diff options
Diffstat (limited to 'smime/lib')
-rw-r--r-- | smime/lib/.cvsignore | 3 | ||||
-rw-r--r-- | smime/lib/Makefile.am | 28 | ||||
-rw-r--r-- | smime/lib/e-asn1-object.c | 393 | ||||
-rw-r--r-- | smime/lib/e-asn1-object.h | 105 | ||||
-rw-r--r-- | smime/lib/e-cert-db.c | 1077 | ||||
-rw-r--r-- | smime/lib/e-cert-db.h | 128 | ||||
-rw-r--r-- | smime/lib/e-cert-trust.c | 418 | ||||
-rw-r--r-- | smime/lib/e-cert-trust.h | 86 | ||||
-rw-r--r-- | smime/lib/e-cert.c | 1227 | ||||
-rw-r--r-- | smime/lib/e-cert.h | 103 | ||||
-rw-r--r-- | smime/lib/e-pkcs12.c | 452 | ||||
-rw-r--r-- | smime/lib/e-pkcs12.h | 71 |
12 files changed, 0 insertions, 4091 deletions
diff --git a/smime/lib/.cvsignore b/smime/lib/.cvsignore deleted file mode 100644 index 74b73492ca..0000000000 --- a/smime/lib/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -Makefile -Makefile.in -*.la diff --git a/smime/lib/Makefile.am b/smime/lib/Makefile.am deleted file mode 100644 index f534fd01f3..0000000000 --- a/smime/lib/Makefile.am +++ /dev/null @@ -1,28 +0,0 @@ -INCLUDES = \ - -DG_LOG_DOMAIN=\"evolution-smime\" \ - -I$(top_srcdir) \ - -I$(top_srcdir)/shell \ - -I$(top_builddir) \ - -DEVOLUTION_DATADIR=\""$(datadir)"\" \ - -DEVOLUTION_GLADEDIR=\""$(gladedir)"\" \ - -DEVOLUTION_ETSPECDIR=\""$(etspecdir)"\" \ - -DEVOLUTION_IMAGESDIR=\""$(imagesdir)"\" \ - -DEVOLUTION_LOCALEDIR=\""$(localedir)"\" \ - -DEVOLUTION_UIDIR=\""$(evolutionuidir)"\" \ - -DPREFIX=\""$(prefix)"\" \ - $(EVOLUTION_ADDRESSBOOK_CFLAGS) \ - $(CERT_UI_CFLAGS) - -noinst_LTLIBRARIES = libessmime.la - -libessmime_la_SOURCES = \ - e-asn1-object.c \ - e-asn1-object.h \ - e-cert.c \ - e-cert.h \ - e-cert-trust.c \ - e-cert-trust.h \ - e-cert-db.c \ - e-cert-db.h \ - e-pkcs12.c \ - e-pkcs12.h diff --git a/smime/lib/e-asn1-object.c b/smime/lib/e-asn1-object.c deleted file mode 100644 index b7528dcd22..0000000000 --- a/smime/lib/e-asn1-object.c +++ /dev/null @@ -1,393 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* e-cert.c - * - * Copyright (C) 2003 Ximian, Inc. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: Chris Toshok (toshok@ximian.com) - */ - -/* The following is the mozilla license blurb, as the bodies some of - these functions were derived from the mozilla source. */ - -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - */ - -#include "e-asn1-object.h" - -#include "secasn1.h" - -struct _EASN1ObjectPrivate { - PRUint32 tag; - PRUint32 type; - gboolean valid_container; - - GList *children; - - char *display_name; - char *value; - - char *data; - guint data_len; -}; - -#define PARENT_TYPE G_TYPE_OBJECT -static GObjectClass *parent_class; - -static void -e_asn1_object_dispose (GObject *object) -{ - EASN1Object *obj = E_ASN1_OBJECT (object); - if (obj->priv) { - - if (obj->priv->display_name) - g_free (obj->priv->display_name); - - if (obj->priv->value) - g_free (obj->priv->value); - - g_list_foreach (obj->priv->children, (GFunc)g_object_unref, NULL); - g_list_free (obj->priv->children); - - g_free (obj->priv); - obj->priv = NULL; - } -} - -static void -e_asn1_object_class_init (EASN1ObjectClass *klass) -{ - GObjectClass *object_class; - - object_class = G_OBJECT_CLASS(klass); - - parent_class = g_type_class_ref (PARENT_TYPE); - - object_class->dispose = e_asn1_object_dispose; -} - -static void -e_asn1_object_init (EASN1Object *asn1) -{ - asn1->priv = g_new0 (EASN1ObjectPrivate, 1); - - asn1->priv->valid_container = TRUE; -} - -GType -e_asn1_object_get_type (void) -{ - static GType asn1_object_type = 0; - - if (!asn1_object_type) { - static const GTypeInfo asn1_object_info = { - sizeof (EASN1ObjectClass), - NULL, /* base_init */ - NULL, /* base_finalize */ - (GClassInitFunc) e_asn1_object_class_init, - NULL, /* class_finalize */ - NULL, /* class_data */ - sizeof (EASN1Object), - 0, /* n_preallocs */ - (GInstanceInitFunc) e_asn1_object_init, - }; - - asn1_object_type = g_type_register_static (PARENT_TYPE, "EASN1Object", &asn1_object_info, 0); - } - - return asn1_object_type; -} - - -/* This function is used to interpret an integer that - was encoded in a DER buffer. This function is used - when converting a DER buffer into a nsIASN1Object - structure. This interprets the buffer in data - as defined by the DER (Distinguised Encoding Rules) of - ASN1. -*/ -static int -get_integer_256 (unsigned char *data, unsigned int nb) -{ - int val; - - switch (nb) { - case 1: - val = data[0]; - break; - case 2: - val = (data[0] << 8) | data[1]; - break; - case 3: - val = (data[0] << 16) | (data[1] << 8) | data[2]; - break; - case 4: - val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; - break; - default: - return -1; - } - - return val; -} - -/* This function is used to retrieve the lenght of a DER encoded - item. It looks to see if this a multibyte length and then - interprets the buffer accordingly to get the actual length value. - This funciton is used mostly while parsing the DER headers. - - A DER encoded item has the following structure: - - <tag><length<data consisting of lenght bytes> -*/ -static guint32 -get_der_item_length (unsigned char *data, unsigned char *end, - unsigned long *bytesUsed, gboolean *indefinite) -{ - unsigned char lbyte = *data++; - PRInt32 length = -1; - - *indefinite = FALSE; - if (lbyte >= 0x80) { - /* Multibyte length */ - unsigned nb = (unsigned) (lbyte & 0x7f); - if (nb > 4) { - return -1; - } - if (nb > 0) { - - if ((data+nb) > end) { - return -1; - } - length = get_integer_256 (data, nb); - if (length < 0) - return -1; - } else { - *indefinite = TRUE; - length = 0; - } - *bytesUsed = nb+1; - } else { - length = lbyte; - *bytesUsed = 1; - } - return length; -} - -static gboolean -build_from_der (EASN1Object *parent, char *data, char *end) -{ - unsigned long bytesUsed; - gboolean indefinite; - PRInt32 len; - PRUint32 type; - unsigned char code, tagnum; - EASN1Object *asn1object; - - if (data >= end) - return TRUE; - - /* - A DER item has the form of |tag|len|data - tag is one byte and describes the type of elment - we are dealing with. - len is a DER encoded int telling us how long the data is - data is a buffer that is len bytes long and has to be - interpreted according to its type. - */ - - while (data < end) { - code = *data; - tagnum = code & SEC_ASN1_TAGNUM_MASK; - - /* - * NOTE: This code does not (yet) handle the high-tag-number form! - */ - if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) { - return FALSE; - } - data++; - len = get_der_item_length (data, end, &bytesUsed, &indefinite); - data += bytesUsed; - if ((len < 0) || ((data+len) > end)) - return FALSE; - - if (code & SEC_ASN1_CONSTRUCTED) { - if (len > 0 || indefinite) { - switch (code & SEC_ASN1_CLASS_MASK) { - case SEC_ASN1_UNIVERSAL: - type = tagnum; - break; - case SEC_ASN1_APPLICATION: - type = E_ASN1_OBJECT_TYPE_APPLICATION; - break; - case SEC_ASN1_CONTEXT_SPECIFIC: - type = E_ASN1_OBJECT_TYPE_CONTEXT_SPECIFIC; - break; - case SEC_ASN1_PRIVATE: - type = E_ASN1_OBJECT_TYPE_PRIVATE; - break; - default: - g_warning ("bad DER"); - return FALSE; - } - - asn1object = e_asn1_object_new (); - asn1object->priv->tag = tagnum; - asn1object->priv->type = type; - - if (!build_from_der (asn1object, data, (len == 0) ? end : data + len)) { - g_object_unref (asn1object); - return FALSE; - } - } - } else { - asn1object = e_asn1_object_new (); - - asn1object->priv->type = tagnum; - asn1object->priv->tag = tagnum; - - /*printableItem->SetData((char*)data, len);*/ - } - data += len; - - parent->priv->children = g_list_append (parent->priv->children, asn1object); - } - - return TRUE; -} - -EASN1Object* -e_asn1_object_new_from_der (char *data, guint32 len) -{ - EASN1Object *obj = g_object_new (E_TYPE_ASN1_OBJECT, NULL); - - if (!build_from_der (obj, data, data + len)) { - g_object_unref (obj); - return NULL; - } - - return obj; -} - -EASN1Object* -e_asn1_object_new (void) -{ - return E_ASN1_OBJECT (g_object_new (E_TYPE_ASN1_OBJECT, NULL)); -} - - -void -e_asn1_object_set_valid_container (EASN1Object *obj, gboolean flag) -{ - obj->priv->valid_container = flag; -} - -gboolean -e_asn1_object_is_valid_container (EASN1Object *obj) -{ - return obj->priv->valid_container; -} - -PRUint32 -e_asn1_object_get_asn1_type (EASN1Object *obj) -{ - return obj->priv->type; -} - -PRUint32 -e_asn1_object_get_asn1_tag (EASN1Object *obj) -{ - return obj->priv->tag; -} - -GList* -e_asn1_object_get_children (EASN1Object *obj) -{ - GList *children = g_list_copy (obj->priv->children); - - g_list_foreach (children, (GFunc)g_object_ref, NULL); - - return children; -} - -void -e_asn1_object_append_child (EASN1Object *parent, EASN1Object *child) -{ - parent->priv->children = g_list_append (parent->priv->children, g_object_ref (child)); -} - -void -e_asn1_object_set_display_name (EASN1Object *obj, const char *name) -{ - g_free (obj->priv->display_name); - obj->priv->display_name = g_strdup (name); -} - -const char* -e_asn1_object_get_display_name (EASN1Object *obj) -{ - return obj->priv->display_name; -} - -void -e_asn1_object_set_display_value (EASN1Object *obj, const char *value) -{ - g_free (obj->priv->value); - obj->priv->value = g_strdup (value); -} - -const char* -e_asn1_object_get_display_value (EASN1Object *obj) -{ - return obj->priv->value; -} - -void -e_asn1_object_get_data (EASN1Object *obj, char **data, guint32 *len) -{ - *data = obj->priv->data; - *len = obj->priv->data_len; -} diff --git a/smime/lib/e-asn1-object.h b/smime/lib/e-asn1-object.h deleted file mode 100644 index 76e2530fcc..0000000000 --- a/smime/lib/e-asn1-object.h +++ /dev/null @@ -1,105 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok <toshok@ximian.com> - * - * Copyright (C) 2003 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _E_ASN1_OBJECT_H_ -#define _E_ASN1_OBJECT_H_ - -#include <glib-object.h> - -#include <nspr.h> - -#define E_TYPE_ASN1_OBJECT (e_asn1_object_get_type ()) -#define E_ASN1_OBJECT(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_ASN1_OBJECT, EASN1Object)) -#define E_ASN1_OBJECT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_ASN1_OBJECT, EASN1ObjectClass)) -#define E_IS_ASN1_OBJECT(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_ASN1_OBJECT)) -#define E_IS_ASN1_OBJECT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_ASN1_OBJECT)) -#define E_ASN1_OBJECT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_ASN1_OBJECT, EASN1ObjectClass)) - -typedef struct _EASN1Object EASN1Object; -typedef struct _EASN1ObjectClass EASN1ObjectClass; -typedef struct _EASN1ObjectPrivate EASN1ObjectPrivate; - -enum { - /* - * Identifiers for the possible types of object. - */ - E_ASN1_OBJECT_TYPE_END_CONTENTS = 0, - E_ASN1_OBJECT_TYPE_BOOLEAN = 1, - E_ASN1_OBJECT_TYPE_INTEGER = 2, - E_ASN1_OBJECT_TYPE_BIT_STRING = 3, - E_ASN1_OBJECT_TYPE_OCTET_STRING = 4, - E_ASN1_OBJECT_TYPE_NULL = 5, - E_ASN1_OBJECT_TYPE_OBJECT_ID = 6, - E_ASN1_OBJECT_TYPE_ENUMERATED = 10, - E_ASN1_OBJECT_TYPE_UTF8_STRING = 12, - E_ASN1_OBJECT_TYPE_SEQUENCE = 16, - E_ASN1_OBJECT_TYPE_SET = 17, - E_ASN1_OBJECT_TYPE_PRINTABLE_STRING = 19, - E_ASN1_OBJECT_TYPE_T61_STRING = 20, - E_ASN1_OBJECT_TYPE_IA5_STRING = 22, - E_ASN1_OBJECT_TYPE_UTC_TIME = 23, - E_ASN1_OBJECT_TYPE_GEN_TIME = 24, - E_ASN1_OBJECT_TYPE_VISIBLE_STRING = 26, - E_ASN1_OBJECT_TYPE_UNIVERSAL_STRING = 28, - E_ASN1_OBJECT_TYPE_BMP_STRING = 30, - E_ASN1_OBJECT_TYPE_HIGH_TAG_NUMBER = 31, - E_ASN1_OBJECT_TYPE_CONTEXT_SPECIFIC = 32, - E_ASN1_OBJECT_TYPE_APPLICATION = 33, - E_ASN1_OBJECT_TYPE_PRIVATE = 34, -}; - -struct _EASN1Object { - GObject parent; - - EASN1ObjectPrivate *priv; -}; - -struct _EASN1ObjectClass { - GObjectClass parent_class; - - /* Padding for future expansion */ - void (*_ecert_reserved0) (void); - void (*_ecert_reserved1) (void); - void (*_ecert_reserved2) (void); - void (*_ecert_reserved3) (void); - void (*_ecert_reserved4) (void); -}; - -EASN1Object *e_asn1_object_new_from_der (char *data, guint32 len); -EASN1Object *e_asn1_object_new (void); - -void e_asn1_object_set_valid_container (EASN1Object *obj, gboolean flag); -gboolean e_asn1_object_is_valid_container (EASN1Object *obj); -PRUint32 e_asn1_object_get_asn1_type (EASN1Object *obj); -PRUint32 e_asn1_object_get_asn1_tag (EASN1Object *obj); -GList *e_asn1_object_get_children (EASN1Object *obj); -void e_asn1_object_append_child (EASN1Object *parent, EASN1Object *child); -void e_asn1_object_set_display_name (EASN1Object *obj, const char *name); -const char *e_asn1_object_get_display_name (EASN1Object *obj); -void e_asn1_object_set_display_value (EASN1Object *obj, const char *value); -const char *e_asn1_object_get_display_value (EASN1Object *obj); - -void e_asn1_object_get_data (EASN1Object *obj, char **data, guint32 *len); - -GType e_asn1_object_get_type (void); - -#endif /* _E_ASN1_OBJECT_H_ */ diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c deleted file mode 100644 index 5acdf4e847..0000000000 --- a/smime/lib/e-cert-db.c +++ /dev/null @@ -1,1077 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* e-cert-db.c - * - * Copyright (C) 2003 Ximian, Inc. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: Chris Toshok (toshok@ximian.com) - */ - -/* The following is the mozilla license blurb, as the bodies of most - of these functions were derived from the mozilla source. */ - -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - */ - -/* XXX toshok why oh *why* god WHY did they do this? no fucking - sense */ -/* private NSS defines used by PSM */ -/* (must be declated before cert.h) */ -#define CERT_NewTempCertificate __CERT_NewTempCertificate -#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm - -#include "e-cert-db.h" -#include "e-cert-trust.h" - -#include "gmodule.h" - -#include "nss.h" -#include "pk11func.h" -#include "secmod.h" -#include "certdb.h" -#include "plstr.h" -#include "prprf.h" -#include "prmem.h" -#include "e-util/e-dialog-utils.h" -#include <gtk/gtkmessagedialog.h> -#include <libgnome/gnome-i18n.h> -#include <fcntl.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <unistd.h> - -struct _ECertDBPrivate { -}; - -#define PARENT_TYPE G_TYPE_OBJECT -static GObjectClass *parent_class; - -static CERTDERCerts* e_cert_db_get_certs_from_package (PRArenaPool *arena, char *data, guint32 length); - - - -static void -e_cert_db_dispose (GObject *object) -{ - ECertDB *ec = E_CERT_DB (object); - - if (!ec->priv) - return; - - /* XXX free instance specific data */ - - g_free (ec->priv); - ec->priv = NULL; - - if (G_OBJECT_CLASS (parent_class)->dispose) - G_OBJECT_CLASS (parent_class)->dispose (object); -} - -static void -e_cert_db_class_init (ECertDBClass *klass) -{ - GObjectClass *object_class; - char *evolution_dir_path; - gboolean success; - gboolean has_roots; - PK11SlotList *list; - - object_class = G_OBJECT_CLASS(klass); - - parent_class = g_type_class_ref (PARENT_TYPE); - - object_class->dispose = e_cert_db_dispose; - - evolution_dir_path = g_build_path ("/", g_get_home_dir (), ".evolution", NULL); - - /* we initialize NSS here to make sure it only happens once */ - success = (SECSuccess == NSS_InitReadWrite (evolution_dir_path)); - if (!success) { - success = (SECSuccess == NSS_Init (evolution_dir_path)); - if (success) - g_warning ("opening cert databases read-only"); - } - if (!success) { - success = (SECSuccess == NSS_NoDB_Init (evolution_dir_path)); - if (success) - g_warning ("initializing security library without cert databases."); - } - g_free (evolution_dir_path); - - if (!success) { - g_warning ("Failed all methods for initializing NSS"); - } - - /* - * check to see if you have a rootcert module installed - */ - - has_roots = FALSE; - list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL); - if (list) { - PK11SlotListElement *le; - - for (le = list->head; le; le = le->next) { - if (PK11_HasRootCerts(le->slot)) { - has_roots = TRUE; - break; - } - } - } - - if (!has_roots) { - /* grovel in various places for mozilla's built-in - cert module. - - XXX yes this is gross. *sigh* - */ - char *paths_to_check[] = { - "/usr/lib", - "/usr/lib/mozilla", - }; - int i; - - for (i = 0; i < G_N_ELEMENTS (paths_to_check); i ++) { - char *dll_path = g_module_build_path (paths_to_check [i], - "nssckbi"); - - if (g_file_test (dll_path, G_FILE_TEST_EXISTS)) { - SECMOD_AddNewModule("Mozilla Root Certs",dll_path, 0, 0); - g_free (dll_path); - break; - } - - g_free (dll_path); - } - } -} - -static void -e_cert_db_init (ECertDB *ec) -{ - ec->priv = g_new0 (ECertDBPrivate, 1); -} - -GType -e_cert_db_get_type (void) -{ - static GType cert_type = 0; - - if (!cert_type) { - static const GTypeInfo cert_info = { - sizeof (ECertDBClass), - NULL, /* base_init */ - NULL, /* base_finalize */ - (GClassInitFunc) e_cert_db_class_init, - NULL, /* class_finalize */ - NULL, /* class_data */ - sizeof (ECertDB), - 0, /* n_preallocs */ - (GInstanceInitFunc) e_cert_db_init, - }; - - cert_type = g_type_register_static (PARENT_TYPE, "ECertDB", &cert_info, 0); - } - - return cert_type; -} - - - -GStaticMutex init_mutex = G_STATIC_MUTEX_INIT; -static ECertDB *cert_db = NULL; - -ECertDB* -e_cert_db_peek (void) -{ - g_static_mutex_lock (&init_mutex); - if (!cert_db) - cert_db = g_object_new (E_TYPE_CERT_DB, NULL); - g_static_mutex_unlock (&init_mutex); - - return cert_db; -} - -void -e_cert_db_shutdown (void) -{ - /* XXX */ -} - -/* searching for certificates */ -ECert* -e_cert_db_find_cert_by_nickname (ECertDB *certdb, - const char *nickname, - GError **error) -{ - /* nsNSSShutDownPreventionLock locker;*/ - CERTCertificate *cert = NULL; - - /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));*/ -#if 0 - /* what it should be, but for now...*/ - if (aToken) { - cert = PK11_FindCertFromNickname(asciiname, NULL); - } else { - cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname); - } -#endif - cert = PK11_FindCertFromNickname((char*)nickname, NULL); - if (!cert) { - cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char*)nickname); - } - - - if (cert) { - /* PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("got it\n"));*/ - ECert *ecert = e_cert_new (cert); - return ecert; - } - else { - /* XXX gerror */ - return NULL; - } -} - -ECert* -e_cert_db_find_cert_by_key (ECertDB *certdb, - const char *db_key, - GError **error) -{ -#if 0 - /* nsNSSShutDownPreventionLock locker;*/ - SECItem keyItem = {siBuffer, NULL, 0}; - SECItem *dummy; - CERTIssuerAndSN issuerSN; - unsigned long moduleID,slotID; - CERTCertificate *cert; - - if (!db_key) { - /* XXX gerror */ - return NULL; - } - - dummy = NSSBase64_DecodeBuffer(NULL, &keyItem, db_key, - (PRUint32)PL_strlen(db_key)); - - /* someday maybe we can speed up the search using the moduleID and slotID*/ - moduleID = NS_NSS_GET_LONG(keyItem.data); - slotID = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG]); - - /* build the issuer/SN structure*/ - issuerSN.serialNumber.len = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG*2]); - issuerSN.derIssuer.len = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG*3]); - issuerSN.serialNumber.data= &keyItem.data[NS_NSS_LONG*4]; - issuerSN.derIssuer.data= &keyItem.data[NS_NSS_LONG*4+ - issuerSN.serialNumber.len]; - - cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN); - PR_FREEIF(keyItem.data); - if (cert) { - ECert *ecert = e_cert_new (cert); - return e_cert; - } - - /* XXX gerror */ - return NULL; -#endif -} - -GList* -e_cert_db_get_cert_nicknames (ECertDB *certdb, - ECertType cert_type, - GError **error) -{ -} - -ECert* -e_cert_db_find_email_encryption_cert (ECertDB *certdb, - const char *nickname, - GError **error) -{ -} - -ECert* -e_cert_db_find_email_signing_cert (ECertDB *certdb, - const char *nickname, - GError **error) -{ -} - -ECert* -e_cert_db_find_cert_by_email_address (ECertDB *certdb, - const char *email, - GError **error) -{ - /* nsNSSShutDownPreventionLock locker; */ - ECert *cert; - CERTCertificate *any_cert = CERT_FindCertByNicknameOrEmailAddr(CERT_GetDefaultCertDB(), - (char*)email); - CERTCertList *certlist; - - if (!any_cert) { - /* XXX gerror */ - return NULL; - } - - /* any_cert now contains a cert with the right subject, but it might not have the correct usage */ - certlist = CERT_CreateSubjectCertList(NULL, - CERT_GetDefaultCertDB(), - &any_cert->derSubject, - PR_Now(), PR_TRUE); - if (!certlist) { - /* XXX gerror */ - CERT_DestroyCertificate(any_cert); - return NULL; - } - - if (SECSuccess != CERT_FilterCertListByUsage(certlist, certUsageEmailRecipient, PR_FALSE)) { - /* XXX gerror */ - CERT_DestroyCertificate(any_cert); - /* XXX free certlist? */ - return NULL; - } - - if (CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) { - /* XXX gerror */ - CERT_DestroyCertificate(any_cert); - /* XXX free certlist? */ - return NULL; - } - - cert = e_cert_new (CERT_LIST_HEAD(certlist)->cert); - - return cert; -} - -static gboolean -_confirm_download_ca_cert (ECert *cert, guint32 *trustBits, gboolean *allow) -{ - /* right now just allow it and set the trustBits to 0 */ - *trustBits = 0; - *allow = TRUE; - return TRUE; -} - -static gboolean -handle_ca_cert_download(GList *certs, GError **error) -{ - ECert *certToShow; - SECItem der; - CERTCertificate *tmpCert; - - /* First thing we have to do is figure out which certificate - we're gonna present to the user. The CA may have sent down - a list of certs which may or may not be a chained list of - certs. Until the day we can design some solid UI for the - general case, we'll code to the > 90% case. That case is - where a CA sends down a list that is a chain up to its root - in either ascending or descending order. What we're gonna - do is compare the first 2 entries, if the first was signed - by the second, we assume the leaf cert is the first cert - and display it. If the second cert was signed by the first - cert, then we assume the first cert is the root and the - last cert in the array is the leaf. In this case we - display the last cert. - */ - - /* nsNSSShutDownPreventionLock locker;*/ - - if (certs == NULL) { - g_warning ("Didn't get any certs to import."); - return TRUE; - } - else if (certs->next == NULL) { - /* there's 1 cert */ - certToShow = E_CERT (certs->data); - } - else { - /* there are multiple certs */ - ECert *cert0; - ECert *cert1; - const char* cert0SubjectName; - const char* cert0IssuerName; - const char* cert1SubjectName; - const char* cert1IssuerName; - - cert0 = E_CERT (certs->data); - cert1 = E_CERT (certs->next->data); - - cert0IssuerName = e_cert_get_issuer_name (cert0); - cert0SubjectName = e_cert_get_subject_name (cert0); - - cert1IssuerName = e_cert_get_issuer_name (cert1); - cert1SubjectName = e_cert_get_subject_name (cert1); - - if (!strcmp(cert1IssuerName, cert0SubjectName)) { - /* In this case, the first cert in the list signed the second, - so the first cert is the root. Let's display the last cert - in the list. */ - certToShow = E_CERT (g_list_last (certs)->data); - } - else if (!strcmp(cert0IssuerName, cert1SubjectName)) { - /* In this case the second cert has signed the first cert. The - first cert is the leaf, so let's display it. */ - certToShow = cert0; - } else { - /* It's not a chain, so let's just show the first one in the - downloaded list. */ - certToShow = cert0; - } - } - - if (!certToShow) { - /* XXX gerror */ - return FALSE; - } - - if (!e_cert_get_raw_der (certToShow, (char**)&der.data, &der.len)) { - /* XXX gerror */ - return FALSE; - } - - { - /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Creating temp cert\n"));*/ - CERTCertDBHandle *certdb = CERT_GetDefaultCertDB(); - tmpCert = CERT_FindCertByDERCert(certdb, &der); - if (!tmpCert) { - tmpCert = CERT_NewTempCertificate(certdb, &der, - NULL, PR_FALSE, PR_TRUE); - } - if (!tmpCert) { - g_warning ("Couldn't create cert from DER blob"); - return FALSE; - } - } - -#if 0 - CERTCertificateCleaner tmpCertCleaner(tmpCert); -#endif - - if (tmpCert->isperm) { - e_notice (NULL, GTK_MESSAGE_WARNING, _("Certificate already exists")); - /* XXX gerror */ - return FALSE; - } - else { - guint32 trustBits; - gboolean allow; - char *nickname; - SECStatus srv; - CERTCertTrust trust; - - if (!_confirm_download_ca_cert (certToShow, &trustBits, &allow)) { - /* XXX gerror */ - return FALSE; - } - - if (!allow) { - /* XXX gerror */ - return FALSE; - } - - /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("trust is %d\n", trustBits));*/ - - nickname = CERT_MakeCANickname(tmpCert); - - /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Created nick \"%s\"\n", nickname.get()));*/ - - e_cert_trust_init (&trust); - e_cert_trust_set_valid_ca (&trust); - e_cert_trust_add_ca_trust (&trust, -#if 1 - /* XXX we need that ui working i guess. */ - 0, 0, 0 -#else - trustBits & nsIX509CertDB::TRUSTED_SSL, - trustBits & nsIX509CertDB::TRUSTED_EMAIL, - trustBits & nsIX509CertDB::TRUSTED_OBJSIGN -#endif -); - - srv = CERT_AddTempCertToPerm(tmpCert, - nickname, - &trust); - - if (srv != SECSuccess) { - /* XXX gerror */ - return FALSE; - } - -#if 0 - /* Now it's time to add the rest of the certs we just downloaded. - Since we didn't prompt the user about any of these certs, we - won't set any trust bits for them. */ - e_cert_trust_init (&trust); - e_cert_trust_set_valid_ca (&trust); - e_cert_trusts_add_ca_trust (&trust, 0, 0, 0); - for (PRUint32 i=0; i<numCerts; i++) { - if (i == selCertIndex) - continue; - - certToShow = do_QueryElementAt(x509Certs, i); - certToShow->GetRawDER(&der.len, (PRUint8 **)&der.data); - - CERTCertificate *tmpCert2 = - CERT_NewTempCertificate(certdb, &der, nsnull, PR_FALSE, PR_TRUE); - - if (!tmpCert2) { - NS_ASSERTION(0, "Couldn't create temp cert from DER blob\n"); - continue; /* Let's try to import the rest of 'em */ - } - nickname.Adopt(CERT_MakeCANickname(tmpCert2)); - CERT_AddTempCertToPerm(tmpCert2, NS_CONST_CAST(char*,nickname.get()), - defaultTrust.GetTrust()); - CERT_DestroyCertificate(tmpCert2); - } -#endif - return TRUE; - } -} - -/* deleting certificates */ -gboolean -e_cert_db_delete_cert (ECertDB *certdb, - ECert *ecert) -{ - /* nsNSSShutDownPreventionLock locker; - nsNSSCertificate *nssCert = NS_STATIC_CAST(nsNSSCertificate*, aCert); */ - - CERTCertificate *cert; - SECStatus srv = SECSuccess; - if (!e_cert_mark_for_deletion (ecert)) { - return FALSE; - } - - cert = e_cert_get_internal_cert (ecert); - if (cert->slot && e_cert_get_cert_type (ecert) != E_CERT_USER) { - /* To delete a cert of a slot (builtin, most likely), mark it as - completely untrusted. This way we keep a copy cached in the - local database, and next time we try to load it off of the - external token/slot, we'll know not to trust it. We don't - want to do that with user certs, because a user may re-store - the cert onto the card again at which point we *will* want to - trust that cert if it chains up properly. */ - CERTCertTrust trust; - - e_cert_trust_init_with_values (&trust, 0, 0, 0); - srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), - cert, &trust); - } - - /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("cert deleted: %d", srv));*/ - return (srv) ? FALSE : TRUE; -} - -/* importing certificates */ -gboolean -e_cert_db_import_certs (ECertDB *certdb, - char *data, guint32 length, - ECertType cert_type, - GError **error) -{ - /*nsNSSShutDownPreventionLock locker;*/ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - GList *certs = NULL; - CERTDERCerts *certCollection = e_cert_db_get_certs_from_package (arena, data, length); - int i; - gboolean rv; - - if (!certCollection) { - /* XXX gerror */ - PORT_FreeArena(arena, PR_FALSE); - return FALSE; - } - - /* Now let's create some certs to work with */ - for (i=0; i<certCollection->numcerts; i++) { - SECItem *currItem = &certCollection->rawCerts[i]; - ECert *cert; - - cert = e_cert_new_from_der ((char*)currItem->data, currItem->len); - if (!cert) { - /* XXX gerror */ - g_list_foreach (certs, (GFunc)g_object_unref, NULL); - g_list_free (certs); - PORT_FreeArena(arena, PR_FALSE); - return FALSE; - } - certs = g_list_append (certs, cert); - } - switch (cert_type) { - case E_CERT_CA: - rv = handle_ca_cert_download(certs, error); - break; - default: - /* We only deal with import CA certs in this method currently.*/ - /* XXX gerror */ - PORT_FreeArena(arena, PR_FALSE); - rv = FALSE; - } - - g_list_foreach (certs, (GFunc)g_object_unref, NULL); - g_list_free (certs); - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -gboolean -e_cert_db_import_email_cert (ECertDB *certdb, - char *data, guint32 length, - GError **error) -{ - /*nsNSSShutDownPreventionLock locker;*/ - SECStatus srv = SECFailure; - gboolean rv = TRUE; - CERTCertificate * cert; - SECItem **rawCerts; - int numcerts; - int i; - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTDERCerts *certCollection = e_cert_db_get_certs_from_package (arena, data, length); - - if (!certCollection) { - /* XXX g_error */ - - PORT_FreeArena(arena, PR_FALSE); - return FALSE; - } - - cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), certCollection->rawCerts, - (char *)NULL, PR_FALSE, PR_TRUE); - if (!cert) { - /* XXX g_error */ - rv = FALSE; - goto loser; - } - numcerts = certCollection->numcerts; - rawCerts = (SECItem **) PORT_Alloc(sizeof(SECItem *) * numcerts); - if ( !rawCerts ) { - /* XXX g_error */ - rv = FALSE; - goto loser; - } - - for ( i = 0; i < numcerts; i++ ) { - rawCerts[i] = &certCollection->rawCerts[i]; - } - - srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), certUsageEmailSigner, - numcerts, rawCerts, NULL, PR_TRUE, PR_FALSE, - NULL); - if ( srv != SECSuccess ) { - /* XXX g_error */ - rv = FALSE; - goto loser; - } - srv = CERT_SaveSMimeProfile(cert, NULL, NULL); - PORT_Free(rawCerts); - loser: - if (cert) - CERT_DestroyCertificate(cert); - if (arena) - PORT_FreeArena(arena, PR_TRUE); - return rv; -} - -static char * -default_nickname (CERTCertificate *cert) -{ - /* nsNSSShutDownPreventionLock locker; */ - char *username = NULL; - char *caname = NULL; - char *nickname = NULL; - char *tmp = NULL; - int count; - char *nickFmt=NULL, *nickFmtWithNum = NULL; - CERTCertificate *dummycert; - PK11SlotInfo *slot=NULL; - CK_OBJECT_HANDLE keyHandle; - - CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB(); - - username = CERT_GetCommonName(&cert->subject); - if ( username == NULL ) - username = PL_strdup(""); - - if ( username == NULL ) - goto loser; - - caname = CERT_GetOrgName(&cert->issuer); - if ( caname == NULL ) - caname = PL_strdup(""); - - if ( caname == NULL ) - goto loser; - - count = 1; - - nickFmt = "%1$s's %2$s ID"; - nickFmtWithNum = "%1$s's %2$s ID #%3$d"; - - nickname = PR_smprintf(nickFmt, username, caname); - /* - * We need to see if the private key exists on a token, if it does - * then we need to check for nicknames that already exist on the smart - * card. - */ - slot = PK11_KeyForCertExists(cert, &keyHandle, NULL); - if (slot == NULL) { - goto loser; - } - if (!PK11_IsInternal(slot)) { - tmp = PR_smprintf("%s:%s", PK11_GetTokenName(slot), nickname); - PR_Free(nickname); - nickname = tmp; - tmp = NULL; - } - tmp = nickname; - while ( 1 ) { - if ( count > 1 ) { - nickname = PR_smprintf("%s #%d", tmp, count); - } - - if ( nickname == NULL ) - goto loser; - - if (PK11_IsInternal(slot)) { - /* look up the nickname to make sure it isn't in use already */ - dummycert = CERT_FindCertByNickname(defaultcertdb, nickname); - - } else { - /* - * Check the cert against others that already live on the smart - * card. - */ - dummycert = PK11_FindCertFromNickname(nickname, NULL); - if (dummycert != NULL) { - /* - * Make sure the subject names are different. - */ - if (CERT_CompareName(&cert->subject, &dummycert->subject) == SECEqual) { - /* - * There is another certificate with the same nickname and - * the same subject name on the smart card, so let's use this - * nickname. - */ - CERT_DestroyCertificate(dummycert); - dummycert = NULL; - } - } - } - if ( dummycert == NULL ) - goto done; - - /* found a cert, destroy it and loop */ - CERT_DestroyCertificate(dummycert); - if (tmp != nickname) PR_Free(nickname); - count++; - } /* end of while(1) */ - - loser: - if ( nickname ) { - PR_Free(nickname); - } - nickname = NULL; - done: - if ( caname ) { - PR_Free(caname); - } - if ( username ) { - PR_Free(username); - } - if (slot != NULL) { - PK11_FreeSlot(slot); - if (nickname != NULL) { - tmp = nickname; - nickname = strchr(tmp, ':'); - if (nickname != NULL) { - nickname++; - nickname = PL_strdup(nickname); - PR_Free(tmp); - tmp = NULL; - } else { - nickname = tmp; - tmp = NULL; - } - } - } - PR_FREEIF(tmp); - return(nickname); -} - -gboolean -e_cert_db_import_user_cert (ECertDB *certdb, - char *data, guint32 length, - GError **error) -{ - /* nsNSSShutDownPreventionLock locker;*/ - PK11SlotInfo *slot; - char * nickname = NULL; - gboolean rv = FALSE; - int numCACerts; - SECItem *CACerts; - CERTDERCerts * collectArgs; - PRArenaPool *arena; - CERTCertificate * cert=NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( arena == NULL ) { - /* XXX g_error */ - goto loser; - } - - collectArgs = e_cert_db_get_certs_from_package (arena, data, length); - if (!collectArgs) { - /* XXX g_error */ - goto loser; - } - - cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), collectArgs->rawCerts, - (char *)NULL, PR_FALSE, PR_TRUE); - if (!cert) { - /* XXX g_error */ - goto loser; - } - - slot = PK11_KeyForCertExists(cert, NULL, NULL); - if ( slot == NULL ) { - /* XXX g_error */ - goto loser; - } - PK11_FreeSlot(slot); - - /* pick a nickname for the cert */ - if (cert->nickname) { - /* sigh, we need a call to look up other certs with this subject and - * identify nicknames from them. We can no longer walk down internal - * database structures rjr */ - nickname = cert->nickname; - } - else { - nickname = default_nickname(cert); - } - - /* user wants to import the cert */ - slot = PK11_ImportCertForKey(cert, nickname, NULL); - if (!slot) { - /* XXX g_error */ - goto loser; - } - PK11_FreeSlot(slot); - numCACerts = collectArgs->numcerts - 1; - - if (numCACerts) { - CACerts = collectArgs->rawCerts+1; - if ( ! CERT_ImportCAChain(CACerts, numCACerts, certUsageUserCertImport) ) { - rv = TRUE; - } - } - - loser: - if (arena) { - PORT_FreeArena(arena, PR_FALSE); - } - if ( cert ) { - CERT_DestroyCertificate(cert); - } - return rv; -} - -gboolean -e_cert_db_import_server_cert (ECertDB *certdb, - char *data, guint32 length, - GError **error) -{ - /* not c&p'ing this over at the moment, as we don't have a UI - for server certs anyway */ - return FALSE; -} - -gboolean -e_cert_db_import_certs_from_file (ECertDB *cert_db, - const char *file_path, - ECertType cert_type, - GError **error) -{ - gboolean rv; - int fd; - struct stat sb; - char *buf; - int bytes_read; - - switch (cert_type) { - case E_CERT_CA: - case E_CERT_CONTACT: - case E_CERT_SITE: - /* good */ - break; - - default: - /* not supported (yet) */ - /* XXX gerror */ - return FALSE; - } - - fd = open (file_path, O_RDONLY); - if (fd == -1) { - /* XXX gerror */ - return FALSE; - } - - if (-1 == fstat (fd, &sb)) { - /* XXX gerror */ - close (fd); - return FALSE; - } - - buf = g_malloc (sb.st_size); - if (!buf) { - /* XXX gerror */ - close (fd); - return FALSE; - } - - bytes_read = read (fd, buf, sb.st_size); - - close (fd); - - if (bytes_read != sb.st_size) { - /* XXX gerror */ - rv = FALSE; - } - else { - printf ("importing %d bytes from `%s'\n", bytes_read, file_path); - - switch (cert_type) { - case E_CERT_CA: - rv = e_cert_db_import_certs (cert_db, buf, bytes_read, cert_type, error); - break; - - case E_CERT_SITE: - rv = e_cert_db_import_server_cert (cert_db, buf, bytes_read, error); - break; - - case E_CERT_CONTACT: - rv = e_cert_db_import_email_cert (cert_db, buf, bytes_read, error); - break; - - default: - rv = FALSE; - break; - } - } - - g_free (buf); - return rv; -} - -gboolean -e_cert_db_import_pkcs12_file (ECertDB *cert_db, - const char *file_path, - GError **error) -{ -} - -gboolean -e_cert_db_export_pkcs12_file (ECertDB *cert_db, - const char *file_path, - GList *certs, - GError **error) -{ -} - - - -static SECStatus PR_CALLBACK -collect_certs(void *arg, SECItem **certs, int numcerts) -{ - CERTDERCerts *collectArgs; - SECItem *cert; - SECStatus rv; - - collectArgs = (CERTDERCerts *)arg; - - collectArgs->numcerts = numcerts; - collectArgs->rawCerts = (SECItem *) PORT_ArenaZAlloc(collectArgs->arena, sizeof(SECItem) * numcerts); - if ( collectArgs->rawCerts == NULL ) - return(SECFailure); - - cert = collectArgs->rawCerts; - - while ( numcerts-- ) { - rv = SECITEM_CopyItem(collectArgs->arena, cert, *certs); - if ( rv == SECFailure ) - return(SECFailure); - cert++; - certs++; - } - - return (SECSuccess); -} - -static CERTDERCerts* -e_cert_db_get_certs_from_package (PRArenaPool *arena, - char *data, - guint32 length) -{ - /*nsNSSShutDownPreventionLock locker;*/ - CERTDERCerts *collectArgs = - (CERTDERCerts *)PORT_ArenaZAlloc(arena, sizeof(CERTDERCerts)); - SECStatus sec_rv; - - if (!collectArgs) - return NULL; - - collectArgs->arena = arena; - sec_rv = CERT_DecodeCertPackage(data, - length, collect_certs, - (void *)collectArgs); - - if (sec_rv != SECSuccess) - return NULL; - - return collectArgs; -} diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h deleted file mode 100644 index ffc381587a..0000000000 --- a/smime/lib/e-cert-db.h +++ /dev/null @@ -1,128 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok <toshok@ximian.com> - * - * Copyright (C) 2003 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _E_CERT_DB_H_ -#define _E_CERT_DB_H_ - -#include <glib-object.h> -#include "e-cert.h" -#include <cert.h> - -#define E_TYPE_CERT_DB (e_cert_db_get_type ()) -#define E_CERT_DB(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_CERT_DB, ECertDB)) -#define E_CERT_DB_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_CERT_DB, ECertDBClass)) -#define E_IS_CERT_DB(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_CERT_DB)) -#define E_IS_CERT_DB_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_CERT_DB)) -#define E_CERT_DB_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_CERT_DB, ECertDBClass)) - -typedef struct _ECertDB ECertDB; -typedef struct _ECertDBClass ECertDBClass; -typedef struct _ECertDBPrivate ECertDBPrivate; - -struct _ECertDB { - GObject parent; - - ECertDBPrivate *priv; -}; - -struct _ECertDBClass { - GObjectClass parent_class; - - /* Padding for future expansion */ - void (*_ecert_reserved0) (void); - void (*_ecert_reserved1) (void); - void (*_ecert_reserved2) (void); - void (*_ecert_reserved3) (void); - void (*_ecert_reserved4) (void); -}; - -GType e_cert_db_get_type (void); - -/* single instance */ -ECertDB* e_cert_db_peek (void); - -void e_cert_db_shutdown (void); - -/* searching for certificates */ -ECert* e_cert_db_find_cert_by_nickname (ECertDB *certdb, - const char *nickname, - GError **error); - -ECert* e_cert_db_find_cert_by_key (ECertDB *certdb, - const char *db_key, - GError **error); - -GList* e_cert_db_get_cert_nicknames (ECertDB *certdb, - ECertType cert_type, - GError **error); - - -ECert* e_cert_db_find_email_encryption_cert (ECertDB *certdb, - const char *nickname, - GError **error); - -ECert* e_cert_db_find_email_signing_cert (ECertDB *certdb, - const char *nickname, - GError **error); - -ECert* e_cert_db_find_cert_by_email_address (ECertDB *certdb, - const char *nickname, - GError **error); - -/* deleting certificates */ -gboolean e_cert_db_delete_cert (ECertDB *certdb, - ECert *cert); - -/* importing certificates */ -gboolean e_cert_db_import_certs (ECertDB *certdb, - char *data, guint32 length, - ECertType cert_type, - GError **error); - -gboolean e_cert_db_import_email_cert (ECertDB *certdb, - char *data, guint32 length, - GError **error); - -gboolean e_cert_db_import_user_cert (ECertDB *certdb, - char *data, guint32 length, - GError **error); - -gboolean e_cert_db_import_server_cert (ECertDB *certdb, - char *data, guint32 length, - GError **error); - -gboolean e_cert_db_import_certs_from_file (ECertDB *cert_db, - const char *file_path, - ECertType cert_type, - GError **error); - -gboolean e_cert_db_import_pkcs12_file (ECertDB *cert_db, - const char *file_path, - GError **error); - -gboolean e_cert_db_export_pkcs12_file (ECertDB *cert_db, - const char *file_path, - GList *certs, - GError **error); - - -#endif /* _E_CERT_DB_H_ */ diff --git a/smime/lib/e-cert-trust.c b/smime/lib/e-cert-trust.c deleted file mode 100644 index 7386a88963..0000000000 --- a/smime/lib/e-cert-trust.c +++ /dev/null @@ -1,418 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok <toshok@ximian.com> - * - * Copyright (C) 2003 Novell, Inc. (www.novell.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -/* this code is pretty much cut&pasted and renamed from mozilla. - here's their copyright/blurb */ - -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * Ian McGreer <mcgreer@netscape.com> - * Javier Delgadillo <javi@netscape.com> - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - */ - -#include "e-cert-trust.h" - -void -e_cert_trust_init (CERTCertTrust *trust) -{ - memset(trust, 0, sizeof(CERTCertTrust)); -} - -void -e_cert_trust_init_with_values (CERTCertTrust *trust, - unsigned int ssl, - unsigned int email, - unsigned int objsign) -{ - memset(trust, 0, sizeof(CERTCertTrust)); - e_cert_trust_add_trust(&trust->sslFlags, ssl); - e_cert_trust_add_trust(&trust->emailFlags, email); - e_cert_trust_add_trust(&trust->objectSigningFlags, objsign); -} - -void -e_cert_trust_copy (CERTCertTrust *trust, CERTCertTrust *t) -{ - if (t) - memcpy(trust, t, sizeof(CERTCertTrust)); - else - memset(trust, 0, sizeof(CERTCertTrust)); -} - -void -e_cert_trust_add_ca_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign) -{ - if (ssl) { - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CA); - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA); - } - if (email) { - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CA); - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA); - } - if (objSign) { - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CA); - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA); - } -} - -void -e_cert_trust_add_peer_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign) -{ - if (ssl) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED); - if (email) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED); - if (objSign) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED); -} - -void -e_cert_trust_set_ssl_trust (CERTCertTrust *trust, - PRBool peer, PRBool tPeer, - PRBool ca, PRBool tCA, PRBool tClientCA, - PRBool user, PRBool warn) -{ - trust->sslFlags = 0; - if (peer || tPeer) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_VALID_PEER); - if (tPeer) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED); - if (ca || tCA) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_VALID_CA); - if (tClientCA) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA); - if (tCA) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CA); - if (user) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_USER); - if (warn) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_SEND_WARN); -} - -void -e_cert_trust_set_email_trust (CERTCertTrust *trust, - PRBool peer, PRBool tPeer, - PRBool ca, PRBool tCA, PRBool tClientCA, - PRBool user, PRBool warn) -{ - trust->emailFlags = 0; - if (peer || tPeer) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_VALID_PEER); - if (tPeer) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED); - if (ca || tCA) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_VALID_CA); - if (tClientCA) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA); - if (tCA) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CA); - if (user) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_USER); - if (warn) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_SEND_WARN); -} - -void -e_cert_trust_set_objsign_trust (CERTCertTrust *trust, - PRBool peer, PRBool tPeer, - PRBool ca, PRBool tCA, PRBool tClientCA, - PRBool user, PRBool warn) -{ - trust->objectSigningFlags = 0; - if (peer || tPeer) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_VALID_PEER); - if (tPeer) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED); - if (ca || tCA) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_VALID_CA); - if (tClientCA) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA); - if (tCA) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CA); - if (user) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_USER); - if (warn) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_SEND_WARN); -} - -void -e_cert_trust_set_valid_ca (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); -} - -void -e_cert_trust_set_trusted_server_ca (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE); -} - -void -e_cert_trust_set_trusted_ca (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_TRUE, PR_TRUE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_TRUE, PR_TRUE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_TRUE, PR_TRUE, - PR_FALSE, PR_FALSE); -} - -void -e_cert_trust_set_valid_peer (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); -} - -void -e_cert_trust_set_valid_server_peer (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); -} - -void -e_cert_trust_set_trusted_peer (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_TRUE, PR_TRUE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_TRUE, PR_TRUE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_TRUE, PR_TRUE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); -} - -void -e_cert_trust_set_user (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE); -} - -PRBool -e_cert_trust_has_any_ca (CERTCertTrust *trust) -{ - if (e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_CA) || - e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_CA) || - e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_CA)) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -e_cert_trust_has_ca (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign) -{ - if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_CA)) - return PR_FALSE; - if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_CA)) - return PR_FALSE; - if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_CA)) - return PR_FALSE; - return PR_TRUE; -} - -PRBool -e_cert_trust_has_peer (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign) -{ - if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_PEER)) - return PR_FALSE; - if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_PEER)) - return PR_FALSE; - if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_PEER)) - return PR_FALSE; - return PR_TRUE; -} - -PRBool -e_cert_trust_has_any_user (CERTCertTrust *trust) -{ - if (e_cert_trust_has_trust(trust->sslFlags, CERTDB_USER) || - e_cert_trust_has_trust(trust->emailFlags, CERTDB_USER) || - e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_USER)) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -e_cert_trust_has_user (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign) -{ - if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_USER)) - return PR_FALSE; - if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_USER)) - return PR_FALSE; - if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_USER)) - return PR_FALSE; - return PR_TRUE; -} - -PRBool -e_cert_trust_has_trusted_ca (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign) -{ - if (checkSSL && !(e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED_CA) || - e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA))) - return PR_FALSE; - if (checkEmail && !(e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED_CA) || - e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA))) - return PR_FALSE; - if (checkObjSign && - !(e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED_CA) || - e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA))) - return PR_FALSE; - return PR_TRUE; -} - -PRBool -e_cert_trust_has_trusted_peer (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign) -{ - if (checkSSL && !(e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED))) - return PR_FALSE; - if (checkEmail && !(e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED))) - return PR_FALSE; - if (checkObjSign && - !(e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED))) - return PR_FALSE; - return PR_TRUE; -} - -void -e_cert_trust_add_trust (unsigned int *t, unsigned int v) -{ - *t |= v; -} - -PRBool -e_cert_trust_has_trust (unsigned int t, unsigned int v) -{ - return (t & v); -} - diff --git a/smime/lib/e-cert-trust.h b/smime/lib/e-cert-trust.h deleted file mode 100644 index c55d928019..0000000000 --- a/smime/lib/e-cert-trust.h +++ /dev/null @@ -1,86 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok <toshok@ximian.com> - * - * Copyright (C) 2003 Novell, Inc. (www.novell.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _E_CERT_TRUST_H_ -#define _E_CERT_TRUST_H_ - -#include <glib.h> -#include <cert.h> -#include <certdb.h> - -G_BEGIN_DECLS - -void e_cert_trust_init (CERTCertTrust *trust); -void e_cert_trust_init_with_values (CERTCertTrust *trust, - unsigned int ssl, - unsigned int email, - unsigned int objsign); -void e_cert_trust_copy (CERTCertTrust *dst_trust, CERTCertTrust *src_trust); -void e_cert_trust_add_ca_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign); -void e_cert_trust_add_peer_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign); -void e_cert_trust_set_ssl_trust (CERTCertTrust *trust, - PRBool peer, PRBool tPeer, - PRBool ca, PRBool tCA, PRBool tClientCA, - PRBool user, PRBool warn); -void e_cert_trust_set_email_trust (CERTCertTrust *trust, - PRBool peer, PRBool tPeer, - PRBool ca, PRBool tCA, PRBool tClientCA, - PRBool user, PRBool warn); -void e_cert_trust_set_objsign_trust (CERTCertTrust *trust, - PRBool peer, PRBool tPeer, - PRBool ca, PRBool tCA, PRBool tClientCA, - PRBool user, PRBool warn); -void e_cert_trust_set_valid_ca (CERTCertTrust *trust); -void e_cert_trust_set_trusted_server_ca (CERTCertTrust *trust); -void e_cert_trust_set_trusted_ca (CERTCertTrust *trust); -void e_cert_trust_set_valid_peer (CERTCertTrust *trust); -void e_cert_trust_set_valid_server_peer (CERTCertTrust *trust); -void e_cert_trust_set_trusted_peer (CERTCertTrust *trust); -void e_cert_trust_set_user (CERTCertTrust *trust); -PRBool e_cert_trust_has_any_ca (CERTCertTrust *trust); -PRBool e_cert_trust_has_ca (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign); -PRBool e_cert_trust_has_peer (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign); -PRBool e_cert_trust_has_any_user (CERTCertTrust *trust); -PRBool e_cert_trust_has_user (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign); -PRBool e_cert_trust_has_trusted_ca (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign); -PRBool e_cert_trust_has_trusted_peer (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign); -void e_cert_trust_add_trust (unsigned int *t, unsigned int v); -PRBool e_cert_trust_has_trust (unsigned int t, unsigned int v); - -G_END_DECLS - -#endif /* _E_CERT_H_ */ diff --git a/smime/lib/e-cert.c b/smime/lib/e-cert.c deleted file mode 100644 index 54f79690d6..0000000000 --- a/smime/lib/e-cert.c +++ /dev/null @@ -1,1227 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* e-cert.c - * - * Copyright (C) 2003 Ximian, Inc. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: Chris Toshok (toshok@ximian.com) - */ - -/* The following is the mozilla license blurb, as the bodies some of - these functions were derived from the mozilla source. */ - -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - */ - -#include <time.h> - -#include <libgnome/gnome-i18n.h> -#include <gal/util/e-util.h> /* for e_utf8_strftime, what about e_time_format_time? */ - -#include "e-cert.h" -#include "e-cert-trust.h" -#include "pk11func.h" -#include "certdb.h" -#include "hasht.h" - -struct _ECertPrivate { - CERTCertificate *cert; - - /* pointers we cache since the nss implementation allocs the - string */ - char *org_name; - char *org_unit_name; - char *cn; - - char *issuer_org_name; - char *issuer_org_unit_name; - char *issuer_cn; - - PRTime issued_on; - PRTime expires_on; - - char *issued_on_string; - char *expires_on_string; - - char *serial_number; - - char *sha1_fingerprint; - char *md5_fingerprint; - - EASN1Object *asn1; - - gboolean delete; -}; - -#define PARENT_TYPE G_TYPE_OBJECT -static GObjectClass *parent_class; - -static void -e_cert_dispose (GObject *object) -{ - ECert *ec = E_CERT (object); - - if (!ec->priv) - return; - - if (ec->priv->org_name) - PORT_Free (ec->priv->org_name); - if (ec->priv->org_unit_name) - PORT_Free (ec->priv->org_unit_name); - if (ec->priv->cn) - PORT_Free (ec->priv->cn); - - if (ec->priv->issuer_org_name) - PORT_Free (ec->priv->issuer_org_name); - if (ec->priv->issuer_org_unit_name) - PORT_Free (ec->priv->issuer_org_unit_name); - if (ec->priv->issuer_cn) - PORT_Free (ec->priv->issuer_cn); - - if (ec->priv->issued_on_string) - PORT_Free (ec->priv->issued_on_string); - if (ec->priv->expires_on_string) - PORT_Free (ec->priv->expires_on_string); - if (ec->priv->serial_number) - PORT_Free (ec->priv->serial_number); - - if (ec->priv->sha1_fingerprint) - PORT_Free (ec->priv->sha1_fingerprint); - if (ec->priv->md5_fingerprint) - PORT_Free (ec->priv->md5_fingerprint); - - if (ec->priv->asn1) - g_object_unref (ec->priv->asn1); - - if (ec->priv->delete) { - printf ("attempting to delete cert marked for deletion\n"); - if (e_cert_get_cert_type (ec) == E_CERT_USER) { - PK11_DeleteTokenCertAndKey(ec->priv->cert, NULL); - } else if (!PK11_IsReadOnly(ec->priv->cert->slot)) { - /* If the list of built-ins does contain a non-removable - copy of this certificate, our call will not remove - the certificate permanently, but rather remove all trust. */ - SEC_DeletePermCertificate(ec->priv->cert); - } - } - - g_free (ec->priv); - ec->priv = NULL; - - if (G_OBJECT_CLASS (parent_class)->dispose) - G_OBJECT_CLASS (parent_class)->dispose (object); -} - -static void -e_cert_class_init (ECertClass *klass) -{ - GObjectClass *object_class; - - object_class = G_OBJECT_CLASS(klass); - - parent_class = g_type_class_ref (PARENT_TYPE); - - object_class->dispose = e_cert_dispose; -} - -static void -e_cert_init (ECert *ec) -{ - ec->priv = g_new0 (ECertPrivate, 1); -} - -GType -e_cert_get_type (void) -{ - static GType cert_type = 0; - - if (!cert_type) { - static const GTypeInfo cert_info = { - sizeof (ECertClass), - NULL, /* base_init */ - NULL, /* base_finalize */ - (GClassInitFunc) e_cert_class_init, - NULL, /* class_finalize */ - NULL, /* class_data */ - sizeof (ECert), - 0, /* n_preallocs */ - (GInstanceInitFunc) e_cert_init, - }; - - cert_type = g_type_register_static (PARENT_TYPE, "ECert", &cert_info, 0); - } - - return cert_type; -} - - - -static void -e_cert_populate (ECert *cert) -{ - CERTCertificate *c = cert->priv->cert; - unsigned char fingerprint[20]; - SECItem fpItem; - - cert->priv->org_name = CERT_GetOrgName (&c->subject); - cert->priv->org_unit_name = CERT_GetOrgUnitName (&c->subject); - - cert->priv->issuer_org_name = CERT_GetOrgName (&c->issuer); - cert->priv->issuer_org_unit_name = CERT_GetOrgUnitName (&c->issuer); - - cert->priv->cn = CERT_GetCommonName (&c->subject); - cert->priv->issuer_cn = CERT_GetCommonName (&c->issuer); - - if (SECSuccess == CERT_GetCertTimes (c, &cert->priv->issued_on, &cert->priv->expires_on)) { - PRExplodedTime explodedTime; - struct tm exploded_tm; - char buf[32]; - - PR_ExplodeTime (cert->priv->issued_on, PR_LocalTimeParameters, &explodedTime); - exploded_tm.tm_sec = explodedTime.tm_sec; - exploded_tm.tm_min = explodedTime.tm_min; - exploded_tm.tm_hour = explodedTime.tm_hour; - exploded_tm.tm_mday = explodedTime.tm_mday; - exploded_tm.tm_mon = explodedTime.tm_month; - exploded_tm.tm_year = explodedTime.tm_year - 1900; - e_utf8_strftime (buf, sizeof(buf), _("%d/%m/%Y"), &exploded_tm); - cert->priv->issued_on_string = g_strdup (buf); - - PR_ExplodeTime (cert->priv->expires_on, PR_LocalTimeParameters, &explodedTime); - exploded_tm.tm_sec = explodedTime.tm_sec; - exploded_tm.tm_min = explodedTime.tm_min; - exploded_tm.tm_hour = explodedTime.tm_hour; - exploded_tm.tm_mday = explodedTime.tm_mday; - exploded_tm.tm_mon = explodedTime.tm_month; - exploded_tm.tm_year = explodedTime.tm_year - 1900; - e_utf8_strftime (buf, sizeof(buf), _("%d/%m/%Y"), &exploded_tm); - cert->priv->expires_on_string = g_strdup (buf); - } - - cert->priv->serial_number = CERT_Hexify (&cert->priv->cert->serialNumber, TRUE); - - memset(fingerprint, 0, sizeof fingerprint); - PK11_HashBuf(SEC_OID_SHA1, fingerprint, - cert->priv->cert->derCert.data, - cert->priv->cert->derCert.len); - fpItem.data = fingerprint; - fpItem.len = SHA1_LENGTH; - cert->priv->sha1_fingerprint = CERT_Hexify (&fpItem, TRUE); - - memset(fingerprint, 0, sizeof fingerprint); - PK11_HashBuf(SEC_OID_MD5, fingerprint, - cert->priv->cert->derCert.data, - cert->priv->cert->derCert.len); - fpItem.data = fingerprint; - fpItem.len = MD5_LENGTH; - cert->priv->md5_fingerprint = CERT_Hexify (&fpItem, TRUE); -} - -ECert* -e_cert_new (CERTCertificate *cert) -{ - ECert *ecert = E_CERT (g_object_new (E_TYPE_CERT, NULL)); - - ecert->priv->cert = cert; - - e_cert_populate (ecert); - - return ecert; -} - -ECert* -e_cert_new_from_der (char *data, guint32 len) -{ - CERTCertificate *cert = CERT_DecodeCertFromPackage (data, len); - - if (!cert) - return NULL; - - if (cert->dbhandle == NULL) - cert->dbhandle = CERT_GetDefaultCertDB(); - - return e_cert_new (cert); -} - - - - -CERTCertificate* -e_cert_get_internal_cert (ECert *cert) -{ - /* XXX should this refcnt it? */ - return cert->priv->cert; -} - -gboolean -e_cert_get_raw_der (ECert *cert, char **data, guint32 *len) -{ - /* XXX do we really need to check if cert->priv->cert is NULL - here? it should always be non-null if we have the - ECert.. */ - if (cert->priv->cert) { - *data = (char*)cert->priv->cert->derCert.data; - *len = (guint32)cert->priv->cert->derCert.len; - return TRUE; - } - - *len = 0; - return FALSE; - -} - -const char* -e_cert_get_window_title (ECert *cert) -{ - if (cert->priv->cert->nickname) - return cert->priv->cert->nickname; - else if (cert->priv->cn) - return cert->priv->cn; - else - return cert->priv->cert->subjectName; -} - -const char* -e_cert_get_nickname (ECert *cert) -{ - return cert->priv->cert->nickname; -} - -const char* -e_cert_get_email (ECert *cert) -{ - return cert->priv->cert->emailAddr; -} - -const char* -e_cert_get_org (ECert *cert) -{ - return cert->priv->org_name; -} - -const char* -e_cert_get_org_unit (ECert *cert) -{ - return cert->priv->org_unit_name; -} - -const char* -e_cert_get_cn (ECert *cert) -{ - return cert->priv->cn; -} - -const char* -e_cert_get_issuer_name (ECert *cert) -{ - return cert->priv->cert->issuerName; -} - -const char* -e_cert_get_issuer_cn (ECert *cert) -{ - return cert->priv->issuer_cn; -} - -const char* -e_cert_get_issuer_org (ECert *cert) -{ - return cert->priv->issuer_org_name; -} - -const char* -e_cert_get_issuer_org_unit (ECert *cert) -{ - return cert->priv->issuer_org_unit_name; -} - -const char* -e_cert_get_subject_name (ECert *cert) -{ - return cert->priv->cert->subjectName; -} - -PRTime -e_cert_get_issued_on_time (ECert *cert) -{ - return cert->priv->issued_on; -} - -const char* -e_cert_get_issued_on (ECert *cert) -{ - return cert->priv->issued_on_string; -} - -PRTime -e_cert_get_expires_on_time (ECert *cert) -{ - return cert->priv->expires_on; -} - -const char* -e_cert_get_expires_on (ECert *cert) -{ - return cert->priv->expires_on_string; -} - -const char* -e_cert_get_serial_number (ECert *cert) -{ - return cert->priv->serial_number; -} - -const char* -e_cert_get_sha1_fingerprint (ECert *cert) -{ - return cert->priv->sha1_fingerprint; -} - -const char* -e_cert_get_md5_fingerprint (ECert *cert) -{ - return cert->priv->md5_fingerprint; -} - -GList* -e_cert_get_chain (ECert *ecert) -{ - GList *l = NULL; - - g_object_ref (ecert); - - while (ecert) { - CERTCertificate *cert = e_cert_get_internal_cert (ecert); - CERTCertificate *next_cert; - - l = g_list_append (l, ecert); - - if (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject) == SECEqual) - break; - - next_cert = CERT_FindCertIssuer (cert, PR_Now(), certUsageSSLClient); - if (!next_cert) - break; - ecert = e_cert_new (next_cert); - } - - return l; -} - -static gboolean -get_int_value (SECItem *versionItem, - unsigned long *version) -{ - SECStatus srv; - srv = SEC_ASN1DecodeInteger(versionItem,version); - if (srv != SECSuccess) { - g_warning ("could not decode version of cert"); - return FALSE; - } - return TRUE; -} - -static gboolean -process_version (SECItem *versionItem, - EASN1Object **retItem) -{ - EASN1Object *item = e_asn1_object_new (); - unsigned long version; - - e_asn1_object_set_display_name (item, _("Version")); - - /* Now to figure out what version this certificate is. */ - - if (versionItem->data) { - if (!get_int_value (versionItem, &version)) - return FALSE; - } else { - /* If there is no version present in the cert, then rfc2459 - says we default to v1 (0) */ - version = 0; - } - - switch (version){ - case 0: - e_asn1_object_set_display_value (item, _("Version 1")); - break; - case 1: - e_asn1_object_set_display_value (item, _("Version 2")); - break; - case 2: - e_asn1_object_set_display_value (item, _("Version 3")); - break; - default: - g_warning ("Bad value for cert version"); - return FALSE; - } - - *retItem = item; - return TRUE; -} - -static gboolean -process_serial_number_der (SECItem *serialItem, - EASN1Object **retItem) -{ - char *serialNumber; - EASN1Object *item = e_asn1_object_new (); - - e_asn1_object_set_display_name (item, _("Serial Number")); - - serialNumber = CERT_Hexify(serialItem, 1); - - e_asn1_object_set_display_value (item, serialNumber); - PORT_Free (serialNumber); /* XXX the right free to use? */ - - *retItem = item; - return TRUE; -} - -static gboolean -get_default_oid_format (SECItem *oid, - char **text) -{ - char buf[300]; - unsigned int len; - int written; - - unsigned long val = oid->data[0]; - unsigned int i = val % 40; - val /= 40; - written = PR_snprintf(buf, 300, "%lu %u ", val, i); - if (written < 0) - return FALSE; - len = written; - - val = 0; - for (i = 1; i < oid->len; ++i) { - /* In this loop, we have to parse a DER formatted - If the first bit is a 1, then the integer is - represented by more than one byte. If the - first bit is set then we continue on and add - the values of the later bytes until we get - a byte without the first bit set. - */ - unsigned long j; - - j = oid->data[i]; - val = (val << 7) | (j & 0x7f); - if (j & 0x80) - continue; - written = PR_snprintf(&buf[len], sizeof(buf)-len, "%lu ", val); - if (written < 0) - return FALSE; - - len += written; - if (len >= sizeof (buf)) - g_warning ("OID data to big to display in 300 chars."); - val = 0; - } - - *text = g_strdup (buf); - return TRUE; -} - -static gboolean -get_oid_text (SECItem *oid, char **text) -{ - SECOidTag oidTag = SECOID_FindOIDTag(oid); - char *temp; - - switch (oidTag) { - case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: - *text = g_strdup (_("PKCS #1 MD2 With RSA Encryption")); - break; - case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: - *text = g_strdup (_("PKCS #1 MD5 With RSA Encryption")); - break; - case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: - *text = g_strdup (_("PKCS #1 SHA-1 With RSA Encryption")); - break; - case SEC_OID_AVA_COUNTRY_NAME: - *text = g_strdup (_("C")); - break; - case SEC_OID_AVA_COMMON_NAME: - *text = g_strdup (_("CN")); - break; - case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME: - *text = g_strdup (_("OU")); - break; - case SEC_OID_AVA_ORGANIZATION_NAME: - *text = g_strdup (_("O")); - break; - case SEC_OID_AVA_LOCALITY: - *text = g_strdup (_("L")); - break; - case SEC_OID_AVA_DN_QUALIFIER: - *text = g_strdup (_("DN")); - break; - case SEC_OID_AVA_DC: - *text = g_strdup (_("DC")); - break; - case SEC_OID_AVA_STATE_OR_PROVINCE: - *text = g_strdup (_("ST")); - break; - case SEC_OID_PKCS1_RSA_ENCRYPTION: - *text = g_strdup (_("PKCS #1 RSA Encryption")); - break; - case SEC_OID_X509_KEY_USAGE: - *text = g_strdup (_("Certificate Key Usage")); - break; - case SEC_OID_NS_CERT_EXT_CERT_TYPE: - *text = g_strdup (_("Netscape Certificate Type")); - break; - case SEC_OID_X509_AUTH_KEY_ID: - *text = g_strdup (_("Certificate Authority Key Identifier")); - break; - case SEC_OID_RFC1274_UID: - *text = g_strdup (_("UID")); - break; - case SEC_OID_PKCS9_EMAIL_ADDRESS: - *text = g_strdup (_("E")); - break; - default: - if (!get_default_oid_format (oid, &temp)) - return FALSE; - - *text = g_strdup_printf (_("Object Identifier (%s)"), temp); - g_free (temp); - - break; - } - return TRUE; -} - - -static gboolean -process_raw_bytes (SECItem *data, char **text) -{ - /* This function is used to display some DER bytes - that we have not added support for decoding. - It prints the value of the byte out into a - string that can later be displayed as a byte - string. We place a new line after 24 bytes - to break up extermaly long sequence of bytes. - */ - GString *str = g_string_new (""); - PRUint32 i; - char buffer[5]; - for (i=0; i<data->len; i++) { - PR_snprintf(buffer, 5, "%02x ", data->data[i]); - g_string_append (str, buffer); - if ((i+1)%16 == 0) { - g_string_append (str, "\n"); - } - } - *text = g_string_free (str, FALSE); - return TRUE; -} - -static gboolean -process_sec_algorithm_id (SECAlgorithmID *algID, - EASN1Object **retSequence) -{ - EASN1Object *sequence = e_asn1_object_new (); - char *text; - - *retSequence = NULL; - - get_oid_text (&algID->algorithm, &text); - - if (!algID->parameters.len || algID->parameters.data[0] == E_ASN1_OBJECT_TYPE_NULL) { - e_asn1_object_set_display_value (sequence, text); - e_asn1_object_set_valid_container (sequence, FALSE); - } else { - EASN1Object *subitem; - - subitem = e_asn1_object_new (); - e_asn1_object_set_display_name (subitem, _("Algorithm Identifier")); - e_asn1_object_set_display_value (subitem, text); - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - - g_free (text); - - subitem = e_asn1_object_new (); - e_asn1_object_set_display_name (subitem, _("Algorithm Parameters")); - process_raw_bytes (&algID->parameters, &text); - e_asn1_object_set_display_value (subitem, text); - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - } - - g_free (text); - *retSequence = sequence; - return TRUE; -} - -static gboolean -process_subject_public_key_info (CERTSubjectPublicKeyInfo *spki, - EASN1Object *parentSequence) -{ - EASN1Object *spkiSequence = e_asn1_object_new(); - EASN1Object *sequenceItem; - EASN1Object *printableItem; - SECItem data; - char *text; - - e_asn1_object_set_display_name (spkiSequence, _("Subject Public Key Info")); - - if (!process_sec_algorithm_id (&spki->algorithm, &sequenceItem)) - return FALSE; - - e_asn1_object_set_display_name (sequenceItem, _("Subject Public Key Algorithm")); - - e_asn1_object_append_child (spkiSequence, sequenceItem); - - /* The subjectPublicKey field is encoded as a bit string. - ProcessRawBytes expects the lenght to be in bytes, so - let's convert the lenght into a temporary SECItem. - */ - data.data = spki->subjectPublicKey.data; - data.len = spki->subjectPublicKey.len / 8; - - process_raw_bytes (&data, &text); - printableItem = e_asn1_object_new (); - - e_asn1_object_set_display_value (printableItem, text); - e_asn1_object_set_display_name (printableItem, _("Subject's Public Key")); - e_asn1_object_append_child (spkiSequence, printableItem); - g_object_unref (printableItem); - - e_asn1_object_append_child (parentSequence, spkiSequence); - g_object_unref (spkiSequence); - - return TRUE; -} - -static gboolean -process_ns_cert_type_extensions (SECItem *extData, - GString *text) -{ - SECItem decoded; - unsigned char nsCertType; - - decoded.data = NULL; - decoded.len = 0; - if (SECSuccess != SEC_ASN1DecodeItem(NULL, &decoded, - SEC_ASN1_GET(SEC_BitStringTemplate), extData)) { - g_string_append (text, _("Error: Unable to process extension")); - return TRUE; - } - - nsCertType = decoded.data[0]; - - PORT_Free (decoded.data); /* XXX right free? */ - - if (nsCertType & NS_CERT_TYPE_SSL_CLIENT) { - g_string_append (text, _("SSL Client Certificate")); - g_string_append (text, "\n"); - } - if (nsCertType & NS_CERT_TYPE_SSL_SERVER) { - g_string_append (text, _("SSL Server Certificate")); - g_string_append (text, "\n"); - } - if (nsCertType & NS_CERT_TYPE_EMAIL) { - g_string_append (text, _("Email")); - g_string_append (text, "\n"); - } - if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING) { - g_string_append (text, _("Object Signer")); - g_string_append (text, "\n"); - } - if (nsCertType & NS_CERT_TYPE_SSL_CA) { - g_string_append (text, _("SSL Certificate Authority")); - g_string_append (text, "\n"); - } - if (nsCertType & NS_CERT_TYPE_EMAIL_CA) { - g_string_append (text, _("Email Certificate Authority")); - g_string_append (text, "\n"); - } - if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING_CA) { - g_string_append (text, _("Object Signer")); - g_string_append (text, "\n"); - } - return TRUE; -} - -static gboolean -process_key_usage_extensions (SECItem *extData, GString *text) -{ - SECItem decoded; - unsigned char keyUsage; - - decoded.data = NULL; - decoded.len = 0; - if (SECSuccess != SEC_ASN1DecodeItem(NULL, &decoded, - SEC_ASN1_GET(SEC_BitStringTemplate), extData)) { - g_string_append (text, _("Error: Unable to process extension")); - return TRUE; - } - - keyUsage = decoded.data[0]; - PORT_Free (decoded.data); /* XXX right free? */ - - if (keyUsage & KU_DIGITAL_SIGNATURE) { - g_string_append (text, _("Signing")); - g_string_append (text, "\n"); - } - if (keyUsage & KU_NON_REPUDIATION) { - g_string_append (text, _("Non-repudiation")); - g_string_append (text, "\n"); - } - if (keyUsage & KU_KEY_ENCIPHERMENT) { - g_string_append (text, _("Key Encipherment")); - g_string_append (text, "\n"); - } - if (keyUsage & KU_DATA_ENCIPHERMENT) { - g_string_append (text, _("Data Encipherment")); - g_string_append (text, "\n"); - } - if (keyUsage & KU_KEY_AGREEMENT) { - g_string_append (text, _("Key Agreement")); - g_string_append (text, "\n"); - } - if (keyUsage & KU_KEY_CERT_SIGN) { - g_string_append (text, _("Certificate Signer")); - g_string_append (text, "\n"); - } - if (keyUsage & KU_CRL_SIGN) { - g_string_append (text, _("CRL Signer")); - g_string_append (text, "\n"); - } - - return TRUE; -} - -static gboolean -process_extension_data (SECOidTag oidTag, SECItem *extData, - GString *str) -{ - gboolean rv; - switch (oidTag) { - case SEC_OID_NS_CERT_EXT_CERT_TYPE: - rv = process_ns_cert_type_extensions (extData, str); - break; - case SEC_OID_X509_KEY_USAGE: - rv = process_key_usage_extensions (extData, str); - break; - default: { - char *text; - rv = process_raw_bytes (extData, &text); - g_string_append (str, text); - g_free (text); - break; - } - } - return rv; -} - -static gboolean -process_single_extension (CERTCertExtension *extension, - EASN1Object **retExtension) -{ - GString *str = g_string_new (""); - char *text; - EASN1Object *extensionItem; - SECOidTag oidTag = SECOID_FindOIDTag(&extension->id); - - get_oid_text (&extension->id, &text); - - extensionItem = e_asn1_object_new (); - - e_asn1_object_set_display_name (extensionItem, text); - g_free (text); - - if (extension->critical.data != NULL) { - if (extension->critical.data[0]) { - g_string_append (str, _("Critical")); - } else { - g_string_append (str, _("Not Critical")); - } - } else { - g_string_append (str, _("Not Critical")); - } - g_string_append (str, "\n"); - if (!process_extension_data (oidTag, &extension->value, str)) { - g_string_free (str, TRUE); - return FALSE; - } - - e_asn1_object_set_display_value (extensionItem, str->str); - g_string_free (str, TRUE); - *retExtension = extensionItem; - return TRUE; -} - -static gboolean -process_extensions (CERTCertExtension **extensions, - EASN1Object *parentSequence) -{ - EASN1Object *extensionSequence = e_asn1_object_new (); - PRInt32 i; - - e_asn1_object_set_display_name (extensionSequence, _("Extensions")); - - for (i=0; extensions[i] != NULL; i++) { - EASN1Object *newExtension; - - if (!process_single_extension (extensions[i], - &newExtension)) - return FALSE; - - e_asn1_object_append_child (extensionSequence, newExtension); - } - e_asn1_object_append_child (parentSequence, extensionSequence); - return TRUE; -} - -static gboolean -process_name (CERTName *name, char **value) -{ - CERTRDN** rdns; - CERTRDN** rdn; - CERTAVA** avas; - CERTAVA* ava; - SECItem *decodeItem = NULL; - GString *final_string = g_string_new (""); - - char *type; - GString *avavalue; - char *temp; - CERTRDN **lastRdn; - - rdns = name->rdns; - - lastRdn = rdns; - - /* find last RDN */ - lastRdn = rdns; - while (*lastRdn) lastRdn++; - - /* The above whille loop will put us at the last member - * of the array which is a NULL pointer. So let's back - * up one spot so that we have the last non-NULL entry in - * the array in preparation for traversing the - * RDN's (Relative Distinguished Name) in reverse order. - */ - lastRdn--; - - /* - * Loop over name contents in _reverse_ RDN order appending to string - * When building the Ascii string, NSS loops over these entries in - * reverse order, so I will as well. The difference is that NSS - * will always place them in a one line string separated by commas, - * where I want each entry on a single line. I can't just use a comma - * as my delimitter because it is a valid character to have in the - * value portion of the AVA and could cause trouble when parsing. - */ - for (rdn = lastRdn; rdn >= rdns; rdn--) { - avas = (*rdn)->avas; - while ((ava = *avas++) != 0) { - if (!get_oid_text (&ava->type, &type)) - return FALSE; - - /* This function returns a string in UTF8 format. */ - decodeItem = CERT_DecodeAVAValue(&ava->value); - if(!decodeItem) { - return FALSE; - } - - avavalue = g_string_new_len ((char*)decodeItem->data, decodeItem->len); - - SECITEM_FreeItem(decodeItem, PR_TRUE); - - temp = g_strdup_printf (_("%s = %s"), type, avavalue->str); - - g_string_append (final_string, temp); - g_string_append (final_string, "\n"); - g_string_free (avavalue, TRUE); - g_free (temp); - } - } - *value = g_string_free (final_string, FALSE); - return TRUE; -} - -static gboolean -create_tbs_certificate_asn1_struct (ECert *cert, EASN1Object **seq) -{ - /* - ** TBSCertificate ::= SEQUENCE { - ** version [0] EXPLICIT Version DEFAULT v1, - ** serialNumber CertificateSerialNumber, - ** signature AlgorithmIdentifier, - ** issuer Name, - ** validity Validity, - ** subject Name, - ** subjectPublicKeyInfo SubjectPublicKeyInfo, - ** issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - ** -- If present, version shall be v2 or v3 - ** subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - ** -- If present, version shall be v2 or v3 - ** extensions [3] EXPLICIT Extensions OPTIONAL - ** -- If present, version shall be v3 - ** } - ** - ** This is the ASN1 structure we should be dealing with at this point. - ** The code in this method will assert this is the structure we're dealing - ** and then add more user friendly text for that field. - */ - EASN1Object *sequence = e_asn1_object_new (); - char *text; - EASN1Object *subitem; - SECItem data; - - e_asn1_object_set_display_name (sequence, _("Certificate")); - - if (!process_version (&cert->priv->cert->version, &subitem)) - return FALSE; - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - - if (!process_serial_number_der (&cert->priv->cert->serialNumber, &subitem)) - return FALSE; - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - - - if (!process_sec_algorithm_id (&cert->priv->cert->signature, &subitem)) - return FALSE; - e_asn1_object_set_display_name (subitem, _("Certificate Signature Algorithm")); - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - - process_name (&cert->priv->cert->issuer, &text); - subitem = e_asn1_object_new (); - e_asn1_object_set_display_value (subitem, text); - g_free (text); - - e_asn1_object_set_display_name (subitem, _("Issuer")); - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - -#if notyet - nsCOMPtr<nsIASN1Sequence> validitySequence = new nsNSSASN1Sequence(); - nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpValidity").get(), - text); - validitySequence->SetDisplayName(text); - asn1Objects->AppendElement(validitySequence, PR_FALSE); - nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpNotBefore").get(), - text); - nsCOMPtr<nsIX509CertValidity> validityData; - GetValidity(getter_AddRefs(validityData)); - PRTime notBefore, notAfter; - - validityData->GetNotBefore(¬Before); - validityData->GetNotAfter(¬After); - validityData = 0; - rv = ProcessTime(notBefore, text.get(), validitySequence); - if (NS_FAILED(rv)) - return rv; - - nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpNotAfter").get(), - text); - rv = ProcessTime(notAfter, text.get(), validitySequence); - if (NS_FAILED(rv)) - return rv; -#endif - - subitem = e_asn1_object_new (); - e_asn1_object_set_display_name (subitem, _("Subject")); - - process_name (&cert->priv->cert->subject, &text); - e_asn1_object_set_display_value (subitem, text); - g_free (text); - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - - if (!process_subject_public_key_info (&cert->priv->cert->subjectPublicKeyInfo, sequence)) - return FALSE; - - /* Is there an issuerUniqueID? */ - if (cert->priv->cert->issuerID.data) { - /* The issuerID is encoded as a bit string. - The function ProcessRawBytes expects the - length to be in bytes, so let's convert the - length in a temporary SECItem - */ - data.data = cert->priv->cert->issuerID.data; - data.len = cert->priv->cert->issuerID.len / 8; - - subitem = e_asn1_object_new (); - - e_asn1_object_set_display_name (subitem, _("Issuer Unique ID")); - process_raw_bytes (&data, &text); - e_asn1_object_set_display_value (subitem, text); - g_free (text); - - e_asn1_object_append_child (sequence, subitem); - } - - if (cert->priv->cert->subjectID.data) { - /* The subjectID is encoded as a bit string. - The function ProcessRawBytes expects the - length to be in bytes, so let's convert the - length in a temporary SECItem - */ - data.data = cert->priv->cert->issuerID.data; - data.len = cert->priv->cert->issuerID.len / 8; - - subitem = e_asn1_object_new (); - - e_asn1_object_set_display_name (subitem, _("Subject Unique ID")); - process_raw_bytes (&data, &text); - e_asn1_object_set_display_value (subitem, text); - g_free (text); - - e_asn1_object_append_child (sequence, subitem); - } - if (cert->priv->cert->extensions) { - if (!process_extensions (cert->priv->cert->extensions, sequence)) - return FALSE; - } - - *seq = sequence; - - return TRUE; -} - -static gboolean -create_asn1_struct (ECert *cert) -{ - EASN1Object *sequence; - SECItem temp; - char *text; - - cert->priv->asn1 = e_asn1_object_new (); - - e_asn1_object_set_display_name (cert->priv->asn1, e_cert_get_window_title (cert)); - - /* This sequence will be contain the tbsCertificate, signatureAlgorithm, - and signatureValue. */ - - if (!create_tbs_certificate_asn1_struct (cert, &sequence)) - return FALSE; - e_asn1_object_append_child (cert->priv->asn1, sequence); - g_object_unref (sequence); - - if (!process_sec_algorithm_id (&cert->priv->cert->signatureWrap.signatureAlgorithm, &sequence)) - return FALSE; - e_asn1_object_set_display_name (sequence, _("Certificate Signature Algorithm")); - e_asn1_object_append_child (cert->priv->asn1, sequence); - g_object_unref (sequence); - - sequence = e_asn1_object_new (); - e_asn1_object_set_display_name (sequence, _("Certificate Signature Value")); - - /* The signatureWrap is encoded as a bit string. - The function ProcessRawBytes expects the - length to be in bytes, so let's convert the - length in a temporary SECItem */ - temp.data = cert->priv->cert->signatureWrap.signature.data; - temp.len = cert->priv->cert->signatureWrap.signature.len / 8; - process_raw_bytes (&temp, &text); - e_asn1_object_set_display_value (sequence, text); - e_asn1_object_append_child (cert->priv->asn1, sequence); - g_free (text); - - return TRUE; -} - -EASN1Object* -e_cert_get_asn1_struct (ECert *cert) -{ - if (!cert->priv->asn1) - create_asn1_struct (cert); - - return g_object_ref (cert->priv->asn1); -} - -gboolean -e_cert_mark_for_deletion (ECert *cert) -{ - // nsNSSShutDownPreventionLock locker; - -#if 0 - // make sure user is logged in to the token - nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext(); -#endif - - if (PK11_NeedLogin(cert->priv->cert->slot) - && !PK11_NeedUserInit(cert->priv->cert->slot) - && !PK11_IsInternal(cert->priv->cert->slot)) { - if (SECSuccess != PK11_Authenticate(cert->priv->cert->slot, PR_TRUE, NULL)) { - return FALSE; - } - } - - cert->priv->delete = TRUE; - - return TRUE; -} - -ECertType -e_cert_get_cert_type (ECert *ecert) -{ - const char *nick = e_cert_get_nickname (ecert); - const char *email = e_cert_get_email (ecert); - CERTCertificate *cert = ecert->priv->cert; - - if (nick) { - if (e_cert_trust_has_any_user (cert->trust)) - return E_CERT_USER; - if (e_cert_trust_has_any_ca (cert->trust) - || CERT_IsCACert(cert,NULL)) - return E_CERT_CA; - if (e_cert_trust_has_peer (cert->trust, PR_TRUE, PR_FALSE, PR_FALSE)) - return E_CERT_SITE; - } - if (email && e_cert_trust_has_peer (cert->trust, PR_FALSE, PR_TRUE, PR_FALSE)) - return E_CERT_CONTACT; - - return E_CERT_UNKNOWN; -} diff --git a/smime/lib/e-cert.h b/smime/lib/e-cert.h deleted file mode 100644 index 243ce1539b..0000000000 --- a/smime/lib/e-cert.h +++ /dev/null @@ -1,103 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok <toshok@ximian.com> - * - * Copyright (C) 2003 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _E_CERT_H_ -#define _E_CERT_H_ - -#include <glib-object.h> -#include <cert.h> -#include "e-asn1-object.h" - -#define E_TYPE_CERT (e_cert_get_type ()) -#define E_CERT(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_CERT, ECert)) -#define E_CERT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_CERT, ECertClass)) -#define E_IS_CERT(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_CERT)) -#define E_IS_CERT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_CERT)) -#define E_CERT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_CERT, ECertClass)) - -typedef struct _ECert ECert; -typedef struct _ECertClass ECertClass; -typedef struct _ECertPrivate ECertPrivate; - -typedef enum { - E_CERT_CA, - E_CERT_CONTACT, - E_CERT_SITE, - E_CERT_USER, - E_CERT_UNKNOWN -} ECertType; - -struct _ECert { - GObject parent; - - ECertPrivate *priv; -}; - -struct _ECertClass { - GObjectClass parent_class; - - /* Padding for future expansion */ - void (*_ecert_reserved0) (void); - void (*_ecert_reserved1) (void); - void (*_ecert_reserved2) (void); - void (*_ecert_reserved3) (void); - void (*_ecert_reserved4) (void); -}; - -GType e_cert_get_type (void); - -ECert* e_cert_new (CERTCertificate *cert); -ECert* e_cert_new_from_der (char *data, guint32 len); - -CERTCertificate* e_cert_get_internal_cert (ECert *cert); - -gboolean e_cert_get_raw_der (ECert *cert, char **data, guint32 *len); -const char* e_cert_get_window_title (ECert *cert); -const char* e_cert_get_nickname (ECert *cert); -const char* e_cert_get_email (ECert *cert); -const char* e_cert_get_org (ECert *cert); -const char* e_cert_get_org_unit (ECert *cert); -const char* e_cert_get_cn (ECert *cert); -const char* e_cert_get_subject_name (ECert *cert); - -const char* e_cert_get_issuer_name (ECert *cert); -const char* e_cert_get_issuer_cn (ECert *cert); -const char* e_cert_get_issuer_org (ECert *cert); -const char* e_cert_get_issuer_org_unit (ECert *cert); - -PRTime e_cert_get_issued_on_time (ECert *cert); -const char* e_cert_get_issued_on (ECert *cert); -PRTime e_cert_get_expires_on_time (ECert *cert); -const char* e_cert_get_expires_on (ECert *cert); - -const char* e_cert_get_serial_number (ECert *cert); -const char* e_cert_get_sha1_fingerprint (ECert *cert); -const char* e_cert_get_md5_fingerprint (ECert *cert); - -GList* e_cert_get_chain (ECert *cert); -EASN1Object* e_cert_get_asn1_struct (ECert *cert); - -gboolean e_cert_mark_for_deletion (ECert *cert); - -ECertType e_cert_get_cert_type (ECert *cert); - -#endif /* _E_CERT_H_ */ diff --git a/smime/lib/e-pkcs12.c b/smime/lib/e-pkcs12.c deleted file mode 100644 index 3092944196..0000000000 --- a/smime/lib/e-pkcs12.c +++ /dev/null @@ -1,452 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* e-pkcs12.c - * - * Copyright (C) 2003 Ximian, Inc. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: Chris Toshok (toshok@ximian.com) - */ - -/* The following is the mozilla license blurb, as the bodies some of - these functions were derived from the mozilla source. */ - -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - */ - -#include <gtk/gtk.h> -#include <libgnome/gnome-i18n.h> - -#include <time.h> -#include <fcntl.h> -#include <unistd.h> - -#include "e-util/e-passwords.h" -#include "e-pkcs12.h" - -#include "prmem.h" -#include "nss.h" -#include "pkcs12.h" -#include "p12plcy.h" -#include "pk11func.h" -#include "secerr.h" - -struct _EPKCS12Private { - int tmp_fd; - char *tmp_path; -}; - -#define PARENT_TYPE G_TYPE_OBJECT -static GObjectClass *parent_class; - -// static callback functions for the NSS PKCS#12 library -static SECItem * PR_CALLBACK nickname_collision(SECItem *, PRBool *, void *); -static void PR_CALLBACK write_export_file(void *arg, const char *buf, unsigned long len); - -static gboolean handle_error(int myerr); - -#define PKCS12_TMPFILENAME ".p12tmp" -#define PKCS12_BUFFER_SIZE 2048 -#define PKCS12_RESTORE_OK 1 -#define PKCS12_BACKUP_OK 2 -#define PKCS12_USER_CANCELED 3 -#define PKCS12_NOSMARTCARD_EXPORT 4 -#define PKCS12_RESTORE_FAILED 5 -#define PKCS12_BACKUP_FAILED 6 -#define PKCS12_NSS_ERROR 7 - -static void -e_pkcs12_dispose (GObject *object) -{ - EPKCS12 *pk = E_PKCS12 (object); - - if (!pk->priv) - return; - - /* XXX free instance private foo */ - - g_free (pk->priv); - pk->priv = NULL; - - if (G_OBJECT_CLASS (parent_class)->dispose) - G_OBJECT_CLASS (parent_class)->dispose (object); -} - -static void -e_pkcs12_class_init (EPKCS12Class *klass) -{ - GObjectClass *object_class; - - object_class = G_OBJECT_CLASS(klass); - - parent_class = g_type_class_ref (PARENT_TYPE); - - object_class->dispose = e_pkcs12_dispose; -} - -static void -e_pkcs12_init (EPKCS12 *ec) -{ - ec->priv = g_new0 (EPKCS12Private, 1); -} - -GType -e_pkcs12_get_type (void) -{ - static GType pkcs12_type = 0; - - if (!pkcs12_type) { - static const GTypeInfo pkcs12_info = { - sizeof (EPKCS12Class), - NULL, /* base_init */ - NULL, /* base_finalize */ - (GClassInitFunc) e_pkcs12_class_init, - NULL, /* class_finalize */ - NULL, /* class_data */ - sizeof (EPKCS12), - 0, /* n_preallocs */ - (GInstanceInitFunc) e_pkcs12_init, - }; - - pkcs12_type = g_type_register_static (PARENT_TYPE, "EPKCS12", &pkcs12_info, 0); - } - - return pkcs12_type; -} - - - -EPKCS12* -e_pkcs12_new (void) -{ - EPKCS12 *pk = E_PKCS12 (g_object_new (E_TYPE_PKCS12, NULL)); - - return pk; -} - -static gboolean -input_to_decoder (SEC_PKCS12DecoderContext *dcx, const char *path, GError **error) -{ - /* nsNSSShutDownPreventionLock locker; */ - SECStatus srv; - int amount; - char buf[PKCS12_BUFFER_SIZE]; - FILE *fp; - - /* open path */ - fp = fopen (path, "r"); - if (!fp) { - /* XXX gerror */ - printf ("couldn't open `%s'\n", path); - return FALSE; - } - - while (TRUE) { - amount = fread (buf, 1, sizeof (buf), fp); - if (amount < 0) { - printf ("got -1 fread\n"); - fclose (fp); - return FALSE; - } - /* feed the file data into the decoder */ - srv = SEC_PKCS12DecoderUpdate(dcx, - (unsigned char*) buf, - amount); - if (srv) { - /* don't allow the close call to overwrite our precious error code */ - /* XXX g_error */ - int pr_err = PORT_GetError(); - PORT_SetError(pr_err); - printf ("SEC_PKCS12DecoderUpdate returned %d\n", srv); - fclose (fp); - return FALSE; - } - if (amount < PKCS12_BUFFER_SIZE) - break; - } - fclose (fp); - return TRUE; -} - -static gboolean -prompt_for_password (char *title, char *prompt, SECItem *pwd) -{ - char *passwd; - - passwd = e_passwords_ask_password (title, NULL, NULL, prompt, TRUE, - E_PASSWORDS_DO_NOT_REMEMBER, NULL, - NULL); - - if (passwd) { - SECITEM_AllocItem(NULL, pwd, PL_strlen (passwd)); - memcpy (pwd->data, passwd, strlen (passwd)); - g_free (passwd); - } - - return TRUE; -} - -static gboolean -import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry, GError **error) -{ - /*nsNSSShutDownPreventionLock locker; */ - gboolean rv = TRUE; - SECStatus srv = SECSuccess; - SEC_PKCS12DecoderContext *dcx = NULL; - SECItem passwd; - GError *err = NULL; - PK11SlotInfo *slot = PK11_GetInternalKeySlot (); /* XXX toshok - we - hardcode this - here */ - *aWantRetry = FALSE; - - - passwd.data = NULL; - rv = prompt_for_password (_("PKCS12 File Password"), _("Enter password for PKCS12 file:"), &passwd); - if (!rv) goto finish; - if (passwd.data == NULL) { - handle_error (PKCS12_USER_CANCELED); - return TRUE; - } - -#if notyet - /* XXX we don't need this block as long as we hardcode the - slot above */ - nsXPIDLString tokenName; - nsXPIDLCString tokenNameCString; - const char *tokNameRef; - - - mToken->GetTokenName (getter_Copies(tokenName)); - tokenNameCString.Adopt (ToNewUTF8String(tokenName)); - tokNameRef = tokenNameCString; /* I do this here so that the - NS_CONST_CAST below doesn't - break the build on Win32 */ - - slot = PK11_FindSlotByName (NS_CONST_CAST(char*,tokNameRef)); - if (!slot) { - srv = SECFailure; - goto finish; - } -#endif - - /* initialize the decoder */ - dcx = SEC_PKCS12DecoderStart (&passwd, slot, NULL, - NULL, NULL, - NULL, NULL, - pkcs12); - if (!dcx) { - srv = SECFailure; - goto finish; - } - /* read input file and feed it to the decoder */ - rv = input_to_decoder (dcx, path, &err); - if (!rv) { -#if notyet - /* XXX we need this to check the gerror */ - if (NS_ERROR_ABORT == rv) { - // inputToDecoder indicated a NSS error - srv = SECFailure; - } -#endif - goto finish; - } - - /* verify the blob */ - srv = SEC_PKCS12DecoderVerify (dcx); - if (srv) { printf ("decoderverify failed\n"); goto finish; } - /* validate bags */ - srv = SEC_PKCS12DecoderValidateBags (dcx, nickname_collision); - if (srv) { printf ("decodervalidatebags failed\n"); goto finish; } - /* import cert and key */ - srv = SEC_PKCS12DecoderImportBags (dcx); - if (srv) { printf ("decoderimportbags failed\n"); goto finish; } - /* Later - check to see if this should become default email cert */ - handle_error (PKCS12_RESTORE_OK); - finish: - /* If srv != SECSuccess, NSS probably set a specific error code. - We should use that error code instead of inventing a new one - for every error possible. */ - if (srv != SECSuccess) { - printf ("srv != SECSuccess\n"); - if (SEC_ERROR_BAD_PASSWORD == PORT_GetError()) { - printf ("BAD PASSWORD\n"); - *aWantRetry = TRUE; - } - handle_error(PKCS12_NSS_ERROR); - } else if (!rv) { - handle_error(PKCS12_RESTORE_FAILED); - } - if (slot) - PK11_FreeSlot(slot); - // finish the decoder - if (dcx) - SEC_PKCS12DecoderFinish(dcx); - return TRUE; -} - -gboolean -e_pkcs12_import_from_file (EPKCS12 *pkcs12, const char *path, GError **error) -{ - /*nsNSSShutDownPreventionLock locker;*/ - gboolean rv = TRUE; - gboolean wantRetry; - - -#if 0 - /* XXX we don't use tokens yet */ - if (!mToken) { - if (!mTokenSet) { - rv = SetToken(NULL); // Ask the user to pick a slot - if (NS_FAILED(rv)) { - handle_error(PKCS12_USER_CANCELED); - return rv; - } - } - } - - if (!mToken) { - handle_error(PKCS12_RESTORE_FAILED); - return NS_ERROR_NOT_AVAILABLE; - } - - /* init slot */ - rv = mToken->Login(PR_TRUE); - if (NS_FAILED(rv)) return rv; -#endif - - do { - rv = import_from_file_helper (pkcs12, path, &wantRetry, error); - } while (rv && wantRetry); - - return rv; -} - -gboolean -e_pkcs12_export_to_file (EPKCS12 *pkcs12, const char *path, GList *certs, GError **error) -{ -} - -/* what to do when the nickname collides with one already in the db. - TODO: not handled, throw a dialog allowing the nick to be changed? */ -static SECItem * PR_CALLBACK -nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx) -{ - /* nsNSSShutDownPreventionLock locker; */ - int count = 1; - char *nickname = NULL; - char *default_nickname = _("Imported Certificate"); - SECItem *new_nick; - - *cancel = PR_FALSE; - printf ("nickname_collision\n"); - - /* The user is trying to import a PKCS#12 file that doesn't have the - attribute we use to set the nickname. So in order to reduce the - number of interactions we require with the user, we'll build a nickname - for the user. The nickname isn't prominently displayed in the UI, - so it's OK if we generate one on our own here. - XXX If the NSS API were smarter and actually passed a pointer to - the CERTCertificate* we're importing we could actually just - call default_nickname (which is what the issuance code path - does) and come up with a reasonable nickname. Alas, the NSS - API limits our ability to produce a useful nickname without - bugging the user. :( - */ - while (1) { - CERTCertificate *cert; - - /* If we've gotten this far, that means there isn't a certificate - in the database that has the same subject name as the cert we're - trying to import. So we need to come up with a "nickname" to - satisfy the NSS requirement or fail in trying to import. - Basically we use a default nickname from a properties file and - see if a certificate exists with that nickname. If there isn't, then - create update the count by one and append the string '#1' Or - whatever the count currently is, and look for a cert with - that nickname. Keep updating the count until we find a nickname - without a corresponding cert. - XXX If a user imports *many* certs without the 'friendly name' - attribute, then this may take a long time. :( - */ - if (count > 1) { - g_free (nickname); - nickname = g_strdup_printf ("%s #%d", default_nickname, count); - } else { - g_free (nickname); - nickname = g_strdup (default_nickname); - } - cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), - nickname); - if (!cert) { - break; - } - CERT_DestroyCertificate(cert); - count++; - } - - new_nick = PR_Malloc (sizeof (SECItem)); - new_nick->type = siAsciiString; - new_nick->data = nickname; - new_nick->len = strlen((char*)new_nick->data); - return new_nick; -} - -/* write bytes to the exported PKCS#12 file */ -static void PR_CALLBACK -write_export_file(void *arg, const char *buf, unsigned long len) -{ - EPKCS12 *pkcs12 = E_PKCS12 (arg); - EPKCS12Private *priv = pkcs12->priv; - - printf ("write_export_file\n"); - - write (priv->tmp_fd, buf, len); -} - -static gboolean -handle_error(int myerr) -{ - printf ("handle_error (%d)\n", myerr); -} diff --git a/smime/lib/e-pkcs12.h b/smime/lib/e-pkcs12.h deleted file mode 100644 index e6616aa85c..0000000000 --- a/smime/lib/e-pkcs12.h +++ /dev/null @@ -1,71 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok <toshok@ximian.com> - * - * Copyright (C) 2003 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _E_PKCS12_H_ -#define _E_PKCS12_H_ - -#include <glib-object.h> - -#define E_TYPE_PKCS12 (e_pkcs12_get_type ()) -#define E_PKCS12(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_PKCS12, EPKCS12)) -#define E_PKCS12_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_PKCS12, EPKCS12Class)) -#define E_IS_PKCS12(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_PKCS12)) -#define E_IS_PKCS12_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_PKCS12)) -#define E_PKCS12_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_PKCS12, EPKCS12Class)) - -typedef struct _EPKCS12 EPKCS12; -typedef struct _EPKCS12Class EPKCS12Class; -typedef struct _EPKCS12Private EPKCS12Private; - -struct _EPKCS12 { - GObject parent; - - EPKCS12Private *priv; -}; - -struct _EPKCS12Class { - GObjectClass parent_class; - - /* Padding for future expansion */ - void (*_epkcs12_reserved0) (void); - void (*_epkcs12_reserved1) (void); - void (*_epkcs12_reserved2) (void); - void (*_epkcs12_reserved3) (void); - void (*_epkcs12_reserved4) (void); -}; - -GType e_pkcs12_get_type (void); - -EPKCS12* e_pkcs12_new (void); - - -#if 0 -/* XXX we're not going to support additional slots in the initial ssl - stuff, so we just always default to the internal token (and thus - don't need this function yet. */ -gboolean e_pkcs12_set_token (void); -#endif - -gboolean e_pkcs12_import_from_file (EPKCS12 *pkcs12, const char *path, GError **error); -gboolean e_pkcs12_export_to_file (EPKCS12 *pkcs12, const char *path, GList *certs, GError **error); - -#endif /* _E_CERT_H_ */ |