diff options
Diffstat (limited to 'smime/lib/e-cert.c')
-rw-r--r-- | smime/lib/e-cert.c | 138 |
1 files changed, 134 insertions, 4 deletions
diff --git a/smime/lib/e-cert.c b/smime/lib/e-cert.c index 5636730401..7db638b884 100644 --- a/smime/lib/e-cert.c +++ b/smime/lib/e-cert.c @@ -20,12 +20,54 @@ * Author: Chris Toshok (toshok@ximian.com) */ +/* The following is the mozilla license blurb, as the bodies some of + these functions were derived from the mozilla source. */ + +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + * + */ + #include "e-cert.h" +#include "pk11func.h" +#include "certdb.h" struct _ECertPrivate { CERTCertificate *cert; + + /* pointers we cache since the nss implementation allocs the + string */ char *org_name; char *cn; + + gboolean delete; }; #define PARENT_TYPE G_TYPE_OBJECT @@ -42,11 +84,23 @@ e_cert_dispose (GObject *object) if (ec->priv->org_name) PORT_Free (ec->priv->org_name); if (ec->priv->cn) - PORT_Free (ec->priv->org_name); + PORT_Free (ec->priv->cn); + + if (ec->priv->delete) { + printf ("attempting to delete cert marked for deletion\n"); + if (e_cert_get_cert_type (ec) == E_CERT_USER) { + PK11_DeleteTokenCertAndKey(ec->priv->cert, NULL); + } else if (!PK11_IsReadOnly(ec->priv->cert->slot)) { + /* If the list of built-ins does contain a non-removable + copy of this certificate, our call will not remove + the certificate permanently, but rather remove all trust. */ + SEC_DeletePermCertificate(ec->priv->cert); + } + } g_free (ec->priv); ec->priv = NULL; - + if (G_OBJECT_CLASS (parent_class)->dispose) G_OBJECT_CLASS (parent_class)->dispose (object); } @@ -115,9 +169,47 @@ e_cert_new (CERTCertificate *cert) return ecert; } +ECert* +e_cert_new_from_der (char *data, guint32 len) +{ + CERTCertificate *cert = CERT_DecodeCertFromPackage (data, len); + + if (!cert) + return NULL; + + if (cert->dbhandle == NULL) + cert->dbhandle = CERT_GetDefaultCertDB(); + + return e_cert_new (cert); +} + +CERTCertificate* +e_cert_get_internal_cert (ECert *cert) +{ + /* XXX should this refcnt it? */ + return cert->priv->cert; +} + +gboolean +e_cert_get_raw_der (ECert *cert, char **data, guint32 *len) +{ + /* XXX do we really need to check if cert->priv->cert is NULL + here? it should always be non-null if we have the + ECert.. */ + if (cert->priv->cert) { + *data = (char*)cert->priv->cert->derCert.data; + *len = (guint32)cert->priv->cert->derCert.len; + return TRUE; + } + + *len = 0; + return FALSE; + +} + const char* e_cert_get_nickname (ECert *cert) { @@ -141,8 +233,46 @@ e_cert_get_cn (ECert *cert) return cert->priv->cn; } +const char* +e_cert_get_issuer_name (ECert *cert) +{ + return cert->priv->cert->issuerName; +} + +const char* +e_cert_get_subject_name (ECert *cert) +{ + return cert->priv->cert->subjectName; +} + gboolean -e_cert_is_ca_cert (ECert *cert) +e_cert_mark_for_deletion (ECert *cert) +{ + // nsNSSShutDownPreventionLock locker; + +#if 0 + // make sure user is logged in to the token + nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext(); +#endif + + if (PK11_NeedLogin(cert->priv->cert->slot) + && !PK11_NeedUserInit(cert->priv->cert->slot) + && !PK11_IsInternal(cert->priv->cert->slot)) { + if (SECSuccess != PK11_Authenticate(cert->priv->cert->slot, PR_TRUE, NULL)) { + return FALSE; + } + } + + cert->priv->delete = TRUE; + + return TRUE; +} + +ECertType +e_cert_get_cert_type (ECert *cert) { - return CERT_IsCACert (cert->priv->cert, NULL); + if (CERT_IsCACert (cert->priv->cert, NULL)) + return E_CERT_CA; + else /* XXX more here */ + return E_CERT_USER; } |