aboutsummaryrefslogtreecommitdiffstats
path: root/smime/lib
diff options
context:
space:
mode:
Diffstat (limited to 'smime/lib')
-rw-r--r--smime/lib/.cvsignore3
-rw-r--r--smime/lib/Makefile.am28
-rw-r--r--smime/lib/e-asn1-object.c393
-rw-r--r--smime/lib/e-asn1-object.h105
-rw-r--r--smime/lib/e-cert-db.c1077
-rw-r--r--smime/lib/e-cert-db.h128
-rw-r--r--smime/lib/e-cert-trust.c418
-rw-r--r--smime/lib/e-cert-trust.h86
-rw-r--r--smime/lib/e-cert.c1227
-rw-r--r--smime/lib/e-cert.h103
-rw-r--r--smime/lib/e-pkcs12.c452
-rw-r--r--smime/lib/e-pkcs12.h71
12 files changed, 0 insertions, 4091 deletions
diff --git a/smime/lib/.cvsignore b/smime/lib/.cvsignore
deleted file mode 100644
index 74b73492ca..0000000000
--- a/smime/lib/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-Makefile
-Makefile.in
-*.la
diff --git a/smime/lib/Makefile.am b/smime/lib/Makefile.am
deleted file mode 100644
index f534fd01f3..0000000000
--- a/smime/lib/Makefile.am
+++ /dev/null
@@ -1,28 +0,0 @@
-INCLUDES = \
- -DG_LOG_DOMAIN=\"evolution-smime\" \
- -I$(top_srcdir) \
- -I$(top_srcdir)/shell \
- -I$(top_builddir) \
- -DEVOLUTION_DATADIR=\""$(datadir)"\" \
- -DEVOLUTION_GLADEDIR=\""$(gladedir)"\" \
- -DEVOLUTION_ETSPECDIR=\""$(etspecdir)"\" \
- -DEVOLUTION_IMAGESDIR=\""$(imagesdir)"\" \
- -DEVOLUTION_LOCALEDIR=\""$(localedir)"\" \
- -DEVOLUTION_UIDIR=\""$(evolutionuidir)"\" \
- -DPREFIX=\""$(prefix)"\" \
- $(EVOLUTION_ADDRESSBOOK_CFLAGS) \
- $(CERT_UI_CFLAGS)
-
-noinst_LTLIBRARIES = libessmime.la
-
-libessmime_la_SOURCES = \
- e-asn1-object.c \
- e-asn1-object.h \
- e-cert.c \
- e-cert.h \
- e-cert-trust.c \
- e-cert-trust.h \
- e-cert-db.c \
- e-cert-db.h \
- e-pkcs12.c \
- e-pkcs12.h
diff --git a/smime/lib/e-asn1-object.c b/smime/lib/e-asn1-object.c
deleted file mode 100644
index b7528dcd22..0000000000
--- a/smime/lib/e-asn1-object.c
+++ /dev/null
@@ -1,393 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
-/* e-cert.c
- *
- * Copyright (C) 2003 Ximian, Inc.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public
- * License along with this program; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * Author: Chris Toshok (toshok@ximian.com)
- */
-
-/* The following is the mozilla license blurb, as the bodies some of
- these functions were derived from the mozilla source. */
-
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- */
-
-#include "e-asn1-object.h"
-
-#include "secasn1.h"
-
-struct _EASN1ObjectPrivate {
- PRUint32 tag;
- PRUint32 type;
- gboolean valid_container;
-
- GList *children;
-
- char *display_name;
- char *value;
-
- char *data;
- guint data_len;
-};
-
-#define PARENT_TYPE G_TYPE_OBJECT
-static GObjectClass *parent_class;
-
-static void
-e_asn1_object_dispose (GObject *object)
-{
- EASN1Object *obj = E_ASN1_OBJECT (object);
- if (obj->priv) {
-
- if (obj->priv->display_name)
- g_free (obj->priv->display_name);
-
- if (obj->priv->value)
- g_free (obj->priv->value);
-
- g_list_foreach (obj->priv->children, (GFunc)g_object_unref, NULL);
- g_list_free (obj->priv->children);
-
- g_free (obj->priv);
- obj->priv = NULL;
- }
-}
-
-static void
-e_asn1_object_class_init (EASN1ObjectClass *klass)
-{
- GObjectClass *object_class;
-
- object_class = G_OBJECT_CLASS(klass);
-
- parent_class = g_type_class_ref (PARENT_TYPE);
-
- object_class->dispose = e_asn1_object_dispose;
-}
-
-static void
-e_asn1_object_init (EASN1Object *asn1)
-{
- asn1->priv = g_new0 (EASN1ObjectPrivate, 1);
-
- asn1->priv->valid_container = TRUE;
-}
-
-GType
-e_asn1_object_get_type (void)
-{
- static GType asn1_object_type = 0;
-
- if (!asn1_object_type) {
- static const GTypeInfo asn1_object_info = {
- sizeof (EASN1ObjectClass),
- NULL, /* base_init */
- NULL, /* base_finalize */
- (GClassInitFunc) e_asn1_object_class_init,
- NULL, /* class_finalize */
- NULL, /* class_data */
- sizeof (EASN1Object),
- 0, /* n_preallocs */
- (GInstanceInitFunc) e_asn1_object_init,
- };
-
- asn1_object_type = g_type_register_static (PARENT_TYPE, "EASN1Object", &asn1_object_info, 0);
- }
-
- return asn1_object_type;
-}
-
-
-/* This function is used to interpret an integer that
- was encoded in a DER buffer. This function is used
- when converting a DER buffer into a nsIASN1Object
- structure. This interprets the buffer in data
- as defined by the DER (Distinguised Encoding Rules) of
- ASN1.
-*/
-static int
-get_integer_256 (unsigned char *data, unsigned int nb)
-{
- int val;
-
- switch (nb) {
- case 1:
- val = data[0];
- break;
- case 2:
- val = (data[0] << 8) | data[1];
- break;
- case 3:
- val = (data[0] << 16) | (data[1] << 8) | data[2];
- break;
- case 4:
- val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
- break;
- default:
- return -1;
- }
-
- return val;
-}
-
-/* This function is used to retrieve the lenght of a DER encoded
- item. It looks to see if this a multibyte length and then
- interprets the buffer accordingly to get the actual length value.
- This funciton is used mostly while parsing the DER headers.
-
- A DER encoded item has the following structure:
-
- <tag><length<data consisting of lenght bytes>
-*/
-static guint32
-get_der_item_length (unsigned char *data, unsigned char *end,
- unsigned long *bytesUsed, gboolean *indefinite)
-{
- unsigned char lbyte = *data++;
- PRInt32 length = -1;
-
- *indefinite = FALSE;
- if (lbyte >= 0x80) {
- /* Multibyte length */
- unsigned nb = (unsigned) (lbyte & 0x7f);
- if (nb > 4) {
- return -1;
- }
- if (nb > 0) {
-
- if ((data+nb) > end) {
- return -1;
- }
- length = get_integer_256 (data, nb);
- if (length < 0)
- return -1;
- } else {
- *indefinite = TRUE;
- length = 0;
- }
- *bytesUsed = nb+1;
- } else {
- length = lbyte;
- *bytesUsed = 1;
- }
- return length;
-}
-
-static gboolean
-build_from_der (EASN1Object *parent, char *data, char *end)
-{
- unsigned long bytesUsed;
- gboolean indefinite;
- PRInt32 len;
- PRUint32 type;
- unsigned char code, tagnum;
- EASN1Object *asn1object;
-
- if (data >= end)
- return TRUE;
-
- /*
- A DER item has the form of |tag|len|data
- tag is one byte and describes the type of elment
- we are dealing with.
- len is a DER encoded int telling us how long the data is
- data is a buffer that is len bytes long and has to be
- interpreted according to its type.
- */
-
- while (data < end) {
- code = *data;
- tagnum = code & SEC_ASN1_TAGNUM_MASK;
-
- /*
- * NOTE: This code does not (yet) handle the high-tag-number form!
- */
- if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) {
- return FALSE;
- }
- data++;
- len = get_der_item_length (data, end, &bytesUsed, &indefinite);
- data += bytesUsed;
- if ((len < 0) || ((data+len) > end))
- return FALSE;
-
- if (code & SEC_ASN1_CONSTRUCTED) {
- if (len > 0 || indefinite) {
- switch (code & SEC_ASN1_CLASS_MASK) {
- case SEC_ASN1_UNIVERSAL:
- type = tagnum;
- break;
- case SEC_ASN1_APPLICATION:
- type = E_ASN1_OBJECT_TYPE_APPLICATION;
- break;
- case SEC_ASN1_CONTEXT_SPECIFIC:
- type = E_ASN1_OBJECT_TYPE_CONTEXT_SPECIFIC;
- break;
- case SEC_ASN1_PRIVATE:
- type = E_ASN1_OBJECT_TYPE_PRIVATE;
- break;
- default:
- g_warning ("bad DER");
- return FALSE;
- }
-
- asn1object = e_asn1_object_new ();
- asn1object->priv->tag = tagnum;
- asn1object->priv->type = type;
-
- if (!build_from_der (asn1object, data, (len == 0) ? end : data + len)) {
- g_object_unref (asn1object);
- return FALSE;
- }
- }
- } else {
- asn1object = e_asn1_object_new ();
-
- asn1object->priv->type = tagnum;
- asn1object->priv->tag = tagnum;
-
- /*printableItem->SetData((char*)data, len);*/
- }
- data += len;
-
- parent->priv->children = g_list_append (parent->priv->children, asn1object);
- }
-
- return TRUE;
-}
-
-EASN1Object*
-e_asn1_object_new_from_der (char *data, guint32 len)
-{
- EASN1Object *obj = g_object_new (E_TYPE_ASN1_OBJECT, NULL);
-
- if (!build_from_der (obj, data, data + len)) {
- g_object_unref (obj);
- return NULL;
- }
-
- return obj;
-}
-
-EASN1Object*
-e_asn1_object_new (void)
-{
- return E_ASN1_OBJECT (g_object_new (E_TYPE_ASN1_OBJECT, NULL));
-}
-
-
-void
-e_asn1_object_set_valid_container (EASN1Object *obj, gboolean flag)
-{
- obj->priv->valid_container = flag;
-}
-
-gboolean
-e_asn1_object_is_valid_container (EASN1Object *obj)
-{
- return obj->priv->valid_container;
-}
-
-PRUint32
-e_asn1_object_get_asn1_type (EASN1Object *obj)
-{
- return obj->priv->type;
-}
-
-PRUint32
-e_asn1_object_get_asn1_tag (EASN1Object *obj)
-{
- return obj->priv->tag;
-}
-
-GList*
-e_asn1_object_get_children (EASN1Object *obj)
-{
- GList *children = g_list_copy (obj->priv->children);
-
- g_list_foreach (children, (GFunc)g_object_ref, NULL);
-
- return children;
-}
-
-void
-e_asn1_object_append_child (EASN1Object *parent, EASN1Object *child)
-{
- parent->priv->children = g_list_append (parent->priv->children, g_object_ref (child));
-}
-
-void
-e_asn1_object_set_display_name (EASN1Object *obj, const char *name)
-{
- g_free (obj->priv->display_name);
- obj->priv->display_name = g_strdup (name);
-}
-
-const char*
-e_asn1_object_get_display_name (EASN1Object *obj)
-{
- return obj->priv->display_name;
-}
-
-void
-e_asn1_object_set_display_value (EASN1Object *obj, const char *value)
-{
- g_free (obj->priv->value);
- obj->priv->value = g_strdup (value);
-}
-
-const char*
-e_asn1_object_get_display_value (EASN1Object *obj)
-{
- return obj->priv->value;
-}
-
-void
-e_asn1_object_get_data (EASN1Object *obj, char **data, guint32 *len)
-{
- *data = obj->priv->data;
- *len = obj->priv->data_len;
-}
diff --git a/smime/lib/e-asn1-object.h b/smime/lib/e-asn1-object.h
deleted file mode 100644
index 76e2530fcc..0000000000
--- a/smime/lib/e-asn1-object.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
-/*
- * Authors: Chris Toshok <toshok@ximian.com>
- *
- * Copyright (C) 2003 Ximian, Inc. (www.ximian.com)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
- *
- */
-
-#ifndef _E_ASN1_OBJECT_H_
-#define _E_ASN1_OBJECT_H_
-
-#include <glib-object.h>
-
-#include <nspr.h>
-
-#define E_TYPE_ASN1_OBJECT (e_asn1_object_get_type ())
-#define E_ASN1_OBJECT(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_ASN1_OBJECT, EASN1Object))
-#define E_ASN1_OBJECT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_ASN1_OBJECT, EASN1ObjectClass))
-#define E_IS_ASN1_OBJECT(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_ASN1_OBJECT))
-#define E_IS_ASN1_OBJECT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_ASN1_OBJECT))
-#define E_ASN1_OBJECT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_ASN1_OBJECT, EASN1ObjectClass))
-
-typedef struct _EASN1Object EASN1Object;
-typedef struct _EASN1ObjectClass EASN1ObjectClass;
-typedef struct _EASN1ObjectPrivate EASN1ObjectPrivate;
-
-enum {
- /*
- * Identifiers for the possible types of object.
- */
- E_ASN1_OBJECT_TYPE_END_CONTENTS = 0,
- E_ASN1_OBJECT_TYPE_BOOLEAN = 1,
- E_ASN1_OBJECT_TYPE_INTEGER = 2,
- E_ASN1_OBJECT_TYPE_BIT_STRING = 3,
- E_ASN1_OBJECT_TYPE_OCTET_STRING = 4,
- E_ASN1_OBJECT_TYPE_NULL = 5,
- E_ASN1_OBJECT_TYPE_OBJECT_ID = 6,
- E_ASN1_OBJECT_TYPE_ENUMERATED = 10,
- E_ASN1_OBJECT_TYPE_UTF8_STRING = 12,
- E_ASN1_OBJECT_TYPE_SEQUENCE = 16,
- E_ASN1_OBJECT_TYPE_SET = 17,
- E_ASN1_OBJECT_TYPE_PRINTABLE_STRING = 19,
- E_ASN1_OBJECT_TYPE_T61_STRING = 20,
- E_ASN1_OBJECT_TYPE_IA5_STRING = 22,
- E_ASN1_OBJECT_TYPE_UTC_TIME = 23,
- E_ASN1_OBJECT_TYPE_GEN_TIME = 24,
- E_ASN1_OBJECT_TYPE_VISIBLE_STRING = 26,
- E_ASN1_OBJECT_TYPE_UNIVERSAL_STRING = 28,
- E_ASN1_OBJECT_TYPE_BMP_STRING = 30,
- E_ASN1_OBJECT_TYPE_HIGH_TAG_NUMBER = 31,
- E_ASN1_OBJECT_TYPE_CONTEXT_SPECIFIC = 32,
- E_ASN1_OBJECT_TYPE_APPLICATION = 33,
- E_ASN1_OBJECT_TYPE_PRIVATE = 34,
-};
-
-struct _EASN1Object {
- GObject parent;
-
- EASN1ObjectPrivate *priv;
-};
-
-struct _EASN1ObjectClass {
- GObjectClass parent_class;
-
- /* Padding for future expansion */
- void (*_ecert_reserved0) (void);
- void (*_ecert_reserved1) (void);
- void (*_ecert_reserved2) (void);
- void (*_ecert_reserved3) (void);
- void (*_ecert_reserved4) (void);
-};
-
-EASN1Object *e_asn1_object_new_from_der (char *data, guint32 len);
-EASN1Object *e_asn1_object_new (void);
-
-void e_asn1_object_set_valid_container (EASN1Object *obj, gboolean flag);
-gboolean e_asn1_object_is_valid_container (EASN1Object *obj);
-PRUint32 e_asn1_object_get_asn1_type (EASN1Object *obj);
-PRUint32 e_asn1_object_get_asn1_tag (EASN1Object *obj);
-GList *e_asn1_object_get_children (EASN1Object *obj);
-void e_asn1_object_append_child (EASN1Object *parent, EASN1Object *child);
-void e_asn1_object_set_display_name (EASN1Object *obj, const char *name);
-const char *e_asn1_object_get_display_name (EASN1Object *obj);
-void e_asn1_object_set_display_value (EASN1Object *obj, const char *value);
-const char *e_asn1_object_get_display_value (EASN1Object *obj);
-
-void e_asn1_object_get_data (EASN1Object *obj, char **data, guint32 *len);
-
-GType e_asn1_object_get_type (void);
-
-#endif /* _E_ASN1_OBJECT_H_ */
diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c
deleted file mode 100644
index 5acdf4e847..0000000000
--- a/smime/lib/e-cert-db.c
+++ /dev/null
@@ -1,1077 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
-/* e-cert-db.c
- *
- * Copyright (C) 2003 Ximian, Inc.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public
- * License along with this program; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * Author: Chris Toshok (toshok@ximian.com)
- */
-
-/* The following is the mozilla license blurb, as the bodies of most
- of these functions were derived from the mozilla source. */
-
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- */
-
-/* XXX toshok why oh *why* god WHY did they do this? no fucking
- sense */
-/* private NSS defines used by PSM */
-/* (must be declated before cert.h) */
-#define CERT_NewTempCertificate __CERT_NewTempCertificate
-#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm
-
-#include "e-cert-db.h"
-#include "e-cert-trust.h"
-
-#include "gmodule.h"
-
-#include "nss.h"
-#include "pk11func.h"
-#include "secmod.h"
-#include "certdb.h"
-#include "plstr.h"
-#include "prprf.h"
-#include "prmem.h"
-#include "e-util/e-dialog-utils.h"
-#include <gtk/gtkmessagedialog.h>
-#include <libgnome/gnome-i18n.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-struct _ECertDBPrivate {
-};
-
-#define PARENT_TYPE G_TYPE_OBJECT
-static GObjectClass *parent_class;
-
-static CERTDERCerts* e_cert_db_get_certs_from_package (PRArenaPool *arena, char *data, guint32 length);
-
-
-
-static void
-e_cert_db_dispose (GObject *object)
-{
- ECertDB *ec = E_CERT_DB (object);
-
- if (!ec->priv)
- return;
-
- /* XXX free instance specific data */
-
- g_free (ec->priv);
- ec->priv = NULL;
-
- if (G_OBJECT_CLASS (parent_class)->dispose)
- G_OBJECT_CLASS (parent_class)->dispose (object);
-}
-
-static void
-e_cert_db_class_init (ECertDBClass *klass)
-{
- GObjectClass *object_class;
- char *evolution_dir_path;
- gboolean success;
- gboolean has_roots;
- PK11SlotList *list;
-
- object_class = G_OBJECT_CLASS(klass);
-
- parent_class = g_type_class_ref (PARENT_TYPE);
-
- object_class->dispose = e_cert_db_dispose;
-
- evolution_dir_path = g_build_path ("/", g_get_home_dir (), ".evolution", NULL);
-
- /* we initialize NSS here to make sure it only happens once */
- success = (SECSuccess == NSS_InitReadWrite (evolution_dir_path));
- if (!success) {
- success = (SECSuccess == NSS_Init (evolution_dir_path));
- if (success)
- g_warning ("opening cert databases read-only");
- }
- if (!success) {
- success = (SECSuccess == NSS_NoDB_Init (evolution_dir_path));
- if (success)
- g_warning ("initializing security library without cert databases.");
- }
- g_free (evolution_dir_path);
-
- if (!success) {
- g_warning ("Failed all methods for initializing NSS");
- }
-
- /*
- * check to see if you have a rootcert module installed
- */
-
- has_roots = FALSE;
- list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL);
- if (list) {
- PK11SlotListElement *le;
-
- for (le = list->head; le; le = le->next) {
- if (PK11_HasRootCerts(le->slot)) {
- has_roots = TRUE;
- break;
- }
- }
- }
-
- if (!has_roots) {
- /* grovel in various places for mozilla's built-in
- cert module.
-
- XXX yes this is gross. *sigh*
- */
- char *paths_to_check[] = {
- "/usr/lib",
- "/usr/lib/mozilla",
- };
- int i;
-
- for (i = 0; i < G_N_ELEMENTS (paths_to_check); i ++) {
- char *dll_path = g_module_build_path (paths_to_check [i],
- "nssckbi");
-
- if (g_file_test (dll_path, G_FILE_TEST_EXISTS)) {
- SECMOD_AddNewModule("Mozilla Root Certs",dll_path, 0, 0);
- g_free (dll_path);
- break;
- }
-
- g_free (dll_path);
- }
- }
-}
-
-static void
-e_cert_db_init (ECertDB *ec)
-{
- ec->priv = g_new0 (ECertDBPrivate, 1);
-}
-
-GType
-e_cert_db_get_type (void)
-{
- static GType cert_type = 0;
-
- if (!cert_type) {
- static const GTypeInfo cert_info = {
- sizeof (ECertDBClass),
- NULL, /* base_init */
- NULL, /* base_finalize */
- (GClassInitFunc) e_cert_db_class_init,
- NULL, /* class_finalize */
- NULL, /* class_data */
- sizeof (ECertDB),
- 0, /* n_preallocs */
- (GInstanceInitFunc) e_cert_db_init,
- };
-
- cert_type = g_type_register_static (PARENT_TYPE, "ECertDB", &cert_info, 0);
- }
-
- return cert_type;
-}
-
-
-
-GStaticMutex init_mutex = G_STATIC_MUTEX_INIT;
-static ECertDB *cert_db = NULL;
-
-ECertDB*
-e_cert_db_peek (void)
-{
- g_static_mutex_lock (&init_mutex);
- if (!cert_db)
- cert_db = g_object_new (E_TYPE_CERT_DB, NULL);
- g_static_mutex_unlock (&init_mutex);
-
- return cert_db;
-}
-
-void
-e_cert_db_shutdown (void)
-{
- /* XXX */
-}
-
-/* searching for certificates */
-ECert*
-e_cert_db_find_cert_by_nickname (ECertDB *certdb,
- const char *nickname,
- GError **error)
-{
- /* nsNSSShutDownPreventionLock locker;*/
- CERTCertificate *cert = NULL;
-
- /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));*/
-#if 0
- /* what it should be, but for now...*/
- if (aToken) {
- cert = PK11_FindCertFromNickname(asciiname, NULL);
- } else {
- cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
- }
-#endif
- cert = PK11_FindCertFromNickname((char*)nickname, NULL);
- if (!cert) {
- cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char*)nickname);
- }
-
-
- if (cert) {
- /* PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("got it\n"));*/
- ECert *ecert = e_cert_new (cert);
- return ecert;
- }
- else {
- /* XXX gerror */
- return NULL;
- }
-}
-
-ECert*
-e_cert_db_find_cert_by_key (ECertDB *certdb,
- const char *db_key,
- GError **error)
-{
-#if 0
- /* nsNSSShutDownPreventionLock locker;*/
- SECItem keyItem = {siBuffer, NULL, 0};
- SECItem *dummy;
- CERTIssuerAndSN issuerSN;
- unsigned long moduleID,slotID;
- CERTCertificate *cert;
-
- if (!db_key) {
- /* XXX gerror */
- return NULL;
- }
-
- dummy = NSSBase64_DecodeBuffer(NULL, &keyItem, db_key,
- (PRUint32)PL_strlen(db_key));
-
- /* someday maybe we can speed up the search using the moduleID and slotID*/
- moduleID = NS_NSS_GET_LONG(keyItem.data);
- slotID = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG]);
-
- /* build the issuer/SN structure*/
- issuerSN.serialNumber.len = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG*2]);
- issuerSN.derIssuer.len = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG*3]);
- issuerSN.serialNumber.data= &keyItem.data[NS_NSS_LONG*4];
- issuerSN.derIssuer.data= &keyItem.data[NS_NSS_LONG*4+
- issuerSN.serialNumber.len];
-
- cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN);
- PR_FREEIF(keyItem.data);
- if (cert) {
- ECert *ecert = e_cert_new (cert);
- return e_cert;
- }
-
- /* XXX gerror */
- return NULL;
-#endif
-}
-
-GList*
-e_cert_db_get_cert_nicknames (ECertDB *certdb,
- ECertType cert_type,
- GError **error)
-{
-}
-
-ECert*
-e_cert_db_find_email_encryption_cert (ECertDB *certdb,
- const char *nickname,
- GError **error)
-{
-}
-
-ECert*
-e_cert_db_find_email_signing_cert (ECertDB *certdb,
- const char *nickname,
- GError **error)
-{
-}
-
-ECert*
-e_cert_db_find_cert_by_email_address (ECertDB *certdb,
- const char *email,
- GError **error)
-{
- /* nsNSSShutDownPreventionLock locker; */
- ECert *cert;
- CERTCertificate *any_cert = CERT_FindCertByNicknameOrEmailAddr(CERT_GetDefaultCertDB(),
- (char*)email);
- CERTCertList *certlist;
-
- if (!any_cert) {
- /* XXX gerror */
- return NULL;
- }
-
- /* any_cert now contains a cert with the right subject, but it might not have the correct usage */
- certlist = CERT_CreateSubjectCertList(NULL,
- CERT_GetDefaultCertDB(),
- &any_cert->derSubject,
- PR_Now(), PR_TRUE);
- if (!certlist) {
- /* XXX gerror */
- CERT_DestroyCertificate(any_cert);
- return NULL;
- }
-
- if (SECSuccess != CERT_FilterCertListByUsage(certlist, certUsageEmailRecipient, PR_FALSE)) {
- /* XXX gerror */
- CERT_DestroyCertificate(any_cert);
- /* XXX free certlist? */
- return NULL;
- }
-
- if (CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) {
- /* XXX gerror */
- CERT_DestroyCertificate(any_cert);
- /* XXX free certlist? */
- return NULL;
- }
-
- cert = e_cert_new (CERT_LIST_HEAD(certlist)->cert);
-
- return cert;
-}
-
-static gboolean
-_confirm_download_ca_cert (ECert *cert, guint32 *trustBits, gboolean *allow)
-{
- /* right now just allow it and set the trustBits to 0 */
- *trustBits = 0;
- *allow = TRUE;
- return TRUE;
-}
-
-static gboolean
-handle_ca_cert_download(GList *certs, GError **error)
-{
- ECert *certToShow;
- SECItem der;
- CERTCertificate *tmpCert;
-
- /* First thing we have to do is figure out which certificate
- we're gonna present to the user. The CA may have sent down
- a list of certs which may or may not be a chained list of
- certs. Until the day we can design some solid UI for the
- general case, we'll code to the > 90% case. That case is
- where a CA sends down a list that is a chain up to its root
- in either ascending or descending order. What we're gonna
- do is compare the first 2 entries, if the first was signed
- by the second, we assume the leaf cert is the first cert
- and display it. If the second cert was signed by the first
- cert, then we assume the first cert is the root and the
- last cert in the array is the leaf. In this case we
- display the last cert.
- */
-
- /* nsNSSShutDownPreventionLock locker;*/
-
- if (certs == NULL) {
- g_warning ("Didn't get any certs to import.");
- return TRUE;
- }
- else if (certs->next == NULL) {
- /* there's 1 cert */
- certToShow = E_CERT (certs->data);
- }
- else {
- /* there are multiple certs */
- ECert *cert0;
- ECert *cert1;
- const char* cert0SubjectName;
- const char* cert0IssuerName;
- const char* cert1SubjectName;
- const char* cert1IssuerName;
-
- cert0 = E_CERT (certs->data);
- cert1 = E_CERT (certs->next->data);
-
- cert0IssuerName = e_cert_get_issuer_name (cert0);
- cert0SubjectName = e_cert_get_subject_name (cert0);
-
- cert1IssuerName = e_cert_get_issuer_name (cert1);
- cert1SubjectName = e_cert_get_subject_name (cert1);
-
- if (!strcmp(cert1IssuerName, cert0SubjectName)) {
- /* In this case, the first cert in the list signed the second,
- so the first cert is the root. Let's display the last cert
- in the list. */
- certToShow = E_CERT (g_list_last (certs)->data);
- }
- else if (!strcmp(cert0IssuerName, cert1SubjectName)) {
- /* In this case the second cert has signed the first cert. The
- first cert is the leaf, so let's display it. */
- certToShow = cert0;
- } else {
- /* It's not a chain, so let's just show the first one in the
- downloaded list. */
- certToShow = cert0;
- }
- }
-
- if (!certToShow) {
- /* XXX gerror */
- return FALSE;
- }
-
- if (!e_cert_get_raw_der (certToShow, (char**)&der.data, &der.len)) {
- /* XXX gerror */
- return FALSE;
- }
-
- {
- /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Creating temp cert\n"));*/
- CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
- tmpCert = CERT_FindCertByDERCert(certdb, &der);
- if (!tmpCert) {
- tmpCert = CERT_NewTempCertificate(certdb, &der,
- NULL, PR_FALSE, PR_TRUE);
- }
- if (!tmpCert) {
- g_warning ("Couldn't create cert from DER blob");
- return FALSE;
- }
- }
-
-#if 0
- CERTCertificateCleaner tmpCertCleaner(tmpCert);
-#endif
-
- if (tmpCert->isperm) {
- e_notice (NULL, GTK_MESSAGE_WARNING, _("Certificate already exists"));
- /* XXX gerror */
- return FALSE;
- }
- else {
- guint32 trustBits;
- gboolean allow;
- char *nickname;
- SECStatus srv;
- CERTCertTrust trust;
-
- if (!_confirm_download_ca_cert (certToShow, &trustBits, &allow)) {
- /* XXX gerror */
- return FALSE;
- }
-
- if (!allow) {
- /* XXX gerror */
- return FALSE;
- }
-
- /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("trust is %d\n", trustBits));*/
-
- nickname = CERT_MakeCANickname(tmpCert);
-
- /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Created nick \"%s\"\n", nickname.get()));*/
-
- e_cert_trust_init (&trust);
- e_cert_trust_set_valid_ca (&trust);
- e_cert_trust_add_ca_trust (&trust,
-#if 1
- /* XXX we need that ui working i guess. */
- 0, 0, 0
-#else
- trustBits & nsIX509CertDB::TRUSTED_SSL,
- trustBits & nsIX509CertDB::TRUSTED_EMAIL,
- trustBits & nsIX509CertDB::TRUSTED_OBJSIGN
-#endif
-);
-
- srv = CERT_AddTempCertToPerm(tmpCert,
- nickname,
- &trust);
-
- if (srv != SECSuccess) {
- /* XXX gerror */
- return FALSE;
- }
-
-#if 0
- /* Now it's time to add the rest of the certs we just downloaded.
- Since we didn't prompt the user about any of these certs, we
- won't set any trust bits for them. */
- e_cert_trust_init (&trust);
- e_cert_trust_set_valid_ca (&trust);
- e_cert_trusts_add_ca_trust (&trust, 0, 0, 0);
- for (PRUint32 i=0; i<numCerts; i++) {
- if (i == selCertIndex)
- continue;
-
- certToShow = do_QueryElementAt(x509Certs, i);
- certToShow->GetRawDER(&der.len, (PRUint8 **)&der.data);
-
- CERTCertificate *tmpCert2 =
- CERT_NewTempCertificate(certdb, &der, nsnull, PR_FALSE, PR_TRUE);
-
- if (!tmpCert2) {
- NS_ASSERTION(0, "Couldn't create temp cert from DER blob\n");
- continue; /* Let's try to import the rest of 'em */
- }
- nickname.Adopt(CERT_MakeCANickname(tmpCert2));
- CERT_AddTempCertToPerm(tmpCert2, NS_CONST_CAST(char*,nickname.get()),
- defaultTrust.GetTrust());
- CERT_DestroyCertificate(tmpCert2);
- }
-#endif
- return TRUE;
- }
-}
-
-/* deleting certificates */
-gboolean
-e_cert_db_delete_cert (ECertDB *certdb,
- ECert *ecert)
-{
- /* nsNSSShutDownPreventionLock locker;
- nsNSSCertificate *nssCert = NS_STATIC_CAST(nsNSSCertificate*, aCert); */
-
- CERTCertificate *cert;
- SECStatus srv = SECSuccess;
- if (!e_cert_mark_for_deletion (ecert)) {
- return FALSE;
- }
-
- cert = e_cert_get_internal_cert (ecert);
- if (cert->slot && e_cert_get_cert_type (ecert) != E_CERT_USER) {
- /* To delete a cert of a slot (builtin, most likely), mark it as
- completely untrusted. This way we keep a copy cached in the
- local database, and next time we try to load it off of the
- external token/slot, we'll know not to trust it. We don't
- want to do that with user certs, because a user may re-store
- the cert onto the card again at which point we *will* want to
- trust that cert if it chains up properly. */
- CERTCertTrust trust;
-
- e_cert_trust_init_with_values (&trust, 0, 0, 0);
- srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
- cert, &trust);
- }
-
- /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("cert deleted: %d", srv));*/
- return (srv) ? FALSE : TRUE;
-}
-
-/* importing certificates */
-gboolean
-e_cert_db_import_certs (ECertDB *certdb,
- char *data, guint32 length,
- ECertType cert_type,
- GError **error)
-{
- /*nsNSSShutDownPreventionLock locker;*/
- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- GList *certs = NULL;
- CERTDERCerts *certCollection = e_cert_db_get_certs_from_package (arena, data, length);
- int i;
- gboolean rv;
-
- if (!certCollection) {
- /* XXX gerror */
- PORT_FreeArena(arena, PR_FALSE);
- return FALSE;
- }
-
- /* Now let's create some certs to work with */
- for (i=0; i<certCollection->numcerts; i++) {
- SECItem *currItem = &certCollection->rawCerts[i];
- ECert *cert;
-
- cert = e_cert_new_from_der ((char*)currItem->data, currItem->len);
- if (!cert) {
- /* XXX gerror */
- g_list_foreach (certs, (GFunc)g_object_unref, NULL);
- g_list_free (certs);
- PORT_FreeArena(arena, PR_FALSE);
- return FALSE;
- }
- certs = g_list_append (certs, cert);
- }
- switch (cert_type) {
- case E_CERT_CA:
- rv = handle_ca_cert_download(certs, error);
- break;
- default:
- /* We only deal with import CA certs in this method currently.*/
- /* XXX gerror */
- PORT_FreeArena(arena, PR_FALSE);
- rv = FALSE;
- }
-
- g_list_foreach (certs, (GFunc)g_object_unref, NULL);
- g_list_free (certs);
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
-}
-
-gboolean
-e_cert_db_import_email_cert (ECertDB *certdb,
- char *data, guint32 length,
- GError **error)
-{
- /*nsNSSShutDownPreventionLock locker;*/
- SECStatus srv = SECFailure;
- gboolean rv = TRUE;
- CERTCertificate * cert;
- SECItem **rawCerts;
- int numcerts;
- int i;
- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- CERTDERCerts *certCollection = e_cert_db_get_certs_from_package (arena, data, length);
-
- if (!certCollection) {
- /* XXX g_error */
-
- PORT_FreeArena(arena, PR_FALSE);
- return FALSE;
- }
-
- cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), certCollection->rawCerts,
- (char *)NULL, PR_FALSE, PR_TRUE);
- if (!cert) {
- /* XXX g_error */
- rv = FALSE;
- goto loser;
- }
- numcerts = certCollection->numcerts;
- rawCerts = (SECItem **) PORT_Alloc(sizeof(SECItem *) * numcerts);
- if ( !rawCerts ) {
- /* XXX g_error */
- rv = FALSE;
- goto loser;
- }
-
- for ( i = 0; i < numcerts; i++ ) {
- rawCerts[i] = &certCollection->rawCerts[i];
- }
-
- srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), certUsageEmailSigner,
- numcerts, rawCerts, NULL, PR_TRUE, PR_FALSE,
- NULL);
- if ( srv != SECSuccess ) {
- /* XXX g_error */
- rv = FALSE;
- goto loser;
- }
- srv = CERT_SaveSMimeProfile(cert, NULL, NULL);
- PORT_Free(rawCerts);
- loser:
- if (cert)
- CERT_DestroyCertificate(cert);
- if (arena)
- PORT_FreeArena(arena, PR_TRUE);
- return rv;
-}
-
-static char *
-default_nickname (CERTCertificate *cert)
-{
- /* nsNSSShutDownPreventionLock locker; */
- char *username = NULL;
- char *caname = NULL;
- char *nickname = NULL;
- char *tmp = NULL;
- int count;
- char *nickFmt=NULL, *nickFmtWithNum = NULL;
- CERTCertificate *dummycert;
- PK11SlotInfo *slot=NULL;
- CK_OBJECT_HANDLE keyHandle;
-
- CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB();
-
- username = CERT_GetCommonName(&cert->subject);
- if ( username == NULL )
- username = PL_strdup("");
-
- if ( username == NULL )
- goto loser;
-
- caname = CERT_GetOrgName(&cert->issuer);
- if ( caname == NULL )
- caname = PL_strdup("");
-
- if ( caname == NULL )
- goto loser;
-
- count = 1;
-
- nickFmt = "%1$s's %2$s ID";
- nickFmtWithNum = "%1$s's %2$s ID #%3$d";
-
- nickname = PR_smprintf(nickFmt, username, caname);
- /*
- * We need to see if the private key exists on a token, if it does
- * then we need to check for nicknames that already exist on the smart
- * card.
- */
- slot = PK11_KeyForCertExists(cert, &keyHandle, NULL);
- if (slot == NULL) {
- goto loser;
- }
- if (!PK11_IsInternal(slot)) {
- tmp = PR_smprintf("%s:%s", PK11_GetTokenName(slot), nickname);
- PR_Free(nickname);
- nickname = tmp;
- tmp = NULL;
- }
- tmp = nickname;
- while ( 1 ) {
- if ( count > 1 ) {
- nickname = PR_smprintf("%s #%d", tmp, count);
- }
-
- if ( nickname == NULL )
- goto loser;
-
- if (PK11_IsInternal(slot)) {
- /* look up the nickname to make sure it isn't in use already */
- dummycert = CERT_FindCertByNickname(defaultcertdb, nickname);
-
- } else {
- /*
- * Check the cert against others that already live on the smart
- * card.
- */
- dummycert = PK11_FindCertFromNickname(nickname, NULL);
- if (dummycert != NULL) {
- /*
- * Make sure the subject names are different.
- */
- if (CERT_CompareName(&cert->subject, &dummycert->subject) == SECEqual) {
- /*
- * There is another certificate with the same nickname and
- * the same subject name on the smart card, so let's use this
- * nickname.
- */
- CERT_DestroyCertificate(dummycert);
- dummycert = NULL;
- }
- }
- }
- if ( dummycert == NULL )
- goto done;
-
- /* found a cert, destroy it and loop */
- CERT_DestroyCertificate(dummycert);
- if (tmp != nickname) PR_Free(nickname);
- count++;
- } /* end of while(1) */
-
- loser:
- if ( nickname ) {
- PR_Free(nickname);
- }
- nickname = NULL;
- done:
- if ( caname ) {
- PR_Free(caname);
- }
- if ( username ) {
- PR_Free(username);
- }
- if (slot != NULL) {
- PK11_FreeSlot(slot);
- if (nickname != NULL) {
- tmp = nickname;
- nickname = strchr(tmp, ':');
- if (nickname != NULL) {
- nickname++;
- nickname = PL_strdup(nickname);
- PR_Free(tmp);
- tmp = NULL;
- } else {
- nickname = tmp;
- tmp = NULL;
- }
- }
- }
- PR_FREEIF(tmp);
- return(nickname);
-}
-
-gboolean
-e_cert_db_import_user_cert (ECertDB *certdb,
- char *data, guint32 length,
- GError **error)
-{
- /* nsNSSShutDownPreventionLock locker;*/
- PK11SlotInfo *slot;
- char * nickname = NULL;
- gboolean rv = FALSE;
- int numCACerts;
- SECItem *CACerts;
- CERTDERCerts * collectArgs;
- PRArenaPool *arena;
- CERTCertificate * cert=NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- /* XXX g_error */
- goto loser;
- }
-
- collectArgs = e_cert_db_get_certs_from_package (arena, data, length);
- if (!collectArgs) {
- /* XXX g_error */
- goto loser;
- }
-
- cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), collectArgs->rawCerts,
- (char *)NULL, PR_FALSE, PR_TRUE);
- if (!cert) {
- /* XXX g_error */
- goto loser;
- }
-
- slot = PK11_KeyForCertExists(cert, NULL, NULL);
- if ( slot == NULL ) {
- /* XXX g_error */
- goto loser;
- }
- PK11_FreeSlot(slot);
-
- /* pick a nickname for the cert */
- if (cert->nickname) {
- /* sigh, we need a call to look up other certs with this subject and
- * identify nicknames from them. We can no longer walk down internal
- * database structures rjr */
- nickname = cert->nickname;
- }
- else {
- nickname = default_nickname(cert);
- }
-
- /* user wants to import the cert */
- slot = PK11_ImportCertForKey(cert, nickname, NULL);
- if (!slot) {
- /* XXX g_error */
- goto loser;
- }
- PK11_FreeSlot(slot);
- numCACerts = collectArgs->numcerts - 1;
-
- if (numCACerts) {
- CACerts = collectArgs->rawCerts+1;
- if ( ! CERT_ImportCAChain(CACerts, numCACerts, certUsageUserCertImport) ) {
- rv = TRUE;
- }
- }
-
- loser:
- if (arena) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- if ( cert ) {
- CERT_DestroyCertificate(cert);
- }
- return rv;
-}
-
-gboolean
-e_cert_db_import_server_cert (ECertDB *certdb,
- char *data, guint32 length,
- GError **error)
-{
- /* not c&p'ing this over at the moment, as we don't have a UI
- for server certs anyway */
- return FALSE;
-}
-
-gboolean
-e_cert_db_import_certs_from_file (ECertDB *cert_db,
- const char *file_path,
- ECertType cert_type,
- GError **error)
-{
- gboolean rv;
- int fd;
- struct stat sb;
- char *buf;
- int bytes_read;
-
- switch (cert_type) {
- case E_CERT_CA:
- case E_CERT_CONTACT:
- case E_CERT_SITE:
- /* good */
- break;
-
- default:
- /* not supported (yet) */
- /* XXX gerror */
- return FALSE;
- }
-
- fd = open (file_path, O_RDONLY);
- if (fd == -1) {
- /* XXX gerror */
- return FALSE;
- }
-
- if (-1 == fstat (fd, &sb)) {
- /* XXX gerror */
- close (fd);
- return FALSE;
- }
-
- buf = g_malloc (sb.st_size);
- if (!buf) {
- /* XXX gerror */
- close (fd);
- return FALSE;
- }
-
- bytes_read = read (fd, buf, sb.st_size);
-
- close (fd);
-
- if (bytes_read != sb.st_size) {
- /* XXX gerror */
- rv = FALSE;
- }
- else {
- printf ("importing %d bytes from `%s'\n", bytes_read, file_path);
-
- switch (cert_type) {
- case E_CERT_CA:
- rv = e_cert_db_import_certs (cert_db, buf, bytes_read, cert_type, error);
- break;
-
- case E_CERT_SITE:
- rv = e_cert_db_import_server_cert (cert_db, buf, bytes_read, error);
- break;
-
- case E_CERT_CONTACT:
- rv = e_cert_db_import_email_cert (cert_db, buf, bytes_read, error);
- break;
-
- default:
- rv = FALSE;
- break;
- }
- }
-
- g_free (buf);
- return rv;
-}
-
-gboolean
-e_cert_db_import_pkcs12_file (ECertDB *cert_db,
- const char *file_path,
- GError **error)
-{
-}
-
-gboolean
-e_cert_db_export_pkcs12_file (ECertDB *cert_db,
- const char *file_path,
- GList *certs,
- GError **error)
-{
-}
-
-
-
-static SECStatus PR_CALLBACK
-collect_certs(void *arg, SECItem **certs, int numcerts)
-{
- CERTDERCerts *collectArgs;
- SECItem *cert;
- SECStatus rv;
-
- collectArgs = (CERTDERCerts *)arg;
-
- collectArgs->numcerts = numcerts;
- collectArgs->rawCerts = (SECItem *) PORT_ArenaZAlloc(collectArgs->arena, sizeof(SECItem) * numcerts);
- if ( collectArgs->rawCerts == NULL )
- return(SECFailure);
-
- cert = collectArgs->rawCerts;
-
- while ( numcerts-- ) {
- rv = SECITEM_CopyItem(collectArgs->arena, cert, *certs);
- if ( rv == SECFailure )
- return(SECFailure);
- cert++;
- certs++;
- }
-
- return (SECSuccess);
-}
-
-static CERTDERCerts*
-e_cert_db_get_certs_from_package (PRArenaPool *arena,
- char *data,
- guint32 length)
-{
- /*nsNSSShutDownPreventionLock locker;*/
- CERTDERCerts *collectArgs =
- (CERTDERCerts *)PORT_ArenaZAlloc(arena, sizeof(CERTDERCerts));
- SECStatus sec_rv;
-
- if (!collectArgs)
- return NULL;
-
- collectArgs->arena = arena;
- sec_rv = CERT_DecodeCertPackage(data,
- length, collect_certs,
- (void *)collectArgs);
-
- if (sec_rv != SECSuccess)
- return NULL;
-
- return collectArgs;
-}
diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h
deleted file mode 100644
index ffc381587a..0000000000
--- a/smime/lib/e-cert-db.h
+++ /dev/null
@@ -1,128 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
-/*
- * Authors: Chris Toshok <toshok@ximian.com>
- *
- * Copyright (C) 2003 Ximian, Inc. (www.ximian.com)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
- *
- */
-
-#ifndef _E_CERT_DB_H_
-#define _E_CERT_DB_H_
-
-#include <glib-object.h>
-#include "e-cert.h"
-#include <cert.h>
-
-#define E_TYPE_CERT_DB (e_cert_db_get_type ())
-#define E_CERT_DB(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_CERT_DB, ECertDB))
-#define E_CERT_DB_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_CERT_DB, ECertDBClass))
-#define E_IS_CERT_DB(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_CERT_DB))
-#define E_IS_CERT_DB_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_CERT_DB))
-#define E_CERT_DB_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_CERT_DB, ECertDBClass))
-
-typedef struct _ECertDB ECertDB;
-typedef struct _ECertDBClass ECertDBClass;
-typedef struct _ECertDBPrivate ECertDBPrivate;
-
-struct _ECertDB {
- GObject parent;
-
- ECertDBPrivate *priv;
-};
-
-struct _ECertDBClass {
- GObjectClass parent_class;
-
- /* Padding for future expansion */
- void (*_ecert_reserved0) (void);
- void (*_ecert_reserved1) (void);
- void (*_ecert_reserved2) (void);
- void (*_ecert_reserved3) (void);
- void (*_ecert_reserved4) (void);
-};
-
-GType e_cert_db_get_type (void);
-
-/* single instance */
-ECertDB* e_cert_db_peek (void);
-
-void e_cert_db_shutdown (void);
-
-/* searching for certificates */
-ECert* e_cert_db_find_cert_by_nickname (ECertDB *certdb,
- const char *nickname,
- GError **error);
-
-ECert* e_cert_db_find_cert_by_key (ECertDB *certdb,
- const char *db_key,
- GError **error);
-
-GList* e_cert_db_get_cert_nicknames (ECertDB *certdb,
- ECertType cert_type,
- GError **error);
-
-
-ECert* e_cert_db_find_email_encryption_cert (ECertDB *certdb,
- const char *nickname,
- GError **error);
-
-ECert* e_cert_db_find_email_signing_cert (ECertDB *certdb,
- const char *nickname,
- GError **error);
-
-ECert* e_cert_db_find_cert_by_email_address (ECertDB *certdb,
- const char *nickname,
- GError **error);
-
-/* deleting certificates */
-gboolean e_cert_db_delete_cert (ECertDB *certdb,
- ECert *cert);
-
-/* importing certificates */
-gboolean e_cert_db_import_certs (ECertDB *certdb,
- char *data, guint32 length,
- ECertType cert_type,
- GError **error);
-
-gboolean e_cert_db_import_email_cert (ECertDB *certdb,
- char *data, guint32 length,
- GError **error);
-
-gboolean e_cert_db_import_user_cert (ECertDB *certdb,
- char *data, guint32 length,
- GError **error);
-
-gboolean e_cert_db_import_server_cert (ECertDB *certdb,
- char *data, guint32 length,
- GError **error);
-
-gboolean e_cert_db_import_certs_from_file (ECertDB *cert_db,
- const char *file_path,
- ECertType cert_type,
- GError **error);
-
-gboolean e_cert_db_import_pkcs12_file (ECertDB *cert_db,
- const char *file_path,
- GError **error);
-
-gboolean e_cert_db_export_pkcs12_file (ECertDB *cert_db,
- const char *file_path,
- GList *certs,
- GError **error);
-
-
-#endif /* _E_CERT_DB_H_ */
diff --git a/smime/lib/e-cert-trust.c b/smime/lib/e-cert-trust.c
deleted file mode 100644
index 7386a88963..0000000000
--- a/smime/lib/e-cert-trust.c
+++ /dev/null
@@ -1,418 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
-/*
- * Authors: Chris Toshok <toshok@ximian.com>
- *
- * Copyright (C) 2003 Novell, Inc. (www.novell.com)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
- *
- */
-
-/* this code is pretty much cut&pasted and renamed from mozilla.
- here's their copyright/blurb */
-
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- * Ian McGreer <mcgreer@netscape.com>
- * Javier Delgadillo <javi@netscape.com>
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- */
-
-#include "e-cert-trust.h"
-
-void
-e_cert_trust_init (CERTCertTrust *trust)
-{
- memset(trust, 0, sizeof(CERTCertTrust));
-}
-
-void
-e_cert_trust_init_with_values (CERTCertTrust *trust,
- unsigned int ssl,
- unsigned int email,
- unsigned int objsign)
-{
- memset(trust, 0, sizeof(CERTCertTrust));
- e_cert_trust_add_trust(&trust->sslFlags, ssl);
- e_cert_trust_add_trust(&trust->emailFlags, email);
- e_cert_trust_add_trust(&trust->objectSigningFlags, objsign);
-}
-
-void
-e_cert_trust_copy (CERTCertTrust *trust, CERTCertTrust *t)
-{
- if (t)
- memcpy(trust, t, sizeof(CERTCertTrust));
- else
- memset(trust, 0, sizeof(CERTCertTrust));
-}
-
-void
-e_cert_trust_add_ca_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign)
-{
- if (ssl) {
- e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CA);
- e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA);
- }
- if (email) {
- e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CA);
- e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA);
- }
- if (objSign) {
- e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CA);
- e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
- }
-}
-
-void
-e_cert_trust_add_peer_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign)
-{
- if (ssl)
- e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED);
- if (email)
- e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED);
- if (objSign)
- e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED);
-}
-
-void
-e_cert_trust_set_ssl_trust (CERTCertTrust *trust,
- PRBool peer, PRBool tPeer,
- PRBool ca, PRBool tCA, PRBool tClientCA,
- PRBool user, PRBool warn)
-{
- trust->sslFlags = 0;
- if (peer || tPeer)
- e_cert_trust_add_trust(&trust->sslFlags, CERTDB_VALID_PEER);
- if (tPeer)
- e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED);
- if (ca || tCA)
- e_cert_trust_add_trust(&trust->sslFlags, CERTDB_VALID_CA);
- if (tClientCA)
- e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA);
- if (tCA)
- e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CA);
- if (user)
- e_cert_trust_add_trust(&trust->sslFlags, CERTDB_USER);
- if (warn)
- e_cert_trust_add_trust(&trust->sslFlags, CERTDB_SEND_WARN);
-}
-
-void
-e_cert_trust_set_email_trust (CERTCertTrust *trust,
- PRBool peer, PRBool tPeer,
- PRBool ca, PRBool tCA, PRBool tClientCA,
- PRBool user, PRBool warn)
-{
- trust->emailFlags = 0;
- if (peer || tPeer)
- e_cert_trust_add_trust(&trust->emailFlags, CERTDB_VALID_PEER);
- if (tPeer)
- e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED);
- if (ca || tCA)
- e_cert_trust_add_trust(&trust->emailFlags, CERTDB_VALID_CA);
- if (tClientCA)
- e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA);
- if (tCA)
- e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CA);
- if (user)
- e_cert_trust_add_trust(&trust->emailFlags, CERTDB_USER);
- if (warn)
- e_cert_trust_add_trust(&trust->emailFlags, CERTDB_SEND_WARN);
-}
-
-void
-e_cert_trust_set_objsign_trust (CERTCertTrust *trust,
- PRBool peer, PRBool tPeer,
- PRBool ca, PRBool tCA, PRBool tClientCA,
- PRBool user, PRBool warn)
-{
- trust->objectSigningFlags = 0;
- if (peer || tPeer)
- e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_VALID_PEER);
- if (tPeer)
- e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED);
- if (ca || tCA)
- e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_VALID_CA);
- if (tClientCA)
- e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
- if (tCA)
- e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CA);
- if (user)
- e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_USER);
- if (warn)
- e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_SEND_WARN);
-}
-
-void
-e_cert_trust_set_valid_ca (CERTCertTrust *trust)
-{
- e_cert_trust_set_ssl_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_TRUE, PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE);
- e_cert_trust_set_email_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_TRUE, PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE);
- e_cert_trust_set_objsign_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_TRUE, PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE);
-}
-
-void
-e_cert_trust_set_trusted_server_ca (CERTCertTrust *trust)
-{
- e_cert_trust_set_ssl_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_TRUE, PR_TRUE, PR_FALSE,
- PR_FALSE, PR_FALSE);
- e_cert_trust_set_email_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_TRUE, PR_TRUE, PR_FALSE,
- PR_FALSE, PR_FALSE);
- e_cert_trust_set_objsign_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_TRUE, PR_TRUE, PR_FALSE,
- PR_FALSE, PR_FALSE);
-}
-
-void
-e_cert_trust_set_trusted_ca (CERTCertTrust *trust)
-{
- e_cert_trust_set_ssl_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_TRUE, PR_TRUE, PR_TRUE,
- PR_FALSE, PR_FALSE);
- e_cert_trust_set_email_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_TRUE, PR_TRUE, PR_TRUE,
- PR_FALSE, PR_FALSE);
- e_cert_trust_set_objsign_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_TRUE, PR_TRUE, PR_TRUE,
- PR_FALSE, PR_FALSE);
-}
-
-void
-e_cert_trust_set_valid_peer (CERTCertTrust *trust)
-{
- e_cert_trust_set_ssl_trust (trust,
- PR_TRUE, PR_FALSE,
- PR_FALSE, PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE);
- e_cert_trust_set_email_trust (trust,
- PR_TRUE, PR_FALSE,
- PR_FALSE, PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE);
- e_cert_trust_set_objsign_trust (trust,
- PR_TRUE, PR_FALSE,
- PR_FALSE, PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE);
-}
-
-void
-e_cert_trust_set_valid_server_peer (CERTCertTrust *trust)
-{
- e_cert_trust_set_ssl_trust (trust,
- PR_TRUE, PR_FALSE,
- PR_FALSE, PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE);
- e_cert_trust_set_email_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE);
- e_cert_trust_set_objsign_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE);
-}
-
-void
-e_cert_trust_set_trusted_peer (CERTCertTrust *trust)
-{
- e_cert_trust_set_ssl_trust (trust,
- PR_TRUE, PR_TRUE,
- PR_FALSE, PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE);
- e_cert_trust_set_email_trust (trust,
- PR_TRUE, PR_TRUE,
- PR_FALSE, PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE);
- e_cert_trust_set_objsign_trust (trust,
- PR_TRUE, PR_TRUE,
- PR_FALSE, PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE);
-}
-
-void
-e_cert_trust_set_user (CERTCertTrust *trust)
-{
- e_cert_trust_set_ssl_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE, PR_FALSE,
- PR_TRUE, PR_FALSE);
- e_cert_trust_set_email_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE, PR_FALSE,
- PR_TRUE, PR_FALSE);
- e_cert_trust_set_objsign_trust (trust,
- PR_FALSE, PR_FALSE,
- PR_FALSE, PR_FALSE, PR_FALSE,
- PR_TRUE, PR_FALSE);
-}
-
-PRBool
-e_cert_trust_has_any_ca (CERTCertTrust *trust)
-{
- if (e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_CA) ||
- e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_CA) ||
- e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_CA))
- return PR_TRUE;
- return PR_FALSE;
-}
-
-PRBool
-e_cert_trust_has_ca (CERTCertTrust *trust,
- PRBool checkSSL,
- PRBool checkEmail,
- PRBool checkObjSign)
-{
- if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_CA))
- return PR_FALSE;
- if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_CA))
- return PR_FALSE;
- if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_CA))
- return PR_FALSE;
- return PR_TRUE;
-}
-
-PRBool
-e_cert_trust_has_peer (CERTCertTrust *trust,
- PRBool checkSSL,
- PRBool checkEmail,
- PRBool checkObjSign)
-{
- if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_PEER))
- return PR_FALSE;
- if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_PEER))
- return PR_FALSE;
- if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_PEER))
- return PR_FALSE;
- return PR_TRUE;
-}
-
-PRBool
-e_cert_trust_has_any_user (CERTCertTrust *trust)
-{
- if (e_cert_trust_has_trust(trust->sslFlags, CERTDB_USER) ||
- e_cert_trust_has_trust(trust->emailFlags, CERTDB_USER) ||
- e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_USER))
- return PR_TRUE;
- return PR_FALSE;
-}
-
-PRBool
-e_cert_trust_has_user (CERTCertTrust *trust,
- PRBool checkSSL,
- PRBool checkEmail,
- PRBool checkObjSign)
-{
- if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_USER))
- return PR_FALSE;
- if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_USER))
- return PR_FALSE;
- if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_USER))
- return PR_FALSE;
- return PR_TRUE;
-}
-
-PRBool
-e_cert_trust_has_trusted_ca (CERTCertTrust *trust,
- PRBool checkSSL,
- PRBool checkEmail,
- PRBool checkObjSign)
-{
- if (checkSSL && !(e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED_CA) ||
- e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
- return PR_FALSE;
- if (checkEmail && !(e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED_CA) ||
- e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
- return PR_FALSE;
- if (checkObjSign &&
- !(e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED_CA) ||
- e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA)))
- return PR_FALSE;
- return PR_TRUE;
-}
-
-PRBool
-e_cert_trust_has_trusted_peer (CERTCertTrust *trust,
- PRBool checkSSL,
- PRBool checkEmail,
- PRBool checkObjSign)
-{
- if (checkSSL && !(e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED)))
- return PR_FALSE;
- if (checkEmail && !(e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED)))
- return PR_FALSE;
- if (checkObjSign &&
- !(e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED)))
- return PR_FALSE;
- return PR_TRUE;
-}
-
-void
-e_cert_trust_add_trust (unsigned int *t, unsigned int v)
-{
- *t |= v;
-}
-
-PRBool
-e_cert_trust_has_trust (unsigned int t, unsigned int v)
-{
- return (t & v);
-}
-
diff --git a/smime/lib/e-cert-trust.h b/smime/lib/e-cert-trust.h
deleted file mode 100644
index c55d928019..0000000000
--- a/smime/lib/e-cert-trust.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
-/*
- * Authors: Chris Toshok <toshok@ximian.com>
- *
- * Copyright (C) 2003 Novell, Inc. (www.novell.com)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
- *
- */
-
-#ifndef _E_CERT_TRUST_H_
-#define _E_CERT_TRUST_H_
-
-#include <glib.h>
-#include <cert.h>
-#include <certdb.h>
-
-G_BEGIN_DECLS
-
-void e_cert_trust_init (CERTCertTrust *trust);
-void e_cert_trust_init_with_values (CERTCertTrust *trust,
- unsigned int ssl,
- unsigned int email,
- unsigned int objsign);
-void e_cert_trust_copy (CERTCertTrust *dst_trust, CERTCertTrust *src_trust);
-void e_cert_trust_add_ca_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign);
-void e_cert_trust_add_peer_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign);
-void e_cert_trust_set_ssl_trust (CERTCertTrust *trust,
- PRBool peer, PRBool tPeer,
- PRBool ca, PRBool tCA, PRBool tClientCA,
- PRBool user, PRBool warn);
-void e_cert_trust_set_email_trust (CERTCertTrust *trust,
- PRBool peer, PRBool tPeer,
- PRBool ca, PRBool tCA, PRBool tClientCA,
- PRBool user, PRBool warn);
-void e_cert_trust_set_objsign_trust (CERTCertTrust *trust,
- PRBool peer, PRBool tPeer,
- PRBool ca, PRBool tCA, PRBool tClientCA,
- PRBool user, PRBool warn);
-void e_cert_trust_set_valid_ca (CERTCertTrust *trust);
-void e_cert_trust_set_trusted_server_ca (CERTCertTrust *trust);
-void e_cert_trust_set_trusted_ca (CERTCertTrust *trust);
-void e_cert_trust_set_valid_peer (CERTCertTrust *trust);
-void e_cert_trust_set_valid_server_peer (CERTCertTrust *trust);
-void e_cert_trust_set_trusted_peer (CERTCertTrust *trust);
-void e_cert_trust_set_user (CERTCertTrust *trust);
-PRBool e_cert_trust_has_any_ca (CERTCertTrust *trust);
-PRBool e_cert_trust_has_ca (CERTCertTrust *trust,
- PRBool checkSSL,
- PRBool checkEmail,
- PRBool checkObjSign);
-PRBool e_cert_trust_has_peer (CERTCertTrust *trust,
- PRBool checkSSL,
- PRBool checkEmail,
- PRBool checkObjSign);
-PRBool e_cert_trust_has_any_user (CERTCertTrust *trust);
-PRBool e_cert_trust_has_user (CERTCertTrust *trust,
- PRBool checkSSL,
- PRBool checkEmail,
- PRBool checkObjSign);
-PRBool e_cert_trust_has_trusted_ca (CERTCertTrust *trust,
- PRBool checkSSL,
- PRBool checkEmail,
- PRBool checkObjSign);
-PRBool e_cert_trust_has_trusted_peer (CERTCertTrust *trust,
- PRBool checkSSL,
- PRBool checkEmail,
- PRBool checkObjSign);
-void e_cert_trust_add_trust (unsigned int *t, unsigned int v);
-PRBool e_cert_trust_has_trust (unsigned int t, unsigned int v);
-
-G_END_DECLS
-
-#endif /* _E_CERT_H_ */
diff --git a/smime/lib/e-cert.c b/smime/lib/e-cert.c
deleted file mode 100644
index 54f79690d6..0000000000
--- a/smime/lib/e-cert.c
+++ /dev/null
@@ -1,1227 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
-/* e-cert.c
- *
- * Copyright (C) 2003 Ximian, Inc.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public
- * License along with this program; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * Author: Chris Toshok (toshok@ximian.com)
- */
-
-/* The following is the mozilla license blurb, as the bodies some of
- these functions were derived from the mozilla source. */
-
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- */
-
-#include <time.h>
-
-#include <libgnome/gnome-i18n.h>
-#include <gal/util/e-util.h> /* for e_utf8_strftime, what about e_time_format_time? */
-
-#include "e-cert.h"
-#include "e-cert-trust.h"
-#include "pk11func.h"
-#include "certdb.h"
-#include "hasht.h"
-
-struct _ECertPrivate {
- CERTCertificate *cert;
-
- /* pointers we cache since the nss implementation allocs the
- string */
- char *org_name;
- char *org_unit_name;
- char *cn;
-
- char *issuer_org_name;
- char *issuer_org_unit_name;
- char *issuer_cn;
-
- PRTime issued_on;
- PRTime expires_on;
-
- char *issued_on_string;
- char *expires_on_string;
-
- char *serial_number;
-
- char *sha1_fingerprint;
- char *md5_fingerprint;
-
- EASN1Object *asn1;
-
- gboolean delete;
-};
-
-#define PARENT_TYPE G_TYPE_OBJECT
-static GObjectClass *parent_class;
-
-static void
-e_cert_dispose (GObject *object)
-{
- ECert *ec = E_CERT (object);
-
- if (!ec->priv)
- return;
-
- if (ec->priv->org_name)
- PORT_Free (ec->priv->org_name);
- if (ec->priv->org_unit_name)
- PORT_Free (ec->priv->org_unit_name);
- if (ec->priv->cn)
- PORT_Free (ec->priv->cn);
-
- if (ec->priv->issuer_org_name)
- PORT_Free (ec->priv->issuer_org_name);
- if (ec->priv->issuer_org_unit_name)
- PORT_Free (ec->priv->issuer_org_unit_name);
- if (ec->priv->issuer_cn)
- PORT_Free (ec->priv->issuer_cn);
-
- if (ec->priv->issued_on_string)
- PORT_Free (ec->priv->issued_on_string);
- if (ec->priv->expires_on_string)
- PORT_Free (ec->priv->expires_on_string);
- if (ec->priv->serial_number)
- PORT_Free (ec->priv->serial_number);
-
- if (ec->priv->sha1_fingerprint)
- PORT_Free (ec->priv->sha1_fingerprint);
- if (ec->priv->md5_fingerprint)
- PORT_Free (ec->priv->md5_fingerprint);
-
- if (ec->priv->asn1)
- g_object_unref (ec->priv->asn1);
-
- if (ec->priv->delete) {
- printf ("attempting to delete cert marked for deletion\n");
- if (e_cert_get_cert_type (ec) == E_CERT_USER) {
- PK11_DeleteTokenCertAndKey(ec->priv->cert, NULL);
- } else if (!PK11_IsReadOnly(ec->priv->cert->slot)) {
- /* If the list of built-ins does contain a non-removable
- copy of this certificate, our call will not remove
- the certificate permanently, but rather remove all trust. */
- SEC_DeletePermCertificate(ec->priv->cert);
- }
- }
-
- g_free (ec->priv);
- ec->priv = NULL;
-
- if (G_OBJECT_CLASS (parent_class)->dispose)
- G_OBJECT_CLASS (parent_class)->dispose (object);
-}
-
-static void
-e_cert_class_init (ECertClass *klass)
-{
- GObjectClass *object_class;
-
- object_class = G_OBJECT_CLASS(klass);
-
- parent_class = g_type_class_ref (PARENT_TYPE);
-
- object_class->dispose = e_cert_dispose;
-}
-
-static void
-e_cert_init (ECert *ec)
-{
- ec->priv = g_new0 (ECertPrivate, 1);
-}
-
-GType
-e_cert_get_type (void)
-{
- static GType cert_type = 0;
-
- if (!cert_type) {
- static const GTypeInfo cert_info = {
- sizeof (ECertClass),
- NULL, /* base_init */
- NULL, /* base_finalize */
- (GClassInitFunc) e_cert_class_init,
- NULL, /* class_finalize */
- NULL, /* class_data */
- sizeof (ECert),
- 0, /* n_preallocs */
- (GInstanceInitFunc) e_cert_init,
- };
-
- cert_type = g_type_register_static (PARENT_TYPE, "ECert", &cert_info, 0);
- }
-
- return cert_type;
-}
-
-
-
-static void
-e_cert_populate (ECert *cert)
-{
- CERTCertificate *c = cert->priv->cert;
- unsigned char fingerprint[20];
- SECItem fpItem;
-
- cert->priv->org_name = CERT_GetOrgName (&c->subject);
- cert->priv->org_unit_name = CERT_GetOrgUnitName (&c->subject);
-
- cert->priv->issuer_org_name = CERT_GetOrgName (&c->issuer);
- cert->priv->issuer_org_unit_name = CERT_GetOrgUnitName (&c->issuer);
-
- cert->priv->cn = CERT_GetCommonName (&c->subject);
- cert->priv->issuer_cn = CERT_GetCommonName (&c->issuer);
-
- if (SECSuccess == CERT_GetCertTimes (c, &cert->priv->issued_on, &cert->priv->expires_on)) {
- PRExplodedTime explodedTime;
- struct tm exploded_tm;
- char buf[32];
-
- PR_ExplodeTime (cert->priv->issued_on, PR_LocalTimeParameters, &explodedTime);
- exploded_tm.tm_sec = explodedTime.tm_sec;
- exploded_tm.tm_min = explodedTime.tm_min;
- exploded_tm.tm_hour = explodedTime.tm_hour;
- exploded_tm.tm_mday = explodedTime.tm_mday;
- exploded_tm.tm_mon = explodedTime.tm_month;
- exploded_tm.tm_year = explodedTime.tm_year - 1900;
- e_utf8_strftime (buf, sizeof(buf), _("%d/%m/%Y"), &exploded_tm);
- cert->priv->issued_on_string = g_strdup (buf);
-
- PR_ExplodeTime (cert->priv->expires_on, PR_LocalTimeParameters, &explodedTime);
- exploded_tm.tm_sec = explodedTime.tm_sec;
- exploded_tm.tm_min = explodedTime.tm_min;
- exploded_tm.tm_hour = explodedTime.tm_hour;
- exploded_tm.tm_mday = explodedTime.tm_mday;
- exploded_tm.tm_mon = explodedTime.tm_month;
- exploded_tm.tm_year = explodedTime.tm_year - 1900;
- e_utf8_strftime (buf, sizeof(buf), _("%d/%m/%Y"), &exploded_tm);
- cert->priv->expires_on_string = g_strdup (buf);
- }
-
- cert->priv->serial_number = CERT_Hexify (&cert->priv->cert->serialNumber, TRUE);
-
- memset(fingerprint, 0, sizeof fingerprint);
- PK11_HashBuf(SEC_OID_SHA1, fingerprint,
- cert->priv->cert->derCert.data,
- cert->priv->cert->derCert.len);
- fpItem.data = fingerprint;
- fpItem.len = SHA1_LENGTH;
- cert->priv->sha1_fingerprint = CERT_Hexify (&fpItem, TRUE);
-
- memset(fingerprint, 0, sizeof fingerprint);
- PK11_HashBuf(SEC_OID_MD5, fingerprint,
- cert->priv->cert->derCert.data,
- cert->priv->cert->derCert.len);
- fpItem.data = fingerprint;
- fpItem.len = MD5_LENGTH;
- cert->priv->md5_fingerprint = CERT_Hexify (&fpItem, TRUE);
-}
-
-ECert*
-e_cert_new (CERTCertificate *cert)
-{
- ECert *ecert = E_CERT (g_object_new (E_TYPE_CERT, NULL));
-
- ecert->priv->cert = cert;
-
- e_cert_populate (ecert);
-
- return ecert;
-}
-
-ECert*
-e_cert_new_from_der (char *data, guint32 len)
-{
- CERTCertificate *cert = CERT_DecodeCertFromPackage (data, len);
-
- if (!cert)
- return NULL;
-
- if (cert->dbhandle == NULL)
- cert->dbhandle = CERT_GetDefaultCertDB();
-
- return e_cert_new (cert);
-}
-
-
-
-
-CERTCertificate*
-e_cert_get_internal_cert (ECert *cert)
-{
- /* XXX should this refcnt it? */
- return cert->priv->cert;
-}
-
-gboolean
-e_cert_get_raw_der (ECert *cert, char **data, guint32 *len)
-{
- /* XXX do we really need to check if cert->priv->cert is NULL
- here? it should always be non-null if we have the
- ECert.. */
- if (cert->priv->cert) {
- *data = (char*)cert->priv->cert->derCert.data;
- *len = (guint32)cert->priv->cert->derCert.len;
- return TRUE;
- }
-
- *len = 0;
- return FALSE;
-
-}
-
-const char*
-e_cert_get_window_title (ECert *cert)
-{
- if (cert->priv->cert->nickname)
- return cert->priv->cert->nickname;
- else if (cert->priv->cn)
- return cert->priv->cn;
- else
- return cert->priv->cert->subjectName;
-}
-
-const char*
-e_cert_get_nickname (ECert *cert)
-{
- return cert->priv->cert->nickname;
-}
-
-const char*
-e_cert_get_email (ECert *cert)
-{
- return cert->priv->cert->emailAddr;
-}
-
-const char*
-e_cert_get_org (ECert *cert)
-{
- return cert->priv->org_name;
-}
-
-const char*
-e_cert_get_org_unit (ECert *cert)
-{
- return cert->priv->org_unit_name;
-}
-
-const char*
-e_cert_get_cn (ECert *cert)
-{
- return cert->priv->cn;
-}
-
-const char*
-e_cert_get_issuer_name (ECert *cert)
-{
- return cert->priv->cert->issuerName;
-}
-
-const char*
-e_cert_get_issuer_cn (ECert *cert)
-{
- return cert->priv->issuer_cn;
-}
-
-const char*
-e_cert_get_issuer_org (ECert *cert)
-{
- return cert->priv->issuer_org_name;
-}
-
-const char*
-e_cert_get_issuer_org_unit (ECert *cert)
-{
- return cert->priv->issuer_org_unit_name;
-}
-
-const char*
-e_cert_get_subject_name (ECert *cert)
-{
- return cert->priv->cert->subjectName;
-}
-
-PRTime
-e_cert_get_issued_on_time (ECert *cert)
-{
- return cert->priv->issued_on;
-}
-
-const char*
-e_cert_get_issued_on (ECert *cert)
-{
- return cert->priv->issued_on_string;
-}
-
-PRTime
-e_cert_get_expires_on_time (ECert *cert)
-{
- return cert->priv->expires_on;
-}
-
-const char*
-e_cert_get_expires_on (ECert *cert)
-{
- return cert->priv->expires_on_string;
-}
-
-const char*
-e_cert_get_serial_number (ECert *cert)
-{
- return cert->priv->serial_number;
-}
-
-const char*
-e_cert_get_sha1_fingerprint (ECert *cert)
-{
- return cert->priv->sha1_fingerprint;
-}
-
-const char*
-e_cert_get_md5_fingerprint (ECert *cert)
-{
- return cert->priv->md5_fingerprint;
-}
-
-GList*
-e_cert_get_chain (ECert *ecert)
-{
- GList *l = NULL;
-
- g_object_ref (ecert);
-
- while (ecert) {
- CERTCertificate *cert = e_cert_get_internal_cert (ecert);
- CERTCertificate *next_cert;
-
- l = g_list_append (l, ecert);
-
- if (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject) == SECEqual)
- break;
-
- next_cert = CERT_FindCertIssuer (cert, PR_Now(), certUsageSSLClient);
- if (!next_cert)
- break;
- ecert = e_cert_new (next_cert);
- }
-
- return l;
-}
-
-static gboolean
-get_int_value (SECItem *versionItem,
- unsigned long *version)
-{
- SECStatus srv;
- srv = SEC_ASN1DecodeInteger(versionItem,version);
- if (srv != SECSuccess) {
- g_warning ("could not decode version of cert");
- return FALSE;
- }
- return TRUE;
-}
-
-static gboolean
-process_version (SECItem *versionItem,
- EASN1Object **retItem)
-{
- EASN1Object *item = e_asn1_object_new ();
- unsigned long version;
-
- e_asn1_object_set_display_name (item, _("Version"));
-
- /* Now to figure out what version this certificate is. */
-
- if (versionItem->data) {
- if (!get_int_value (versionItem, &version))
- return FALSE;
- } else {
- /* If there is no version present in the cert, then rfc2459
- says we default to v1 (0) */
- version = 0;
- }
-
- switch (version){
- case 0:
- e_asn1_object_set_display_value (item, _("Version 1"));
- break;
- case 1:
- e_asn1_object_set_display_value (item, _("Version 2"));
- break;
- case 2:
- e_asn1_object_set_display_value (item, _("Version 3"));
- break;
- default:
- g_warning ("Bad value for cert version");
- return FALSE;
- }
-
- *retItem = item;
- return TRUE;
-}
-
-static gboolean
-process_serial_number_der (SECItem *serialItem,
- EASN1Object **retItem)
-{
- char *serialNumber;
- EASN1Object *item = e_asn1_object_new ();
-
- e_asn1_object_set_display_name (item, _("Serial Number"));
-
- serialNumber = CERT_Hexify(serialItem, 1);
-
- e_asn1_object_set_display_value (item, serialNumber);
- PORT_Free (serialNumber); /* XXX the right free to use? */
-
- *retItem = item;
- return TRUE;
-}
-
-static gboolean
-get_default_oid_format (SECItem *oid,
- char **text)
-{
- char buf[300];
- unsigned int len;
- int written;
-
- unsigned long val = oid->data[0];
- unsigned int i = val % 40;
- val /= 40;
- written = PR_snprintf(buf, 300, "%lu %u ", val, i);
- if (written < 0)
- return FALSE;
- len = written;
-
- val = 0;
- for (i = 1; i < oid->len; ++i) {
- /* In this loop, we have to parse a DER formatted
- If the first bit is a 1, then the integer is
- represented by more than one byte. If the
- first bit is set then we continue on and add
- the values of the later bytes until we get
- a byte without the first bit set.
- */
- unsigned long j;
-
- j = oid->data[i];
- val = (val << 7) | (j & 0x7f);
- if (j & 0x80)
- continue;
- written = PR_snprintf(&buf[len], sizeof(buf)-len, "%lu ", val);
- if (written < 0)
- return FALSE;
-
- len += written;
- if (len >= sizeof (buf))
- g_warning ("OID data to big to display in 300 chars.");
- val = 0;
- }
-
- *text = g_strdup (buf);
- return TRUE;
-}
-
-static gboolean
-get_oid_text (SECItem *oid, char **text)
-{
- SECOidTag oidTag = SECOID_FindOIDTag(oid);
- char *temp;
-
- switch (oidTag) {
- case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
- *text = g_strdup (_("PKCS #1 MD2 With RSA Encryption"));
- break;
- case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
- *text = g_strdup (_("PKCS #1 MD5 With RSA Encryption"));
- break;
- case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
- *text = g_strdup (_("PKCS #1 SHA-1 With RSA Encryption"));
- break;
- case SEC_OID_AVA_COUNTRY_NAME:
- *text = g_strdup (_("C"));
- break;
- case SEC_OID_AVA_COMMON_NAME:
- *text = g_strdup (_("CN"));
- break;
- case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
- *text = g_strdup (_("OU"));
- break;
- case SEC_OID_AVA_ORGANIZATION_NAME:
- *text = g_strdup (_("O"));
- break;
- case SEC_OID_AVA_LOCALITY:
- *text = g_strdup (_("L"));
- break;
- case SEC_OID_AVA_DN_QUALIFIER:
- *text = g_strdup (_("DN"));
- break;
- case SEC_OID_AVA_DC:
- *text = g_strdup (_("DC"));
- break;
- case SEC_OID_AVA_STATE_OR_PROVINCE:
- *text = g_strdup (_("ST"));
- break;
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- *text = g_strdup (_("PKCS #1 RSA Encryption"));
- break;
- case SEC_OID_X509_KEY_USAGE:
- *text = g_strdup (_("Certificate Key Usage"));
- break;
- case SEC_OID_NS_CERT_EXT_CERT_TYPE:
- *text = g_strdup (_("Netscape Certificate Type"));
- break;
- case SEC_OID_X509_AUTH_KEY_ID:
- *text = g_strdup (_("Certificate Authority Key Identifier"));
- break;
- case SEC_OID_RFC1274_UID:
- *text = g_strdup (_("UID"));
- break;
- case SEC_OID_PKCS9_EMAIL_ADDRESS:
- *text = g_strdup (_("E"));
- break;
- default:
- if (!get_default_oid_format (oid, &temp))
- return FALSE;
-
- *text = g_strdup_printf (_("Object Identifier (%s)"), temp);
- g_free (temp);
-
- break;
- }
- return TRUE;
-}
-
-
-static gboolean
-process_raw_bytes (SECItem *data, char **text)
-{
- /* This function is used to display some DER bytes
- that we have not added support for decoding.
- It prints the value of the byte out into a
- string that can later be displayed as a byte
- string. We place a new line after 24 bytes
- to break up extermaly long sequence of bytes.
- */
- GString *str = g_string_new ("");
- PRUint32 i;
- char buffer[5];
- for (i=0; i<data->len; i++) {
- PR_snprintf(buffer, 5, "%02x ", data->data[i]);
- g_string_append (str, buffer);
- if ((i+1)%16 == 0) {
- g_string_append (str, "\n");
- }
- }
- *text = g_string_free (str, FALSE);
- return TRUE;
-}
-
-static gboolean
-process_sec_algorithm_id (SECAlgorithmID *algID,
- EASN1Object **retSequence)
-{
- EASN1Object *sequence = e_asn1_object_new ();
- char *text;
-
- *retSequence = NULL;
-
- get_oid_text (&algID->algorithm, &text);
-
- if (!algID->parameters.len || algID->parameters.data[0] == E_ASN1_OBJECT_TYPE_NULL) {
- e_asn1_object_set_display_value (sequence, text);
- e_asn1_object_set_valid_container (sequence, FALSE);
- } else {
- EASN1Object *subitem;
-
- subitem = e_asn1_object_new ();
- e_asn1_object_set_display_name (subitem, _("Algorithm Identifier"));
- e_asn1_object_set_display_value (subitem, text);
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
-
- g_free (text);
-
- subitem = e_asn1_object_new ();
- e_asn1_object_set_display_name (subitem, _("Algorithm Parameters"));
- process_raw_bytes (&algID->parameters, &text);
- e_asn1_object_set_display_value (subitem, text);
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
- }
-
- g_free (text);
- *retSequence = sequence;
- return TRUE;
-}
-
-static gboolean
-process_subject_public_key_info (CERTSubjectPublicKeyInfo *spki,
- EASN1Object *parentSequence)
-{
- EASN1Object *spkiSequence = e_asn1_object_new();
- EASN1Object *sequenceItem;
- EASN1Object *printableItem;
- SECItem data;
- char *text;
-
- e_asn1_object_set_display_name (spkiSequence, _("Subject Public Key Info"));
-
- if (!process_sec_algorithm_id (&spki->algorithm, &sequenceItem))
- return FALSE;
-
- e_asn1_object_set_display_name (sequenceItem, _("Subject Public Key Algorithm"));
-
- e_asn1_object_append_child (spkiSequence, sequenceItem);
-
- /* The subjectPublicKey field is encoded as a bit string.
- ProcessRawBytes expects the lenght to be in bytes, so
- let's convert the lenght into a temporary SECItem.
- */
- data.data = spki->subjectPublicKey.data;
- data.len = spki->subjectPublicKey.len / 8;
-
- process_raw_bytes (&data, &text);
- printableItem = e_asn1_object_new ();
-
- e_asn1_object_set_display_value (printableItem, text);
- e_asn1_object_set_display_name (printableItem, _("Subject's Public Key"));
- e_asn1_object_append_child (spkiSequence, printableItem);
- g_object_unref (printableItem);
-
- e_asn1_object_append_child (parentSequence, spkiSequence);
- g_object_unref (spkiSequence);
-
- return TRUE;
-}
-
-static gboolean
-process_ns_cert_type_extensions (SECItem *extData,
- GString *text)
-{
- SECItem decoded;
- unsigned char nsCertType;
-
- decoded.data = NULL;
- decoded.len = 0;
- if (SECSuccess != SEC_ASN1DecodeItem(NULL, &decoded,
- SEC_ASN1_GET(SEC_BitStringTemplate), extData)) {
- g_string_append (text, _("Error: Unable to process extension"));
- return TRUE;
- }
-
- nsCertType = decoded.data[0];
-
- PORT_Free (decoded.data); /* XXX right free? */
-
- if (nsCertType & NS_CERT_TYPE_SSL_CLIENT) {
- g_string_append (text, _("SSL Client Certificate"));
- g_string_append (text, "\n");
- }
- if (nsCertType & NS_CERT_TYPE_SSL_SERVER) {
- g_string_append (text, _("SSL Server Certificate"));
- g_string_append (text, "\n");
- }
- if (nsCertType & NS_CERT_TYPE_EMAIL) {
- g_string_append (text, _("Email"));
- g_string_append (text, "\n");
- }
- if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING) {
- g_string_append (text, _("Object Signer"));
- g_string_append (text, "\n");
- }
- if (nsCertType & NS_CERT_TYPE_SSL_CA) {
- g_string_append (text, _("SSL Certificate Authority"));
- g_string_append (text, "\n");
- }
- if (nsCertType & NS_CERT_TYPE_EMAIL_CA) {
- g_string_append (text, _("Email Certificate Authority"));
- g_string_append (text, "\n");
- }
- if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING_CA) {
- g_string_append (text, _("Object Signer"));
- g_string_append (text, "\n");
- }
- return TRUE;
-}
-
-static gboolean
-process_key_usage_extensions (SECItem *extData, GString *text)
-{
- SECItem decoded;
- unsigned char keyUsage;
-
- decoded.data = NULL;
- decoded.len = 0;
- if (SECSuccess != SEC_ASN1DecodeItem(NULL, &decoded,
- SEC_ASN1_GET(SEC_BitStringTemplate), extData)) {
- g_string_append (text, _("Error: Unable to process extension"));
- return TRUE;
- }
-
- keyUsage = decoded.data[0];
- PORT_Free (decoded.data); /* XXX right free? */
-
- if (keyUsage & KU_DIGITAL_SIGNATURE) {
- g_string_append (text, _("Signing"));
- g_string_append (text, "\n");
- }
- if (keyUsage & KU_NON_REPUDIATION) {
- g_string_append (text, _("Non-repudiation"));
- g_string_append (text, "\n");
- }
- if (keyUsage & KU_KEY_ENCIPHERMENT) {
- g_string_append (text, _("Key Encipherment"));
- g_string_append (text, "\n");
- }
- if (keyUsage & KU_DATA_ENCIPHERMENT) {
- g_string_append (text, _("Data Encipherment"));
- g_string_append (text, "\n");
- }
- if (keyUsage & KU_KEY_AGREEMENT) {
- g_string_append (text, _("Key Agreement"));
- g_string_append (text, "\n");
- }
- if (keyUsage & KU_KEY_CERT_SIGN) {
- g_string_append (text, _("Certificate Signer"));
- g_string_append (text, "\n");
- }
- if (keyUsage & KU_CRL_SIGN) {
- g_string_append (text, _("CRL Signer"));
- g_string_append (text, "\n");
- }
-
- return TRUE;
-}
-
-static gboolean
-process_extension_data (SECOidTag oidTag, SECItem *extData,
- GString *str)
-{
- gboolean rv;
- switch (oidTag) {
- case SEC_OID_NS_CERT_EXT_CERT_TYPE:
- rv = process_ns_cert_type_extensions (extData, str);
- break;
- case SEC_OID_X509_KEY_USAGE:
- rv = process_key_usage_extensions (extData, str);
- break;
- default: {
- char *text;
- rv = process_raw_bytes (extData, &text);
- g_string_append (str, text);
- g_free (text);
- break;
- }
- }
- return rv;
-}
-
-static gboolean
-process_single_extension (CERTCertExtension *extension,
- EASN1Object **retExtension)
-{
- GString *str = g_string_new ("");
- char *text;
- EASN1Object *extensionItem;
- SECOidTag oidTag = SECOID_FindOIDTag(&extension->id);
-
- get_oid_text (&extension->id, &text);
-
- extensionItem = e_asn1_object_new ();
-
- e_asn1_object_set_display_name (extensionItem, text);
- g_free (text);
-
- if (extension->critical.data != NULL) {
- if (extension->critical.data[0]) {
- g_string_append (str, _("Critical"));
- } else {
- g_string_append (str, _("Not Critical"));
- }
- } else {
- g_string_append (str, _("Not Critical"));
- }
- g_string_append (str, "\n");
- if (!process_extension_data (oidTag, &extension->value, str)) {
- g_string_free (str, TRUE);
- return FALSE;
- }
-
- e_asn1_object_set_display_value (extensionItem, str->str);
- g_string_free (str, TRUE);
- *retExtension = extensionItem;
- return TRUE;
-}
-
-static gboolean
-process_extensions (CERTCertExtension **extensions,
- EASN1Object *parentSequence)
-{
- EASN1Object *extensionSequence = e_asn1_object_new ();
- PRInt32 i;
-
- e_asn1_object_set_display_name (extensionSequence, _("Extensions"));
-
- for (i=0; extensions[i] != NULL; i++) {
- EASN1Object *newExtension;
-
- if (!process_single_extension (extensions[i],
- &newExtension))
- return FALSE;
-
- e_asn1_object_append_child (extensionSequence, newExtension);
- }
- e_asn1_object_append_child (parentSequence, extensionSequence);
- return TRUE;
-}
-
-static gboolean
-process_name (CERTName *name, char **value)
-{
- CERTRDN** rdns;
- CERTRDN** rdn;
- CERTAVA** avas;
- CERTAVA* ava;
- SECItem *decodeItem = NULL;
- GString *final_string = g_string_new ("");
-
- char *type;
- GString *avavalue;
- char *temp;
- CERTRDN **lastRdn;
-
- rdns = name->rdns;
-
- lastRdn = rdns;
-
- /* find last RDN */
- lastRdn = rdns;
- while (*lastRdn) lastRdn++;
-
- /* The above whille loop will put us at the last member
- * of the array which is a NULL pointer. So let's back
- * up one spot so that we have the last non-NULL entry in
- * the array in preparation for traversing the
- * RDN's (Relative Distinguished Name) in reverse order.
- */
- lastRdn--;
-
- /*
- * Loop over name contents in _reverse_ RDN order appending to string
- * When building the Ascii string, NSS loops over these entries in
- * reverse order, so I will as well. The difference is that NSS
- * will always place them in a one line string separated by commas,
- * where I want each entry on a single line. I can't just use a comma
- * as my delimitter because it is a valid character to have in the
- * value portion of the AVA and could cause trouble when parsing.
- */
- for (rdn = lastRdn; rdn >= rdns; rdn--) {
- avas = (*rdn)->avas;
- while ((ava = *avas++) != 0) {
- if (!get_oid_text (&ava->type, &type))
- return FALSE;
-
- /* This function returns a string in UTF8 format. */
- decodeItem = CERT_DecodeAVAValue(&ava->value);
- if(!decodeItem) {
- return FALSE;
- }
-
- avavalue = g_string_new_len ((char*)decodeItem->data, decodeItem->len);
-
- SECITEM_FreeItem(decodeItem, PR_TRUE);
-
- temp = g_strdup_printf (_("%s = %s"), type, avavalue->str);
-
- g_string_append (final_string, temp);
- g_string_append (final_string, "\n");
- g_string_free (avavalue, TRUE);
- g_free (temp);
- }
- }
- *value = g_string_free (final_string, FALSE);
- return TRUE;
-}
-
-static gboolean
-create_tbs_certificate_asn1_struct (ECert *cert, EASN1Object **seq)
-{
- /*
- ** TBSCertificate ::= SEQUENCE {
- ** version [0] EXPLICIT Version DEFAULT v1,
- ** serialNumber CertificateSerialNumber,
- ** signature AlgorithmIdentifier,
- ** issuer Name,
- ** validity Validity,
- ** subject Name,
- ** subjectPublicKeyInfo SubjectPublicKeyInfo,
- ** issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- ** -- If present, version shall be v2 or v3
- ** subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- ** -- If present, version shall be v2 or v3
- ** extensions [3] EXPLICIT Extensions OPTIONAL
- ** -- If present, version shall be v3
- ** }
- **
- ** This is the ASN1 structure we should be dealing with at this point.
- ** The code in this method will assert this is the structure we're dealing
- ** and then add more user friendly text for that field.
- */
- EASN1Object *sequence = e_asn1_object_new ();
- char *text;
- EASN1Object *subitem;
- SECItem data;
-
- e_asn1_object_set_display_name (sequence, _("Certificate"));
-
- if (!process_version (&cert->priv->cert->version, &subitem))
- return FALSE;
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
-
- if (!process_serial_number_der (&cert->priv->cert->serialNumber, &subitem))
- return FALSE;
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
-
-
- if (!process_sec_algorithm_id (&cert->priv->cert->signature, &subitem))
- return FALSE;
- e_asn1_object_set_display_name (subitem, _("Certificate Signature Algorithm"));
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
-
- process_name (&cert->priv->cert->issuer, &text);
- subitem = e_asn1_object_new ();
- e_asn1_object_set_display_value (subitem, text);
- g_free (text);
-
- e_asn1_object_set_display_name (subitem, _("Issuer"));
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
-
-#if notyet
- nsCOMPtr<nsIASN1Sequence> validitySequence = new nsNSSASN1Sequence();
- nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpValidity").get(),
- text);
- validitySequence->SetDisplayName(text);
- asn1Objects->AppendElement(validitySequence, PR_FALSE);
- nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpNotBefore").get(),
- text);
- nsCOMPtr<nsIX509CertValidity> validityData;
- GetValidity(getter_AddRefs(validityData));
- PRTime notBefore, notAfter;
-
- validityData->GetNotBefore(&notBefore);
- validityData->GetNotAfter(&notAfter);
- validityData = 0;
- rv = ProcessTime(notBefore, text.get(), validitySequence);
- if (NS_FAILED(rv))
- return rv;
-
- nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpNotAfter").get(),
- text);
- rv = ProcessTime(notAfter, text.get(), validitySequence);
- if (NS_FAILED(rv))
- return rv;
-#endif
-
- subitem = e_asn1_object_new ();
- e_asn1_object_set_display_name (subitem, _("Subject"));
-
- process_name (&cert->priv->cert->subject, &text);
- e_asn1_object_set_display_value (subitem, text);
- g_free (text);
- e_asn1_object_append_child (sequence, subitem);
- g_object_unref (subitem);
-
- if (!process_subject_public_key_info (&cert->priv->cert->subjectPublicKeyInfo, sequence))
- return FALSE;
-
- /* Is there an issuerUniqueID? */
- if (cert->priv->cert->issuerID.data) {
- /* The issuerID is encoded as a bit string.
- The function ProcessRawBytes expects the
- length to be in bytes, so let's convert the
- length in a temporary SECItem
- */
- data.data = cert->priv->cert->issuerID.data;
- data.len = cert->priv->cert->issuerID.len / 8;
-
- subitem = e_asn1_object_new ();
-
- e_asn1_object_set_display_name (subitem, _("Issuer Unique ID"));
- process_raw_bytes (&data, &text);
- e_asn1_object_set_display_value (subitem, text);
- g_free (text);
-
- e_asn1_object_append_child (sequence, subitem);
- }
-
- if (cert->priv->cert->subjectID.data) {
- /* The subjectID is encoded as a bit string.
- The function ProcessRawBytes expects the
- length to be in bytes, so let's convert the
- length in a temporary SECItem
- */
- data.data = cert->priv->cert->issuerID.data;
- data.len = cert->priv->cert->issuerID.len / 8;
-
- subitem = e_asn1_object_new ();
-
- e_asn1_object_set_display_name (subitem, _("Subject Unique ID"));
- process_raw_bytes (&data, &text);
- e_asn1_object_set_display_value (subitem, text);
- g_free (text);
-
- e_asn1_object_append_child (sequence, subitem);
- }
- if (cert->priv->cert->extensions) {
- if (!process_extensions (cert->priv->cert->extensions, sequence))
- return FALSE;
- }
-
- *seq = sequence;
-
- return TRUE;
-}
-
-static gboolean
-create_asn1_struct (ECert *cert)
-{
- EASN1Object *sequence;
- SECItem temp;
- char *text;
-
- cert->priv->asn1 = e_asn1_object_new ();
-
- e_asn1_object_set_display_name (cert->priv->asn1, e_cert_get_window_title (cert));
-
- /* This sequence will be contain the tbsCertificate, signatureAlgorithm,
- and signatureValue. */
-
- if (!create_tbs_certificate_asn1_struct (cert, &sequence))
- return FALSE;
- e_asn1_object_append_child (cert->priv->asn1, sequence);
- g_object_unref (sequence);
-
- if (!process_sec_algorithm_id (&cert->priv->cert->signatureWrap.signatureAlgorithm, &sequence))
- return FALSE;
- e_asn1_object_set_display_name (sequence, _("Certificate Signature Algorithm"));
- e_asn1_object_append_child (cert->priv->asn1, sequence);
- g_object_unref (sequence);
-
- sequence = e_asn1_object_new ();
- e_asn1_object_set_display_name (sequence, _("Certificate Signature Value"));
-
- /* The signatureWrap is encoded as a bit string.
- The function ProcessRawBytes expects the
- length to be in bytes, so let's convert the
- length in a temporary SECItem */
- temp.data = cert->priv->cert->signatureWrap.signature.data;
- temp.len = cert->priv->cert->signatureWrap.signature.len / 8;
- process_raw_bytes (&temp, &text);
- e_asn1_object_set_display_value (sequence, text);
- e_asn1_object_append_child (cert->priv->asn1, sequence);
- g_free (text);
-
- return TRUE;
-}
-
-EASN1Object*
-e_cert_get_asn1_struct (ECert *cert)
-{
- if (!cert->priv->asn1)
- create_asn1_struct (cert);
-
- return g_object_ref (cert->priv->asn1);
-}
-
-gboolean
-e_cert_mark_for_deletion (ECert *cert)
-{
- // nsNSSShutDownPreventionLock locker;
-
-#if 0
- // make sure user is logged in to the token
- nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
-#endif
-
- if (PK11_NeedLogin(cert->priv->cert->slot)
- && !PK11_NeedUserInit(cert->priv->cert->slot)
- && !PK11_IsInternal(cert->priv->cert->slot)) {
- if (SECSuccess != PK11_Authenticate(cert->priv->cert->slot, PR_TRUE, NULL)) {
- return FALSE;
- }
- }
-
- cert->priv->delete = TRUE;
-
- return TRUE;
-}
-
-ECertType
-e_cert_get_cert_type (ECert *ecert)
-{
- const char *nick = e_cert_get_nickname (ecert);
- const char *email = e_cert_get_email (ecert);
- CERTCertificate *cert = ecert->priv->cert;
-
- if (nick) {
- if (e_cert_trust_has_any_user (cert->trust))
- return E_CERT_USER;
- if (e_cert_trust_has_any_ca (cert->trust)
- || CERT_IsCACert(cert,NULL))
- return E_CERT_CA;
- if (e_cert_trust_has_peer (cert->trust, PR_TRUE, PR_FALSE, PR_FALSE))
- return E_CERT_SITE;
- }
- if (email && e_cert_trust_has_peer (cert->trust, PR_FALSE, PR_TRUE, PR_FALSE))
- return E_CERT_CONTACT;
-
- return E_CERT_UNKNOWN;
-}
diff --git a/smime/lib/e-cert.h b/smime/lib/e-cert.h
deleted file mode 100644
index 243ce1539b..0000000000
--- a/smime/lib/e-cert.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
-/*
- * Authors: Chris Toshok <toshok@ximian.com>
- *
- * Copyright (C) 2003 Ximian, Inc. (www.ximian.com)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
- *
- */
-
-#ifndef _E_CERT_H_
-#define _E_CERT_H_
-
-#include <glib-object.h>
-#include <cert.h>
-#include "e-asn1-object.h"
-
-#define E_TYPE_CERT (e_cert_get_type ())
-#define E_CERT(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_CERT, ECert))
-#define E_CERT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_CERT, ECertClass))
-#define E_IS_CERT(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_CERT))
-#define E_IS_CERT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_CERT))
-#define E_CERT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_CERT, ECertClass))
-
-typedef struct _ECert ECert;
-typedef struct _ECertClass ECertClass;
-typedef struct _ECertPrivate ECertPrivate;
-
-typedef enum {
- E_CERT_CA,
- E_CERT_CONTACT,
- E_CERT_SITE,
- E_CERT_USER,
- E_CERT_UNKNOWN
-} ECertType;
-
-struct _ECert {
- GObject parent;
-
- ECertPrivate *priv;
-};
-
-struct _ECertClass {
- GObjectClass parent_class;
-
- /* Padding for future expansion */
- void (*_ecert_reserved0) (void);
- void (*_ecert_reserved1) (void);
- void (*_ecert_reserved2) (void);
- void (*_ecert_reserved3) (void);
- void (*_ecert_reserved4) (void);
-};
-
-GType e_cert_get_type (void);
-
-ECert* e_cert_new (CERTCertificate *cert);
-ECert* e_cert_new_from_der (char *data, guint32 len);
-
-CERTCertificate* e_cert_get_internal_cert (ECert *cert);
-
-gboolean e_cert_get_raw_der (ECert *cert, char **data, guint32 *len);
-const char* e_cert_get_window_title (ECert *cert);
-const char* e_cert_get_nickname (ECert *cert);
-const char* e_cert_get_email (ECert *cert);
-const char* e_cert_get_org (ECert *cert);
-const char* e_cert_get_org_unit (ECert *cert);
-const char* e_cert_get_cn (ECert *cert);
-const char* e_cert_get_subject_name (ECert *cert);
-
-const char* e_cert_get_issuer_name (ECert *cert);
-const char* e_cert_get_issuer_cn (ECert *cert);
-const char* e_cert_get_issuer_org (ECert *cert);
-const char* e_cert_get_issuer_org_unit (ECert *cert);
-
-PRTime e_cert_get_issued_on_time (ECert *cert);
-const char* e_cert_get_issued_on (ECert *cert);
-PRTime e_cert_get_expires_on_time (ECert *cert);
-const char* e_cert_get_expires_on (ECert *cert);
-
-const char* e_cert_get_serial_number (ECert *cert);
-const char* e_cert_get_sha1_fingerprint (ECert *cert);
-const char* e_cert_get_md5_fingerprint (ECert *cert);
-
-GList* e_cert_get_chain (ECert *cert);
-EASN1Object* e_cert_get_asn1_struct (ECert *cert);
-
-gboolean e_cert_mark_for_deletion (ECert *cert);
-
-ECertType e_cert_get_cert_type (ECert *cert);
-
-#endif /* _E_CERT_H_ */
diff --git a/smime/lib/e-pkcs12.c b/smime/lib/e-pkcs12.c
deleted file mode 100644
index 3092944196..0000000000
--- a/smime/lib/e-pkcs12.c
+++ /dev/null
@@ -1,452 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
-/* e-pkcs12.c
- *
- * Copyright (C) 2003 Ximian, Inc.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public
- * License along with this program; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * Author: Chris Toshok (toshok@ximian.com)
- */
-
-/* The following is the mozilla license blurb, as the bodies some of
- these functions were derived from the mozilla source. */
-
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- */
-
-#include <gtk/gtk.h>
-#include <libgnome/gnome-i18n.h>
-
-#include <time.h>
-#include <fcntl.h>
-#include <unistd.h>
-
-#include "e-util/e-passwords.h"
-#include "e-pkcs12.h"
-
-#include "prmem.h"
-#include "nss.h"
-#include "pkcs12.h"
-#include "p12plcy.h"
-#include "pk11func.h"
-#include "secerr.h"
-
-struct _EPKCS12Private {
- int tmp_fd;
- char *tmp_path;
-};
-
-#define PARENT_TYPE G_TYPE_OBJECT
-static GObjectClass *parent_class;
-
-// static callback functions for the NSS PKCS#12 library
-static SECItem * PR_CALLBACK nickname_collision(SECItem *, PRBool *, void *);
-static void PR_CALLBACK write_export_file(void *arg, const char *buf, unsigned long len);
-
-static gboolean handle_error(int myerr);
-
-#define PKCS12_TMPFILENAME ".p12tmp"
-#define PKCS12_BUFFER_SIZE 2048
-#define PKCS12_RESTORE_OK 1
-#define PKCS12_BACKUP_OK 2
-#define PKCS12_USER_CANCELED 3
-#define PKCS12_NOSMARTCARD_EXPORT 4
-#define PKCS12_RESTORE_FAILED 5
-#define PKCS12_BACKUP_FAILED 6
-#define PKCS12_NSS_ERROR 7
-
-static void
-e_pkcs12_dispose (GObject *object)
-{
- EPKCS12 *pk = E_PKCS12 (object);
-
- if (!pk->priv)
- return;
-
- /* XXX free instance private foo */
-
- g_free (pk->priv);
- pk->priv = NULL;
-
- if (G_OBJECT_CLASS (parent_class)->dispose)
- G_OBJECT_CLASS (parent_class)->dispose (object);
-}
-
-static void
-e_pkcs12_class_init (EPKCS12Class *klass)
-{
- GObjectClass *object_class;
-
- object_class = G_OBJECT_CLASS(klass);
-
- parent_class = g_type_class_ref (PARENT_TYPE);
-
- object_class->dispose = e_pkcs12_dispose;
-}
-
-static void
-e_pkcs12_init (EPKCS12 *ec)
-{
- ec->priv = g_new0 (EPKCS12Private, 1);
-}
-
-GType
-e_pkcs12_get_type (void)
-{
- static GType pkcs12_type = 0;
-
- if (!pkcs12_type) {
- static const GTypeInfo pkcs12_info = {
- sizeof (EPKCS12Class),
- NULL, /* base_init */
- NULL, /* base_finalize */
- (GClassInitFunc) e_pkcs12_class_init,
- NULL, /* class_finalize */
- NULL, /* class_data */
- sizeof (EPKCS12),
- 0, /* n_preallocs */
- (GInstanceInitFunc) e_pkcs12_init,
- };
-
- pkcs12_type = g_type_register_static (PARENT_TYPE, "EPKCS12", &pkcs12_info, 0);
- }
-
- return pkcs12_type;
-}
-
-
-
-EPKCS12*
-e_pkcs12_new (void)
-{
- EPKCS12 *pk = E_PKCS12 (g_object_new (E_TYPE_PKCS12, NULL));
-
- return pk;
-}
-
-static gboolean
-input_to_decoder (SEC_PKCS12DecoderContext *dcx, const char *path, GError **error)
-{
- /* nsNSSShutDownPreventionLock locker; */
- SECStatus srv;
- int amount;
- char buf[PKCS12_BUFFER_SIZE];
- FILE *fp;
-
- /* open path */
- fp = fopen (path, "r");
- if (!fp) {
- /* XXX gerror */
- printf ("couldn't open `%s'\n", path);
- return FALSE;
- }
-
- while (TRUE) {
- amount = fread (buf, 1, sizeof (buf), fp);
- if (amount < 0) {
- printf ("got -1 fread\n");
- fclose (fp);
- return FALSE;
- }
- /* feed the file data into the decoder */
- srv = SEC_PKCS12DecoderUpdate(dcx,
- (unsigned char*) buf,
- amount);
- if (srv) {
- /* don't allow the close call to overwrite our precious error code */
- /* XXX g_error */
- int pr_err = PORT_GetError();
- PORT_SetError(pr_err);
- printf ("SEC_PKCS12DecoderUpdate returned %d\n", srv);
- fclose (fp);
- return FALSE;
- }
- if (amount < PKCS12_BUFFER_SIZE)
- break;
- }
- fclose (fp);
- return TRUE;
-}
-
-static gboolean
-prompt_for_password (char *title, char *prompt, SECItem *pwd)
-{
- char *passwd;
-
- passwd = e_passwords_ask_password (title, NULL, NULL, prompt, TRUE,
- E_PASSWORDS_DO_NOT_REMEMBER, NULL,
- NULL);
-
- if (passwd) {
- SECITEM_AllocItem(NULL, pwd, PL_strlen (passwd));
- memcpy (pwd->data, passwd, strlen (passwd));
- g_free (passwd);
- }
-
- return TRUE;
-}
-
-static gboolean
-import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry, GError **error)
-{
- /*nsNSSShutDownPreventionLock locker; */
- gboolean rv = TRUE;
- SECStatus srv = SECSuccess;
- SEC_PKCS12DecoderContext *dcx = NULL;
- SECItem passwd;
- GError *err = NULL;
- PK11SlotInfo *slot = PK11_GetInternalKeySlot (); /* XXX toshok - we
- hardcode this
- here */
- *aWantRetry = FALSE;
-
-
- passwd.data = NULL;
- rv = prompt_for_password (_("PKCS12 File Password"), _("Enter password for PKCS12 file:"), &passwd);
- if (!rv) goto finish;
- if (passwd.data == NULL) {
- handle_error (PKCS12_USER_CANCELED);
- return TRUE;
- }
-
-#if notyet
- /* XXX we don't need this block as long as we hardcode the
- slot above */
- nsXPIDLString tokenName;
- nsXPIDLCString tokenNameCString;
- const char *tokNameRef;
-
-
- mToken->GetTokenName (getter_Copies(tokenName));
- tokenNameCString.Adopt (ToNewUTF8String(tokenName));
- tokNameRef = tokenNameCString; /* I do this here so that the
- NS_CONST_CAST below doesn't
- break the build on Win32 */
-
- slot = PK11_FindSlotByName (NS_CONST_CAST(char*,tokNameRef));
- if (!slot) {
- srv = SECFailure;
- goto finish;
- }
-#endif
-
- /* initialize the decoder */
- dcx = SEC_PKCS12DecoderStart (&passwd, slot, NULL,
- NULL, NULL,
- NULL, NULL,
- pkcs12);
- if (!dcx) {
- srv = SECFailure;
- goto finish;
- }
- /* read input file and feed it to the decoder */
- rv = input_to_decoder (dcx, path, &err);
- if (!rv) {
-#if notyet
- /* XXX we need this to check the gerror */
- if (NS_ERROR_ABORT == rv) {
- // inputToDecoder indicated a NSS error
- srv = SECFailure;
- }
-#endif
- goto finish;
- }
-
- /* verify the blob */
- srv = SEC_PKCS12DecoderVerify (dcx);
- if (srv) { printf ("decoderverify failed\n"); goto finish; }
- /* validate bags */
- srv = SEC_PKCS12DecoderValidateBags (dcx, nickname_collision);
- if (srv) { printf ("decodervalidatebags failed\n"); goto finish; }
- /* import cert and key */
- srv = SEC_PKCS12DecoderImportBags (dcx);
- if (srv) { printf ("decoderimportbags failed\n"); goto finish; }
- /* Later - check to see if this should become default email cert */
- handle_error (PKCS12_RESTORE_OK);
- finish:
- /* If srv != SECSuccess, NSS probably set a specific error code.
- We should use that error code instead of inventing a new one
- for every error possible. */
- if (srv != SECSuccess) {
- printf ("srv != SECSuccess\n");
- if (SEC_ERROR_BAD_PASSWORD == PORT_GetError()) {
- printf ("BAD PASSWORD\n");
- *aWantRetry = TRUE;
- }
- handle_error(PKCS12_NSS_ERROR);
- } else if (!rv) {
- handle_error(PKCS12_RESTORE_FAILED);
- }
- if (slot)
- PK11_FreeSlot(slot);
- // finish the decoder
- if (dcx)
- SEC_PKCS12DecoderFinish(dcx);
- return TRUE;
-}
-
-gboolean
-e_pkcs12_import_from_file (EPKCS12 *pkcs12, const char *path, GError **error)
-{
- /*nsNSSShutDownPreventionLock locker;*/
- gboolean rv = TRUE;
- gboolean wantRetry;
-
-
-#if 0
- /* XXX we don't use tokens yet */
- if (!mToken) {
- if (!mTokenSet) {
- rv = SetToken(NULL); // Ask the user to pick a slot
- if (NS_FAILED(rv)) {
- handle_error(PKCS12_USER_CANCELED);
- return rv;
- }
- }
- }
-
- if (!mToken) {
- handle_error(PKCS12_RESTORE_FAILED);
- return NS_ERROR_NOT_AVAILABLE;
- }
-
- /* init slot */
- rv = mToken->Login(PR_TRUE);
- if (NS_FAILED(rv)) return rv;
-#endif
-
- do {
- rv = import_from_file_helper (pkcs12, path, &wantRetry, error);
- } while (rv && wantRetry);
-
- return rv;
-}
-
-gboolean
-e_pkcs12_export_to_file (EPKCS12 *pkcs12, const char *path, GList *certs, GError **error)
-{
-}
-
-/* what to do when the nickname collides with one already in the db.
- TODO: not handled, throw a dialog allowing the nick to be changed? */
-static SECItem * PR_CALLBACK
-nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
-{
- /* nsNSSShutDownPreventionLock locker; */
- int count = 1;
- char *nickname = NULL;
- char *default_nickname = _("Imported Certificate");
- SECItem *new_nick;
-
- *cancel = PR_FALSE;
- printf ("nickname_collision\n");
-
- /* The user is trying to import a PKCS#12 file that doesn't have the
- attribute we use to set the nickname. So in order to reduce the
- number of interactions we require with the user, we'll build a nickname
- for the user. The nickname isn't prominently displayed in the UI,
- so it's OK if we generate one on our own here.
- XXX If the NSS API were smarter and actually passed a pointer to
- the CERTCertificate* we're importing we could actually just
- call default_nickname (which is what the issuance code path
- does) and come up with a reasonable nickname. Alas, the NSS
- API limits our ability to produce a useful nickname without
- bugging the user. :(
- */
- while (1) {
- CERTCertificate *cert;
-
- /* If we've gotten this far, that means there isn't a certificate
- in the database that has the same subject name as the cert we're
- trying to import. So we need to come up with a "nickname" to
- satisfy the NSS requirement or fail in trying to import.
- Basically we use a default nickname from a properties file and
- see if a certificate exists with that nickname. If there isn't, then
- create update the count by one and append the string '#1' Or
- whatever the count currently is, and look for a cert with
- that nickname. Keep updating the count until we find a nickname
- without a corresponding cert.
- XXX If a user imports *many* certs without the 'friendly name'
- attribute, then this may take a long time. :(
- */
- if (count > 1) {
- g_free (nickname);
- nickname = g_strdup_printf ("%s #%d", default_nickname, count);
- } else {
- g_free (nickname);
- nickname = g_strdup (default_nickname);
- }
- cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
- nickname);
- if (!cert) {
- break;
- }
- CERT_DestroyCertificate(cert);
- count++;
- }
-
- new_nick = PR_Malloc (sizeof (SECItem));
- new_nick->type = siAsciiString;
- new_nick->data = nickname;
- new_nick->len = strlen((char*)new_nick->data);
- return new_nick;
-}
-
-/* write bytes to the exported PKCS#12 file */
-static void PR_CALLBACK
-write_export_file(void *arg, const char *buf, unsigned long len)
-{
- EPKCS12 *pkcs12 = E_PKCS12 (arg);
- EPKCS12Private *priv = pkcs12->priv;
-
- printf ("write_export_file\n");
-
- write (priv->tmp_fd, buf, len);
-}
-
-static gboolean
-handle_error(int myerr)
-{
- printf ("handle_error (%d)\n", myerr);
-}
diff --git a/smime/lib/e-pkcs12.h b/smime/lib/e-pkcs12.h
deleted file mode 100644
index e6616aa85c..0000000000
--- a/smime/lib/e-pkcs12.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
-/*
- * Authors: Chris Toshok <toshok@ximian.com>
- *
- * Copyright (C) 2003 Ximian, Inc. (www.ximian.com)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
- *
- */
-
-#ifndef _E_PKCS12_H_
-#define _E_PKCS12_H_
-
-#include <glib-object.h>
-
-#define E_TYPE_PKCS12 (e_pkcs12_get_type ())
-#define E_PKCS12(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_PKCS12, EPKCS12))
-#define E_PKCS12_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_PKCS12, EPKCS12Class))
-#define E_IS_PKCS12(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_PKCS12))
-#define E_IS_PKCS12_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_PKCS12))
-#define E_PKCS12_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_PKCS12, EPKCS12Class))
-
-typedef struct _EPKCS12 EPKCS12;
-typedef struct _EPKCS12Class EPKCS12Class;
-typedef struct _EPKCS12Private EPKCS12Private;
-
-struct _EPKCS12 {
- GObject parent;
-
- EPKCS12Private *priv;
-};
-
-struct _EPKCS12Class {
- GObjectClass parent_class;
-
- /* Padding for future expansion */
- void (*_epkcs12_reserved0) (void);
- void (*_epkcs12_reserved1) (void);
- void (*_epkcs12_reserved2) (void);
- void (*_epkcs12_reserved3) (void);
- void (*_epkcs12_reserved4) (void);
-};
-
-GType e_pkcs12_get_type (void);
-
-EPKCS12* e_pkcs12_new (void);
-
-
-#if 0
-/* XXX we're not going to support additional slots in the initial ssl
- stuff, so we just always default to the internal token (and thus
- don't need this function yet. */
-gboolean e_pkcs12_set_token (void);
-#endif
-
-gboolean e_pkcs12_import_from_file (EPKCS12 *pkcs12, const char *path, GError **error);
-gboolean e_pkcs12_export_to_file (EPKCS12 *pkcs12, const char *path, GList *certs, GError **error);
-
-#endif /* _E_CERT_H_ */