCMSdata()
|
||||
:hash_type(0),
|
||||
sender_addr(nsnull),
|
||||
decode_error(0),
|
||||
verify_error(0),
|
||||
item_data(nsnull),
|
||||
self(nsnull),
|
||||
parent_is_encrypted_p(PR_FALSE),
|
||||
parent_holds_stamp_p(PR_FALSE)
|
||||
{
|
||||
}
|
||||
|
||||
~MimeMultCMSdata()
|
||||
{
|
||||
PR_FREEIF(sender_addr);
|
||||
|
||||
// Do a graceful shutdown of the nsICMSDecoder and release the nsICMSMessage //
|
||||
if (sig_decoder_context)
|
||||
{
|
||||
nsCOMPtr<nsICMSMessage> cinfo;
|
||||
sig_decoder_context->Finish(getter_AddRefs(cinfo));
|
||||
}
|
||||
|
||||
delete [] item_data;
|
||||
}
|
||||
} MimeMultCMSdata;
|
||||
|
||||
|
||||
|
@ -181,10 +208,9 @@ MimeMultCMS_init (MimeObject *obj)
|
|||
|
||||
if (hash_type == nsIHash::HASH_AlgNULL) return 0; /* #### bogus message? */
|
||||
|
||||
data = (MimeMultCMSdata *) PR_MALLOC(sizeof(*data));
|
||||
if (!data) return 0;
|
||||
|
||||
nsCRT::memset(data, 0, sizeof(*data));
|
||||
data = new MimeMultCMSdata;
|
||||
if (!data)
|
||||
return 0;
|
||||
|
||||
data->self = obj;
|
||||
data->hash_type = hash_type;
|
||||
|
@ -202,7 +228,7 @@ MimeMultCMS_init (MimeObject *obj)
|
|||
data->decode_error = PR_GetError();
|
||||
if (data->decode_error)
|
||||
{
|
||||
PR_Free(data);
|
||||
delete data;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
@ -252,7 +278,7 @@ MimeMultCMS_data_eof (void *crypto_closure, PRBool abort_p)
|
|||
}
|
||||
|
||||
data->data_hash_context->ResultLen(data->hash_type, &data->item_len);
|
||||
data->item_data = (unsigned char *) PR_MALLOC(data->item_len);
|
||||
data->item_data = new unsigned char[data->item_len];
|
||||
if (!data->item_data) return MIME_OUT_OF_MEMORY;
|
||||
|
||||
PR_SetError(0, 0);
|
||||
|
@ -364,29 +390,7 @@ MimeMultCMS_free (void *crypto_closure)
|
|||
MimeMultCMSdata *data = (MimeMultCMSdata *) crypto_closure;
|
||||
if (!data) return;
|
||||
|
||||
PR_FREEIF(data->sender_addr);
|
||||
|
||||
if (data->data_hash_context)
|
||||
{
|
||||
// Release our reference to nsIHash //
|
||||
data->data_hash_context = 0;
|
||||
}
|
||||
|
||||
// Do a graceful shutdown of the nsICMSDecoder and release the nsICMSMessage //
|
||||
if (data->sig_decoder_context)
|
||||
{
|
||||
nsCOMPtr<nsICMSMessage> cinfo;
|
||||
data->sig_decoder_context->Finish(getter_AddRefs(cinfo));
|
||||
}
|
||||
|
||||
if (data->content_info)
|
||||
{
|
||||
// Release our reference to nsICMSMessage //
|
||||
data->content_info = 0;
|
||||
}
|
||||
|
||||
PR_FREEIF(data->item_data);
|
||||
PR_FREEIF(data);
|
||||
delete data;
|
||||
}
|
||||
|
||||
static char *
|
||||
|
@ -394,7 +398,7 @@ MimeMultCMS_generate (void *crypto_closure)
|
|||
{
|
||||
MimeMultCMSdata *data = (MimeMultCMSdata *) crypto_closure;
|
||||
PRBool signed_p = PR_TRUE;
|
||||
PRBool good_p = PR_TRUE;
|
||||
PRBool good_p = PR_FALSE;
|
||||
PRBool encrypted_p;
|
||||
PRBool unverified_p = PR_FALSE;
|
||||
nsresult rv;
|
||||
|
@ -405,10 +409,12 @@ MimeMultCMS_generate (void *crypto_closure)
|
|||
{
|
||||
rv = data->content_info->VerifyDetachedSignature(data->item_data, data->item_len);
|
||||
if (NS_FAILED(rv)) {
|
||||
if (!data->verify_error)
|
||||
if (!data->verify_error) {
|
||||
data->verify_error = PR_GetError();
|
||||
if (data->verify_error >= 0)
|
||||
}
|
||||
if (data->verify_error >= 0) {
|
||||
data->verify_error = -1;
|
||||
}
|
||||
} else {
|
||||
good_p = MimeCMSHeadersAndCertsMatch(data->self,
|
||||
data->content_info,
|
||||
|
@ -421,9 +427,9 @@ MimeMultCMS_generate (void *crypto_closure)
|
|||
|
||||
#if 0 // XXX Fix this. What do we do here? //
|
||||
if (SEC_CMSContainsCertsOrCrls(data->content_info))
|
||||
{
|
||||
{
|
||||
/* #### call libsec telling it to import the certs */
|
||||
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Don't free these yet -- keep them around for the lifetime of the
|
||||
|
@ -441,7 +447,6 @@ MimeMultCMS_generate (void *crypto_closure)
|
|||
before the signature part, or we ran out of memory, or something
|
||||
awful has happened. Anyway, it sure ain't good_p.
|
||||
*/
|
||||
good_p = PR_FALSE;
|
||||
}
|
||||
|
||||
mime_stream_data *msd = (mime_stream_data *) (data->self->options->stream_closure);
|
||||
|
@ -476,27 +481,27 @@ MimeMultCMS_generate (void *crypto_closure)
|
|||
|
||||
unverified_p = data->self->options->missing_parts;
|
||||
|
||||
if (data->self && data->self->parent)
|
||||
mime_set_crypto_stamp(data->self->parent, signed_p, encrypted_p);
|
||||
|
||||
if (data->self && data->self->parent) {
|
||||
mime_set_crypto_stamp(data->self->parent, signed_p, encrypted_p);
|
||||
}
|
||||
|
||||
{
|
||||
char *stamp_url = 0, *result;
|
||||
if (data->self)
|
||||
{
|
||||
if (unverified_p && data->self->options) {
|
||||
// XXX Fix this stamp_url = IMAP_CreateReloadAllPartsUrl(data->self->options->url); XXX //
|
||||
} else {
|
||||
stamp_url = MimeCMS_MakeSAURL(data->self);
|
||||
char *stamp_url = 0, *result;
|
||||
if (data->self)
|
||||
{
|
||||
if (unverified_p && data->self->options) {
|
||||
// XXX Fix this stamp_url = IMAP_CreateReloadAllPartsUrl(data->self->options->url); XXX //
|
||||
} else {
|
||||
stamp_url = MimeCMS_MakeSAURL(data->self);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
result =
|
||||
MimeHeaders_make_crypto_stamp (encrypted_p, signed_p, good_p,
|
||||
unverified_p,
|
||||
data->parent_holds_stamp_p,
|
||||
stamp_url);
|
||||
PR_FREEIF(stamp_url);
|
||||
return result;
|
||||
result =
|
||||
MimeHeaders_make_crypto_stamp (encrypted_p, signed_p, good_p,
|
||||
unverified_p,
|
||||
data->parent_holds_stamp_p,
|
||||
stamp_url);
|
||||
PR_FREEIF(stamp_url);
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,6 +42,11 @@
|
|||
#include "smime.h"
|
||||
#include "cms.h"
|
||||
|
||||
#include "prlog.h"
|
||||
#ifdef PR_LOGGING
|
||||
extern PRLogModuleInfo* gPIPNSSLog;
|
||||
#endif
|
||||
|
||||
NS_IMPL_THREADSAFE_ISUPPORTS1(nsHash, nsIHash)
|
||||
|
||||
nsHash::nsHash() : m_ctxt(nsnull)
|
||||
|
@ -112,31 +117,37 @@ nsCMSMessage::~nsCMSMessage()
|
|||
|
||||
NS_IMETHODIMP nsCMSMessage::VerifySignature()
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifySignature\n"));
|
||||
return NS_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP nsCMSMessage::GetSignerEmailAddress(char * * aEmail)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::GetSignerEmailAddress\n"));
|
||||
return NS_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP nsCMSMessage::GetSignerCommonName(char ** aName)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::GetSignerCommonName\n"));
|
||||
return NS_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP nsCMSMessage::ContentIsEncrypted(int *)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::ContentIsEncrypted\n"));
|
||||
return NS_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP nsCMSMessage::ContentIsSigned(int *)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::ContentIsSigned\n"));
|
||||
return NS_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP nsCMSMessage::VerifyDetachedSignature(unsigned char* aDigestData, PRUint32 aDigestDataLen)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature\n"));
|
||||
NSSCMSContentInfo *cinfo = nsnull;
|
||||
NSSCMSSignedData *sigd = nsnull;
|
||||
NSSCMSSignerInfo *si;
|
||||
|
@ -148,35 +159,49 @@ NS_IMETHODIMP nsCMSMessage::VerifyDetachedSignature(unsigned char* aDigestData,
|
|||
digest.len = aDigestDataLen;
|
||||
|
||||
if (NSS_CMSMessage_IsSigned(m_cmsMsg) == PR_FALSE) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - not signed\n"));
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
cinfo = NSS_CMSMessage_ContentLevel(m_cmsMsg, 0);
|
||||
sigd = (NSSCMSSignedData*)NSS_CMSContentInfo_GetContent(cinfo);
|
||||
if (sigd == nsnull) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - no content info\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if (NSS_CMSSignedData_SetDigestValue(sigd, SEC_OID_SHA1, &digest)) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - can't set digest value\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
// Import certs //
|
||||
if (NSS_CMSSignedData_ImportCerts(sigd, CERT_GetDefaultCertDB(), certUsageEmailSigner, PR_TRUE) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - can not import certs\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
nsigners = NSS_CMSSignedData_SignerInfoCount(sigd);
|
||||
PR_ASSERT(nsigners > 0);
|
||||
si = NSS_CMSSignedData_GetSignerInfo(sigd, 0);
|
||||
|
||||
// We verify the first signer info, only //
|
||||
if (NSS_CMSSignedData_VerifySignerInfo(sigd, 0, CERT_GetDefaultCertDB(), certUsageEmailSigner) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - unable to verify signature\n"));
|
||||
#ifdef DEBUG
|
||||
if (NSSCMSVS_SigningCertNotFound == si->verificationStatus) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - signing cert not found\n"));
|
||||
}
|
||||
else if(NSSCMSVS_SigningCertNotTrusted == si->verificationStatus) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - signing cert not trusted\n"));
|
||||
}
|
||||
#endif
|
||||
goto loser;
|
||||
}
|
||||
|
||||
// Save the profile //
|
||||
si = NSS_CMSSignedData_GetSignerInfo(sigd, 0);
|
||||
if (NSS_SMIMESignerInfo_SaveSMIMEProfile(si) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - unable to save smime profile\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -187,6 +212,7 @@ loser:
|
|||
|
||||
NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsISupportsArray * aRecipientCerts)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted\n"));
|
||||
NSSCMSContentInfo *cinfo;
|
||||
NSSCMSEnvelopedData *envd;
|
||||
NSSCMSRecipientInfo *recipientInfo;
|
||||
|
@ -220,34 +246,41 @@ NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsISupportsArray * aRecipientCerts)
|
|||
// Find a bulk key algorithm //
|
||||
if (NSS_SMIMEUtil_FindBulkAlgForRecipients(recipientCerts, &bulkAlgTag,
|
||||
&keySize) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't find bulk alg for recipients\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
m_cmsMsg = NSS_CMSMessage_Create(NULL);
|
||||
if (m_cmsMsg == nsnull) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create new cms message\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if ((envd = NSS_CMSEnvelopedData_Create(m_cmsMsg, bulkAlgTag, keySize)) == nsnull) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create enveloped data\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
cinfo = NSS_CMSMessage_GetContentInfo(m_cmsMsg);
|
||||
if (NSS_CMSContentInfo_SetContent_EnvelopedData(m_cmsMsg, cinfo, envd) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't set content enveloped data\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
cinfo = NSS_CMSEnvelopedData_GetContentInfo(envd);
|
||||
if (NSS_CMSContentInfo_SetContent_Data(m_cmsMsg, cinfo, nsnull, PR_FALSE) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't set content data\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
// Create and attach recipient information //
|
||||
for (i=0; recipientCerts[i] != nsnull; i++) {
|
||||
if ((recipientInfo = NSS_CMSRecipientInfo_Create(m_cmsMsg, recipientCerts[i])) == nsnull) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create recipient info\n"));
|
||||
goto loser;
|
||||
}
|
||||
if (NSS_CMSEnvelopedData_AddRecipient(envd, recipientInfo) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't add recipient info\n"));
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
|
@ -271,6 +304,7 @@ loser:
|
|||
|
||||
NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert* aEncryptCert, unsigned char* aDigestData, PRUint32 aDigestDataLen)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned\n"));
|
||||
NSSCMSContentInfo *cinfo;
|
||||
NSSCMSSignedData *sigd;
|
||||
NSSCMSSignerInfo *signerinfo;
|
||||
|
@ -285,6 +319,7 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
|
|||
*/
|
||||
m_cmsMsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */
|
||||
if (m_cmsMsg == NULL) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create new message\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -292,11 +327,13 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
|
|||
* build chain of objects: message->signedData->data
|
||||
*/
|
||||
if ((sigd = NSS_CMSSignedData_Create(m_cmsMsg)) == NULL) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create signed data\n"));
|
||||
goto loser;
|
||||
}
|
||||
cinfo = NSS_CMSMessage_GetContentInfo(m_cmsMsg);
|
||||
if (NSS_CMSContentInfo_SetContent_SignedData(m_cmsMsg, cinfo, sigd)
|
||||
!= SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't set content signed data\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -305,6 +342,7 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
|
|||
/* we're always passing data in and detaching optionally */
|
||||
if (NSS_CMSContentInfo_SetContent_Data(m_cmsMsg, cinfo, nsnull, PR_TRUE)
|
||||
!= SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't set content data\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -313,6 +351,7 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
|
|||
*/
|
||||
if ((signerinfo = NSS_CMSSignerInfo_Create(m_cmsMsg, scert, SEC_OID_SHA1))
|
||||
== NULL) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create signer info\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -320,28 +359,34 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
|
|||
if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChain,
|
||||
certUsageEmailSigner)
|
||||
!= SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't include signer cert chain\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if (NSS_CMSSignerInfo_AddSigningTime(signerinfo, PR_Now())
|
||||
!= SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add signing time\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if (NSS_CMSSignerInfo_AddSMIMECaps(signerinfo) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add smime caps\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ecert,
|
||||
CERT_GetDefaultCertDB())
|
||||
!= SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add smime enc key prefs\n"));
|
||||
goto loser;
|
||||
}
|
||||
if (NSS_CMSSignedData_AddCertificate(sigd, ecert) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add own encryption certificate\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add signer info\n"));
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -353,6 +398,7 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
|
|||
digest.len = aDigestDataLen;
|
||||
|
||||
if (NSS_CMSSignedData_SetDigestValue(sigd, SEC_OID_SHA1, &digest)) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't set digest value\n"));
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
|
@ -380,10 +426,12 @@ nsCMSDecoder::~nsCMSDecoder()
|
|||
/* void start (in NSSCMSContentCallback cb, in voidPtr arg); */
|
||||
NS_IMETHODIMP nsCMSDecoder::Start(NSSCMSContentCallback cb, void * arg)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSDecoder::Start\n"));
|
||||
m_ctx = new PipUIContext();
|
||||
|
||||
m_dcx = NSS_CMSDecoder_Start(0, cb, arg, 0, m_ctx, 0, 0);
|
||||
if (!m_dcx) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSDecoder::Start - can't start decoder\n"));
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
return NS_OK;
|
||||
|
@ -392,6 +440,7 @@ NS_IMETHODIMP nsCMSDecoder::Start(NSSCMSContentCallback cb, void * arg)
|
|||
/* void update (in string bug, in long len); */
|
||||
NS_IMETHODIMP nsCMSDecoder::Update(const char *buf, PRInt32 len)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSDecoder::Update\n"));
|
||||
NSS_CMSDecoder_Update(m_dcx, (char *)buf, len);
|
||||
return NS_OK;
|
||||
}
|
||||
|
@ -399,6 +448,7 @@ NS_IMETHODIMP nsCMSDecoder::Update(const char *buf, PRInt32 len)
|
|||
/* void finish (); */
|
||||
NS_IMETHODIMP nsCMSDecoder::Finish(nsICMSMessage ** aCMSMsg)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSDecoder::Finish\n"));
|
||||
NSSCMSMessage *cmsMsg;
|
||||
cmsMsg = NSS_CMSDecoder_Finish(m_dcx);
|
||||
if (cmsMsg) {
|
||||
|
@ -423,11 +473,13 @@ nsCMSEncoder::~nsCMSEncoder()
|
|||
/* void start (); */
|
||||
NS_IMETHODIMP nsCMSEncoder::Start(nsICMSMessage *aMsg, NSSCMSContentCallback cb, void * arg)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Start\n"));
|
||||
nsCMSMessage *cmsMsg = NS_STATIC_CAST(nsCMSMessage*, aMsg);
|
||||
m_ctx = new PipUIContext();
|
||||
|
||||
m_ecx = NSS_CMSEncoder_Start(cmsMsg->getCMS(), cb, arg, 0, 0, 0, m_ctx, 0, 0, 0, 0);
|
||||
if (m_ecx == nsnull) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Start - can't start encoder\n"));
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
return NS_OK;
|
||||
|
@ -436,7 +488,9 @@ NS_IMETHODIMP nsCMSEncoder::Start(nsICMSMessage *aMsg, NSSCMSContentCallback cb,
|
|||
/* void update (in string aBuf, in long aLen); */
|
||||
NS_IMETHODIMP nsCMSEncoder::Update(const char *aBuf, PRInt32 aLen)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Update\n"));
|
||||
if (NSS_CMSEncoder_Update(m_ecx, aBuf, aLen) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Update - can't update encoder\n"));
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
return NS_OK;
|
||||
|
@ -445,7 +499,9 @@ NS_IMETHODIMP nsCMSEncoder::Update(const char *aBuf, PRInt32 aLen)
|
|||
/* void finish (); */
|
||||
NS_IMETHODIMP nsCMSEncoder::Finish()
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Finish\n"));
|
||||
if (NSS_CMSEncoder_Finish(m_ecx) != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Finish - can't finish encoder\n"));
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
return NS_OK;
|
||||
|
@ -454,5 +510,6 @@ NS_IMETHODIMP nsCMSEncoder::Finish()
|
|||
/* void encode (in nsICMSMessage aMsg); */
|
||||
NS_IMETHODIMP nsCMSEncoder::Encode(nsICMSMessage *aMsg)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Encode\n"));
|
||||
return NS_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
|
|
@ -55,6 +55,11 @@
|
|||
#include "nsIServiceManager.h"
|
||||
#include "nsIPref.h"
|
||||
|
||||
#include "prlog.h"
|
||||
#ifdef PR_LOGGING
|
||||
extern PRLogModuleInfo* gPIPNSSLog;
|
||||
#endif
|
||||
|
||||
// Standard ISupports implementation
|
||||
// NOTE: Should these be the thread-safe versions?
|
||||
|
||||
|
@ -81,6 +86,7 @@ nsCMSSecureMessage::~nsCMSSecureMessage()
|
|||
NS_IMETHODIMP nsCMSSecureMessage::
|
||||
GetCertByPrefID(const char *certID, char **_retval)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::GetCertByPrefID\n"));
|
||||
nsresult rv = NS_OK;
|
||||
CERTCertificate *cert = 0;
|
||||
nsXPIDLCString nickname;
|
||||
|
@ -90,7 +96,9 @@ GetCertByPrefID(const char *certID, char **_retval)
|
|||
|
||||
static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
|
||||
nsCOMPtr<nsIPref> prefs = do_GetService(kPrefCID, &rv);
|
||||
if (NS_FAILED(rv)) goto done;
|
||||
if (NS_FAILED(rv)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
rv = prefs->GetCharPref(certID,
|
||||
getter_Copies(nickname));
|
||||
|
@ -100,7 +108,11 @@ GetCertByPrefID(const char *certID, char **_retval)
|
|||
cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), (char*)nickname.get(),
|
||||
certUsageEmailRecipient, PR_TRUE, ctx);
|
||||
|
||||
if (!cert) { goto done; } /* Success, but no value */
|
||||
if (!cert) {
|
||||
/* Success, but no value */
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::GetCertByPrefID - can't find user cert\n"));
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Convert the DER to a BASE64 String */
|
||||
encode(cert->derCert.data, cert->derCert.len, _retval);
|
||||
|
@ -115,6 +127,7 @@ done:
|
|||
nsresult nsCMSSecureMessage::
|
||||
DecodeCert(const char *value, nsIX509Cert ** _retval)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::DecodeCert\n"));
|
||||
nsresult rv = NS_OK;
|
||||
PRInt32 length;
|
||||
unsigned char *data = 0;
|
||||
|
@ -124,7 +137,10 @@ DecodeCert(const char *value, nsIX509Cert ** _retval)
|
|||
if (!value) { return NS_ERROR_FAILURE; }
|
||||
|
||||
rv = decode(value, &data, &length);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
if (NS_FAILED(rv)) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::DecodeCert - can't decode cert\n"));
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIX509Cert> cert = new nsNSSCertificate((char *)data, length);
|
||||
|
||||
|
@ -139,6 +155,7 @@ DecodeCert(const char *value, nsIX509Cert ** _retval)
|
|||
nsresult nsCMSSecureMessage::
|
||||
SendMessage(const char *msg, const char *base64Cert, char ** _retval)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage\n"));
|
||||
nsresult rv = NS_OK;
|
||||
CERTCertificate *cert = 0;
|
||||
NSSCMSMessage *cmsMsg = 0;
|
||||
|
@ -154,14 +171,25 @@ SendMessage(const char *msg, const char *base64Cert, char ** _retval)
|
|||
|
||||
/* Step 0. Create a CMS Message */
|
||||
cmsMsg = NSS_CMSMessage_Create(NULL);
|
||||
if (!cmsMsg) { rv = NS_ERROR_FAILURE; goto done; }
|
||||
if (!cmsMsg) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create NSSCMSMessage\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Step 1. Import the certificate into NSS */
|
||||
rv = decode(base64Cert, &certDER, &derLen);
|
||||
if (NS_FAILED(rv)) goto done;
|
||||
if (NS_FAILED(rv)) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't decode / import cert into NSS\n"));
|
||||
goto done;
|
||||
}
|
||||
|
||||
cert = CERT_DecodeCertFromPackage((char *)certDER, derLen);
|
||||
if (!cert) { rv = NS_ERROR_FAILURE; goto done; }
|
||||
if (!cert) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't decode cert from package\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
#if 0
|
||||
cert->dbhandle = CERT_GetDefaultCertDB(); /* work-around */
|
||||
|
@ -173,24 +201,44 @@ SendMessage(const char *msg, const char *base64Cert, char ** _retval)
|
|||
|
||||
/* Step 4. Build outer (enveloped) content */
|
||||
env = NSS_CMSEnvelopedData_Create(cmsMsg, SEC_OID_DES_EDE3_CBC, 0);
|
||||
if (!env) { rv = NS_ERROR_FAILURE; goto done; }
|
||||
if (!env) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create envelope data\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
cinfo = NSS_CMSEnvelopedData_GetContentInfo(env);
|
||||
item.data = (unsigned char *)msg;
|
||||
item.len = strlen(msg); /* XPCOM equiv?? */
|
||||
s = NSS_CMSContentInfo_SetContent_Data(cmsMsg, cinfo, 0, PR_FALSE);
|
||||
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
|
||||
if (s != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't set content data\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
rcpt = NSS_CMSRecipientInfo_Create(cmsMsg, cert);
|
||||
if (!rcpt) { rv = NS_ERROR_FAILURE; goto done; }
|
||||
if (!rcpt) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create recipient info\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
s = NSS_CMSEnvelopedData_AddRecipient(env, rcpt);
|
||||
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
|
||||
if (s != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't add recipient\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Step 5. Add content to message */
|
||||
cinfo = NSS_CMSMessage_GetContentInfo(cmsMsg);
|
||||
s = NSS_CMSContentInfo_SetContent_EnvelopedData(cmsMsg, cinfo, env);
|
||||
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
|
||||
if (s != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't set content enveloped data\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Step 6. Encode */
|
||||
NSSCMSEncoderContext *ecx;
|
||||
|
@ -198,13 +246,25 @@ SendMessage(const char *msg, const char *base64Cert, char ** _retval)
|
|||
output.data = 0; output.len = 0;
|
||||
ecx = NSS_CMSEncoder_Start(cmsMsg, 0, 0, &output, arena,
|
||||
0, 0, 0, 0, 0, 0);
|
||||
if (!ecx) { rv = NS_ERROR_FAILURE; goto done; }
|
||||
if (!ecx) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't start cms encoder\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
s = NSS_CMSEncoder_Update(ecx, msg, strlen(msg));
|
||||
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
|
||||
if (s != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't update encoder\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
s = NSS_CMSEncoder_Finish(ecx);
|
||||
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto done; }
|
||||
if (s != SECSuccess) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't finish encoder\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Step 7. Base64 encode and return the result */
|
||||
rv = encode(output.data, output.len, _retval);
|
||||
|
@ -224,6 +284,7 @@ done:
|
|||
nsresult nsCMSSecureMessage::
|
||||
ReceiveMessage(const char *msg, char **_retval)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage\n"));
|
||||
nsresult rv = NS_OK;
|
||||
NSSCMSDecoderContext *dcx;
|
||||
unsigned char *der = 0;
|
||||
|
@ -234,17 +295,33 @@ ReceiveMessage(const char *msg, char **_retval)
|
|||
|
||||
/* Step 1. Decode the base64 wrapper */
|
||||
rv = decode(msg, &der, &derLen);
|
||||
if (NS_FAILED(rv)) goto done;
|
||||
if (NS_FAILED(rv)) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't base64 decode\n"));
|
||||
goto done;
|
||||
}
|
||||
|
||||
dcx = NSS_CMSDecoder_Start(0, 0, 0, /* pw */ 0, ctx, /* key */ 0, 0);
|
||||
if (!dcx) { rv = NS_ERROR_FAILURE; goto done; }
|
||||
if (!dcx) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't start decoder\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
(void)NSS_CMSDecoder_Update(dcx, (char *)der, derLen);
|
||||
cmsMsg = NSS_CMSDecoder_Finish(dcx);
|
||||
if (!cmsMsg) { rv = NS_ERROR_FAILURE; goto done; } /* Memory leak on dcx?? */
|
||||
if (!cmsMsg) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't finish decoder\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
/* Memory leak on dcx?? */
|
||||
goto done;
|
||||
}
|
||||
|
||||
content = NSS_CMSMessage_GetContent(cmsMsg);
|
||||
if (!content) { rv = NS_ERROR_FAILURE; goto done; }
|
||||
if (!content) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't get content\n"));
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Copy the data */
|
||||
*_retval = (char*)malloc(content->len+1);
|
||||
|
@ -273,6 +350,7 @@ loser:
|
|||
nsresult nsCMSSecureMessage::
|
||||
decode(const char *data, unsigned char **result, PRInt32 * _retval)
|
||||
{
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::decode\n"));
|
||||
nsresult rv = NS_OK;
|
||||
PRUint32 len = PL_strlen(data);
|
||||
int adjust = 0;
|
||||
|
@ -284,7 +362,11 @@ decode(const char *data, unsigned char **result, PRInt32 * _retval)
|
|||
}
|
||||
|
||||
*result = (unsigned char *)PL_Base64Decode(data, len, NULL);
|
||||
if (!*result) { rv = NS_ERROR_ILLEGAL_VALUE; goto loser; }
|
||||
if (!*result) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::decode - error decoding base64\n"));
|
||||
rv = NS_ERROR_ILLEGAL_VALUE;
|
||||
goto loser;
|
||||
}
|
||||
|
||||
*_retval = (len*3)/4 - adjust;
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче