From 56f2d7b21f78ef90bd59bc2b88e312a8480a5b4c Mon Sep 17 00:00:00 2001 From: nobody Date: Tue, 9 Dec 2003 01:57:09 +0000 Subject: This commit was manufactured by cvs2svn to create tag 'GEDIT_2_5_92'. svn path=/tags/GEDIT_2_5_92/; revision=23726 --- smime/.cvsignore | 2 - smime/ChangeLog | 263 ----- smime/Makefile.am | 1 - smime/gui/.cvsignore | 3 - smime/gui/Makefile.am | 35 - smime/gui/certificate-manager.c | 745 -------------- smime/gui/certificate-manager.h | 30 - smime/gui/certificate-viewer.c | 298 ------ smime/gui/certificate-viewer.h | 31 - smime/gui/e-cert-selector.c | 247 ----- smime/gui/e-cert-selector.h | 67 -- smime/gui/smime-ui.glade | 2100 --------------------------------------- smime/lib/.cvsignore | 3 - smime/lib/Makefile.am | 28 - smime/lib/e-asn1-object.c | 393 -------- smime/lib/e-asn1-object.h | 105 -- smime/lib/e-cert-db.c | 1077 -------------------- smime/lib/e-cert-db.h | 128 --- smime/lib/e-cert-trust.c | 418 -------- smime/lib/e-cert-trust.h | 86 -- smime/lib/e-cert.c | 1227 ----------------------- smime/lib/e-cert.h | 103 -- smime/lib/e-pkcs12.c | 452 --------- smime/lib/e-pkcs12.h | 71 -- smime/tests/.cvsignore | 3 - smime/tests/Makefile.am | 17 - smime/tests/import-cert.c | 38 - 27 files changed, 7971 deletions(-) delete mode 100644 smime/.cvsignore delete mode 100644 smime/ChangeLog delete mode 100644 smime/Makefile.am delete mode 100644 smime/gui/.cvsignore delete mode 100644 smime/gui/Makefile.am delete mode 100644 smime/gui/certificate-manager.c delete mode 100644 smime/gui/certificate-manager.h delete mode 100644 smime/gui/certificate-viewer.c delete mode 100644 smime/gui/certificate-viewer.h delete mode 100644 smime/gui/e-cert-selector.c delete mode 100644 smime/gui/e-cert-selector.h delete mode 100644 smime/gui/smime-ui.glade delete mode 100644 smime/lib/.cvsignore delete mode 100644 smime/lib/Makefile.am delete mode 100644 smime/lib/e-asn1-object.c delete mode 100644 smime/lib/e-asn1-object.h delete mode 100644 smime/lib/e-cert-db.c delete mode 100644 smime/lib/e-cert-db.h delete mode 100644 smime/lib/e-cert-trust.c delete mode 100644 smime/lib/e-cert-trust.h delete mode 100644 smime/lib/e-cert.c delete mode 100644 smime/lib/e-cert.h delete mode 100644 smime/lib/e-pkcs12.c delete mode 100644 smime/lib/e-pkcs12.h delete mode 100644 smime/tests/.cvsignore delete mode 100644 smime/tests/Makefile.am delete mode 100644 smime/tests/import-cert.c (limited to 'smime') diff --git a/smime/.cvsignore b/smime/.cvsignore deleted file mode 100644 index 282522db03..0000000000 --- a/smime/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -Makefile -Makefile.in diff --git a/smime/ChangeLog b/smime/ChangeLog deleted file mode 100644 index a389558c4a..0000000000 --- a/smime/ChangeLog +++ /dev/null @@ -1,263 +0,0 @@ -2003-12-05 JP Rosevear - - * lib/e-cert.c: fix for C89 - -2003-12-04 Chris Toshok - - * gui/certificate-viewer.c (certificate_viewer_show): set the - window title based on e_cert_get_window_title. - - * lib/e-cert.c (e_cert_get_window_title): new function, for use - with the certificate viewer. - (create_asn1_struct): call e_cert_get_window_title. - -2003-12-04 Chris Toshok - - * lib/e-cert.h: add prototype for e_cert_get_asn1_struct. - - * lib/e-cert.c (e_cert_dispose): unref the asn1 object. - (get_int_value): copy and massage from mozilla source. - (process_version): same. - (process_serial_number_der): same. - (get_default_oid_format): same. - (get_oid_text): same. - (process_raw_bytes): same. - (process_sec_algorithm_id): same. - (process_subject_public_key_info): same. - (process_ns_cert_type_extensions): same. - (process_key_usage_extensions): same. - (process_extension_data): same. - (process_single_extension): same. - (process_extensions): same. - (process_name): same. - (create_tbs_certificate_asn1_struct): same. - (create_asn1_struct): same. - (e_cert_get_asn1_struct): new function. - - * lib/e-asn1-object.c (e_asn1_object_dispose): free the display - name, value, and children. - (e_asn1_object_init): assume it's a valid container unless we hear - otherwise. - (e_asn1_object_new_from_cert): nuke. - (e_asn1_object_set_valid_container): implement. - (e_asn1_object_append_child): same. - (e_asn1_object_set_display_name): same. - (e_asn1_object_set_display_value): same. - - * lib/e-asn1-object.h: add prototypes for - e_asn1_object_set_valid_container, e_asn1_object_set_display_name, - e_asn1_object_set_display_value, and e_asn1_object_append_child. - - * gui/certificate-viewer.c (populate_fields_tree): populate the - tree from the asn structure. - (hierarchy_selection_changed): blow away the old fields_tree - content and populate it again. - (fields_selection_changed): implement, set the text view's - contents to the asn1 object's display_value. - (fill_in_details): expand all nodes in the hierarchy tree. - -2003-12-03 Chris Toshok - - * lib/Makefile.am (libessmime_la_SOURCES): add e-asn1-object.[ch] - - * gui/smime-ui.glade: rename the ca trust dialog, and give it a - proper id. - - * gui/certificate-manager.c (yourcerts_selection_changed): just - use @selection. - (contactcerts_selection_changed): same. - (authoritycerts_selection_changed): same. - - * gui/certificate-viewer.c (free_data): free the cert chain. - (fill_in_general): move all the general tab stuff here. - (hierarchy_selection_changed): new function. not finished. - (fields_selection_changed): new function, unimplemented. - (fill_in_details): new function, fill in the heirarchy and hook up - signals and stuff. - (certificate_viewer_show): call fill_in_general/fill_in_details. - - * lib/e-cert.c (e_cert_get_chain): new function. - - * lib/e-cert.h: add prototype for e_cert_get_chain. - -2003-12-03 Chris Toshok - - * lib/e-cert-db.c (e_cert_db_class_init): grovel around at startup - time for mozilla's pkcs11 module so we can get the same default - set of root certs. - -2003-11-30 Larry Ewing - - * lib/e-pkcs12.c (nickname_collision): make sure declarations - precede logic for older compilers. - - * gui/Makefile.am (INCLUDES): don't define GTK_DISABLE_DEPRECATED - it breakes on gtk-2.3 with gtk_option_menu_get_history. - -2003-11-26 Chris Toshok - - * gui/certificate-viewer.[ch]: mostly implement a viewer for - certificates. - - * gui/smime-ui.glade: fingerprints-sh1 -> fingerprints-sha1. - - * gui/certificate-manager.c (import_your): new function, use - e-pkcs12 to implement it. - (initialize_yourcerts_ui): hook up the import button. - (view_contact): new function, bring up the certificate viewer. - (initialize_contactcerts_ui): hook up the view button. - (view_ca): new function, bring up the certificate viewer. - (initialize_authoritycerts_ui): hook up the view button. - - * gui/Makefile.am (libevolution_smime_la_SOURCES): add - certificate-viewer.[ch] - - * lib/e-cert.c (e_cert_dispose): free all the new cached foo. - (e_cert_populate): populate all the new cached foo. - (e_cert_get_issuer_cn): new function. - (e_cert_get_issuer_org): same. - (e_cert_get_issuer_org_unit): same. - (e_cert_get_issued_on_time): same. - (e_cert_get_issued_on): same. - (e_cert_get_expires_on_time): same. - (e_cert_get_expires_on): same. - (e_cert_get_serial_number): same. - (e_cert_get_sha1_fingerprint): same. - (e_cert_get_md5_fingerprint): same. - - * lib/e-cert.h: add prototypes for lots more accessors. - - * lib/e-cert-db.c (e_cert_db_find_cert_by_key): fix typo. - (e_cert_db_find_cert_by_email_address): call - CERT_DestroyCertificate to free the cert. - (default_nickname): new function. - (e_cert_db_import_user_cert): implement. - (e_cert_db_import_server_cert): add blurb. - - * lib/e-pkcs12.[ch]: new files. - - * lib/Makefile.am (libessmime_la_SOURCES): add e-pkcs12.[ch] - -2003-11-12 Not Zed - - * gui/smime-ui.glade: added cert_selector widget to be placed - inside a dialog. - - * gui/e-cert-selector.[ch]: new class to allow user to select a - certificate for signing or encrypting. - -2003-11-12 Chris Toshok - - * lib/e-cert.c (e_cert_get_cert_type): implement using the - e-cert-trust foo. - (e_cert_get_email): implement. - - * lib/e-cert.h: add UNKNOWN cert type. - - * gui/smime-ui.glade: fix capitalization of "Import" on the - contact certificate page. - - * gui/certificate-manager.c (import_contact): new function. - implement email cert importing. - (delete_contact): new function. - (unload_certs): implement for E_CERT_CONTACT. - (certificate_manager_config_control_new): get the contact cert - action buttons from libglade. - - * lib/e-cert-db.c (handle_ca_cert_download): mostly implement the - trust settings correctly. this still needs work pending the CA - trust dialog's completion. - (e_cert_db_delete_cert): fix the ifdef'ed code. - (e_cert_db_import_user_cert): remove the ifdef'ed body of this, - since it was copied from the CA code. - - * lib/Makefile.am (libessmime_la_SOURCES): add e-cert-trust.[ch] - - * lib/e-cert-trust.[ch]: new files, basically c&p nsNSSCertTrust - from mozilla's PSM. - -2003-11-11 Chris Toshok - - * tests/import-cert.c (main): don't init NSS here. it's done in - e_cert_db_peek. - - * lib/Makefile.am (libessmime_la_SOURCES): add e-cert-db.[ch] - - * gui/smime-ui.glade: set the initial sensitivity of the buttons - here, and add the beginnings of the CA import dialog (where you - assign trust levels to it.) - - * gui/certificate-manager.c (handle_selection_changed): - sensitize/desensitize all the various buttons correctly when the - GtkTreeView's selection changes. - (yourcerts_selection_changed): new, selection change handler for - the Your Certs tab. - (initialize_yourcerts_ui): hook up the tree selection, and add a - model column for the ECert. - (contactcerts_selection_changed): new, selection change handler - for the Contact Certs tab. - (initialize_contactcerts_ui): hook up the tree selection, and add - a model column for the ECert. - (import_ca): new function. - (delete_ca): new function. - (authoritycerts_selection_changed): new, selection change handler - for the Authority Certs tab. - (create_authoritycerts_treemodel): new function for creating the - authority cert tree model. the other tabs will eventually use a - separate function for this too, as unload_certs gets fleshed out. - (initialize_authoritycerts_ui): hook up the tree selection, and - add import/delete buttons. - (destroy_key): dtor for the keys in our hashes. - (destroy_value): dtor for the values in our hashes. - (unload_certs): new function. basically destroy/recreate the - model and hash for the particular cert type/tab. - (load_certs): use e_cert_get_cert_type. - (populate_ui): use unload_certs as well as load_certs. - (certificate_manager_config_control_new): call e_cert_db_peek - ,which will initialize all of NSS. hook up all the widgets from - libglade. - - * lib/e-cert.h: add prototypes for all the new methods, and add - the ECertType enum. - - * lib/e-cert.c (e_cert_dispose): handle deletion from the DB here. - (e_cert_new_from_der): new function. - (e_cert_get_internal_cert): new function. - (e_cert_get_raw_der): new function. - (e_cert_get_issuer_name): new - (e_cert_get_subject_name): new - (e_cert_mark_for_deletion): new - (e_cert_get_cert_type): new. - (e_cert_is_ca_cert): nuke. - - * lib/e-cert-db.[ch]: new, partly implemented, derived from - mozilla's nsNSSCertificateDB code. - -2003-10-30 Chris Toshok - - * gui/certificate-manager.h: add boilerplate. - - * gui/certificate-manager.c - (certificate_manager_config_control_new): return NULL if the - NSS_InitReadWrite fails - we should probably give better status - though, or return a GtkLabel with an error message.... - - * gui/Makefile.am (INCLUDES): use CERT_UI_CFLAGS. - (TEST_LIBS): use CERT_UI_LIBS. - -2003-10-30 Chris Toshok - - * tests/Makefile.am (INCLUDES): use CERT_UI_CFLAGS. - (TEST_LIBS): use CERT_UI_LIBS. - -2003-10-28 Chris Toshok - - * gui/Makefile.am (libevolution_smime_la_SOURCES): add - certificate-manager.h - -2003-10-23 Chris Toshok - - * lib/e-cert.[ch], lib/Makefile.am, gui/certificate-manager.[ch], - gui/Makefile.am, gui/smime-ui.glade, Makefile.am: initial addition - of s/mime foo. - diff --git a/smime/Makefile.am b/smime/Makefile.am deleted file mode 100644 index 1d3390b381..0000000000 --- a/smime/Makefile.am +++ /dev/null @@ -1 +0,0 @@ -SUBDIRS= lib gui \ No newline at end of file diff --git a/smime/gui/.cvsignore b/smime/gui/.cvsignore deleted file mode 100644 index 61a0c160f1..0000000000 --- a/smime/gui/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -Makefile -Makefile.in -smime-ui.gladep diff --git a/smime/gui/Makefile.am b/smime/gui/Makefile.am deleted file mode 100644 index a15fdade86..0000000000 --- a/smime/gui/Makefile.am +++ /dev/null @@ -1,35 +0,0 @@ -INCLUDES = \ - -DG_LOG_DOMAIN=\"evolution-smime\" \ - -I$(top_srcdir) \ - -I$(top_srcdir)/smime/lib \ - -I$(top_srcdir)/shell \ - -I$(top_builddir) \ - -DEVOLUTION_DATADIR=\""$(datadir)"\" \ - -DEVOLUTION_GLADEDIR=\""$(gladedir)"\" \ - -DEVOLUTION_ETSPECDIR=\""$(etspecdir)"\" \ - -DEVOLUTION_IMAGESDIR=\""$(imagesdir)"\" \ - -DEVOLUTION_LOCALEDIR=\""$(localedir)"\" \ - -DEVOLUTION_UIDIR=\""$(evolutionuidir)"\" \ - -DPREFIX=\""$(prefix)"\" \ - $(EVOLUTION_ADDRESSBOOK_CFLAGS) \ - $(CERT_UI_CFLAGS) - -noinst_LTLIBRARIES = libevolution-smime.la - -libevolution_smime_la_SOURCES = \ - certificate-manager.c \ - certificate-manager.h \ - certificate-viewer.c \ - certificate-viewer.h \ - e-cert-selector.c \ - e-cert-selector.h - -libevolution_smime_la_LIBADD = \ - $(top_builddir)/smime/lib/libessmime.la \ - $(CERT_UI_LIBS) - - -glade_DATA = smime-ui.glade - -EXTRA_DIST = \ - $(glade_DATA) diff --git a/smime/gui/certificate-manager.c b/smime/gui/certificate-manager.c deleted file mode 100644 index d2ae5e4fea..0000000000 --- a/smime/gui/certificate-manager.c +++ /dev/null @@ -1,745 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok - * - * Copyright (C) 2003 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#define GLADE_FILE_NAME "smime-ui.glade" - -#include - -#include - -#include -#include "evolution-config-control.h" -#include "certificate-manager.h" -#include "certificate-viewer.h" - -#include "e-cert.h" -#include "e-cert-db.h" -#include "e-pkcs12.h" - -#include "nss.h" -#include -#include -#include -#include -#include - -typedef struct { - GladeXML *gui; - - GtkWidget *yourcerts_treeview; - GtkTreeStore *yourcerts_treemodel; - GHashTable *yourcerts_root_hash; - GtkWidget *view_your_button; - GtkWidget *backup_your_button; - GtkWidget *backup_all_your_button; - GtkWidget *import_your_button; - GtkWidget *delete_your_button; - - GtkWidget *contactcerts_treeview; - GtkTreeStore *contactcerts_treemodel; - GHashTable *contactcerts_root_hash; - GtkWidget *view_contact_button; - GtkWidget *edit_contact_button; - GtkWidget *import_contact_button; - GtkWidget *delete_contact_button; - - GtkWidget *authoritycerts_treeview; - GtkTreeStore *authoritycerts_treemodel; - GHashTable *authoritycerts_root_hash; - GtkWidget *view_ca_button; - GtkWidget *edit_ca_button; - GtkWidget *import_ca_button; - GtkWidget *delete_ca_button; - -} CertificateManagerData; - -typedef void (*AddCertCb)(CertificateManagerData *cfm, ECert *cert); - -static void unload_certs (CertificateManagerData *cfm, ECertType type); -static void load_certs (CertificateManagerData *cfm, ECertType type, AddCertCb add_cert); - -static void add_user_cert (CertificateManagerData *cfm, ECert *cert); -static void add_contact_cert (CertificateManagerData *cfm, ECert *cert); -static void add_ca_cert (CertificateManagerData *cfm, ECert *cert); - -static void -handle_selection_changed (GtkTreeSelection *selection, - int cert_column, - GtkWidget *view_button, - GtkWidget *edit_button, - GtkWidget *delete_button) -{ - GtkTreeIter iter; - gboolean cert_selected = FALSE; - GtkTreeModel *model; - - if (gtk_tree_selection_get_selected (selection, - &model, - &iter)) { - ECert *cert; - - gtk_tree_model_get (model, - &iter, - cert_column, &cert, - -1); - - if (cert) { - cert_selected = TRUE; - g_object_unref (cert); - } - } - - if (delete_button) - gtk_widget_set_sensitive (delete_button, cert_selected); - if (edit_button) - gtk_widget_set_sensitive (edit_button, cert_selected); - if (view_button) - gtk_widget_set_sensitive (view_button, cert_selected); -} - -static void -import_your (GtkWidget *widget, CertificateManagerData *cfm) -{ - GtkWidget *filesel = gtk_file_selection_new (_("Select a cert to import...")); - - if (GTK_RESPONSE_OK == gtk_dialog_run (GTK_DIALOG (filesel))) { - const char *filename = gtk_file_selection_get_filename (GTK_FILE_SELECTION (filesel)); - EPKCS12 *pkcs12 = e_pkcs12_new (); - - if (e_pkcs12_import_from_file (pkcs12, filename, NULL /* XXX */)) { - /* there's no telling how many certificates were added during the import, - so we blow away the contact cert display and regenerate it. */ - unload_certs (cfm, E_CERT_USER); - load_certs (cfm, E_CERT_USER, add_user_cert); - } - } - - gtk_widget_destroy (filesel); -} - -static void -yourcerts_selection_changed (GtkTreeSelection *selection, CertificateManagerData *cfm) -{ - handle_selection_changed (selection, - 4, - cfm->view_your_button, - cfm->backup_your_button, /* yes yes, not really "edit", it's a hack :) */ - cfm->delete_your_button); -} - -static void -initialize_yourcerts_ui (CertificateManagerData *cfm) -{ - GtkCellRenderer *cell = gtk_cell_renderer_text_new (); - GtkTreeSelection *selection; - - gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->yourcerts_treeview), - gtk_tree_view_column_new_with_attributes (_("Certificate Name"), - cell, - "text", 0, - NULL)); - - gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->yourcerts_treeview), - gtk_tree_view_column_new_with_attributes (_("Purposes"), - cell, - "text", 1, - NULL)); - - gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->yourcerts_treeview), - gtk_tree_view_column_new_with_attributes (_("Serial Number"), - cell, - "text", 2, - NULL)); - - gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->yourcerts_treeview), - gtk_tree_view_column_new_with_attributes (_("Expires"), - cell, - "text", 3, - NULL)); - - cfm->yourcerts_treemodel = gtk_tree_store_new (5, - G_TYPE_STRING, - G_TYPE_STRING, - G_TYPE_STRING, - G_TYPE_STRING, - G_TYPE_OBJECT); - - gtk_tree_view_set_model (GTK_TREE_VIEW (cfm->yourcerts_treeview), - GTK_TREE_MODEL (cfm->yourcerts_treemodel)); - - cfm->yourcerts_root_hash = g_hash_table_new (g_str_hash, g_str_equal); - - selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (cfm->yourcerts_treeview)); - g_signal_connect (selection, "changed", G_CALLBACK (yourcerts_selection_changed), cfm); - - if (cfm->import_your_button) { - g_signal_connect (cfm->import_your_button, "clicked", G_CALLBACK (import_your), cfm); - } - - if (cfm->delete_your_button) { - /* g_signal_connect */ - } - - if (cfm->view_your_button) { - /* g_signal_connect */ - } - - if (cfm->backup_your_button) { - /* g_signal_connect */ - } - - if (cfm->backup_all_your_button) { - /* g_signal_connect */ - } -} - -static void -view_contact (GtkWidget *widget, CertificateManagerData *cfm) -{ - GtkTreeIter iter; - - if (gtk_tree_selection_get_selected (gtk_tree_view_get_selection (GTK_TREE_VIEW(cfm->contactcerts_treeview)), - NULL, - &iter)) { - ECert *cert; - - gtk_tree_model_get (GTK_TREE_MODEL (cfm->contactcerts_treemodel), - &iter, - 3, &cert, - -1); - - if (cert) - certificate_viewer_show (cert); - } -} - -static void -import_contact (GtkWidget *widget, CertificateManagerData *cfm) -{ - GtkWidget *filesel = gtk_file_selection_new (_("Select a cert to import...")); - - if (GTK_RESPONSE_OK == gtk_dialog_run (GTK_DIALOG (filesel))) { - const char *filename = gtk_file_selection_get_filename (GTK_FILE_SELECTION (filesel)); - - if (e_cert_db_import_certs_from_file (e_cert_db_peek (), - filename, - E_CERT_CONTACT, - NULL)) { - - /* there's no telling how many certificates were added during the import, - so we blow away the contact cert display and regenerate it. */ - unload_certs (cfm, E_CERT_CONTACT); - load_certs (cfm, E_CERT_CONTACT, add_contact_cert); - } - } - - gtk_widget_destroy (filesel); -} - -static void -delete_contact (GtkWidget *widget, CertificateManagerData *cfm) -{ - GtkTreeIter iter; - - if (gtk_tree_selection_get_selected (gtk_tree_view_get_selection (GTK_TREE_VIEW(cfm->contactcerts_treeview)), - NULL, - &iter)) { - ECert *cert; - - gtk_tree_model_get (GTK_TREE_MODEL (cfm->contactcerts_treemodel), - &iter, - 3, &cert, - -1); - - if (cert) { - printf ("DELETE\n"); - e_cert_db_delete_cert (e_cert_db_peek (), cert); - gtk_tree_store_remove (cfm->contactcerts_treemodel, - &iter); - - /* we need two unrefs here, one to unref the - gtk_tree_model_get above, and one to unref - the initial ref when we created the cert - and added it to the tree */ - g_object_unref (cert); - g_object_unref (cert); - } - } - -} - -static void -contactcerts_selection_changed (GtkTreeSelection *selection, CertificateManagerData *cfm) -{ - handle_selection_changed (selection, - 3, - cfm->view_contact_button, - cfm->edit_contact_button, - cfm->delete_contact_button); -} - -static GtkTreeStore* -create_contactcerts_treemodel (void) -{ - return gtk_tree_store_new (4, - G_TYPE_STRING, - G_TYPE_STRING, - G_TYPE_STRING, - G_TYPE_OBJECT); -} - -static void -initialize_contactcerts_ui (CertificateManagerData *cfm) -{ - GtkCellRenderer *cell = gtk_cell_renderer_text_new (); - GtkTreeSelection *selection; - - gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->contactcerts_treeview), - gtk_tree_view_column_new_with_attributes (_("Certificate Name"), - cell, - "text", 0, - NULL)); - - gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->contactcerts_treeview), - gtk_tree_view_column_new_with_attributes (_("E-Mail Address"), - cell, - "text", 1, - NULL)); - - gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->contactcerts_treeview), - gtk_tree_view_column_new_with_attributes (_("Purposes"), - cell, - "text", 2, - NULL)); - - gtk_tree_view_set_model (GTK_TREE_VIEW (cfm->contactcerts_treeview), - GTK_TREE_MODEL (cfm->contactcerts_treemodel)); - - cfm->contactcerts_root_hash = g_hash_table_new (g_str_hash, g_str_equal); - - selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (cfm->contactcerts_treeview)); - g_signal_connect (selection, "changed", G_CALLBACK (contactcerts_selection_changed), cfm); - - if (cfm->view_contact_button) - g_signal_connect (cfm->view_contact_button, "clicked", G_CALLBACK (view_contact), cfm); - - if (cfm->import_contact_button) - g_signal_connect (cfm->import_contact_button, "clicked", G_CALLBACK (import_contact), cfm); - - if (cfm->delete_contact_button) - g_signal_connect (cfm->delete_contact_button, "clicked", G_CALLBACK (delete_contact), cfm); - -} - -static gint -iter_string_compare (GtkTreeModel *model, - GtkTreeIter *a, - GtkTreeIter *b, - gpointer user_data) -{ - char *string1, *string2; - - gtk_tree_model_get (model, a, - 0, &string1, - -1); - - gtk_tree_model_get (model, b, - 0, &string2, - -1); - - return g_utf8_collate (string1, string2); -} - -static void -view_ca (GtkWidget *widget, CertificateManagerData *cfm) -{ - GtkTreeIter iter; - - if (gtk_tree_selection_get_selected (gtk_tree_view_get_selection (GTK_TREE_VIEW(cfm->authoritycerts_treeview)), - NULL, - &iter)) { - ECert *cert; - - gtk_tree_model_get (GTK_TREE_MODEL (cfm->authoritycerts_treemodel), - &iter, - 1, &cert, - -1); - - if (cert) - certificate_viewer_show (cert); - } -} - -static void -import_ca (GtkWidget *widget, CertificateManagerData *cfm) -{ - GtkWidget *filesel = gtk_file_selection_new (_("Select a cert to import...")); - - if (GTK_RESPONSE_OK == gtk_dialog_run (GTK_DIALOG (filesel))) { - const char *filename = gtk_file_selection_get_filename (GTK_FILE_SELECTION (filesel)); - - if (e_cert_db_import_certs_from_file (e_cert_db_peek (), - filename, - E_CERT_CA, - NULL)) { - - /* there's no telling how many certificates were added during the import, - so we blow away the CA cert display and regenerate it. */ - unload_certs (cfm, E_CERT_CA); - load_certs (cfm, E_CERT_CA, add_ca_cert); - } - } - - gtk_widget_destroy (filesel); -} - -static void -delete_ca (GtkWidget *widget, CertificateManagerData *cfm) -{ - GtkTreeIter iter; - - if (gtk_tree_selection_get_selected (gtk_tree_view_get_selection (GTK_TREE_VIEW(cfm->authoritycerts_treeview)), - NULL, - &iter)) { - ECert *cert; - - gtk_tree_model_get (GTK_TREE_MODEL (cfm->authoritycerts_treemodel), - &iter, - 1, &cert, - -1); - - if (cert) { - printf ("DELETE\n"); - e_cert_db_delete_cert (e_cert_db_peek (), cert); - gtk_tree_store_remove (cfm->authoritycerts_treemodel, - &iter); - - /* we need two unrefs here, one to unref the - gtk_tree_model_get above, and one to unref - the initial ref when we created the cert - and added it to the tree */ - g_object_unref (cert); - g_object_unref (cert); - } - } - -} - -static void -authoritycerts_selection_changed (GtkTreeSelection *selection, CertificateManagerData *cfm) -{ - handle_selection_changed (selection, - 1, - cfm->view_ca_button, - cfm->edit_ca_button, - cfm->delete_ca_button); -} - -static GtkTreeStore* -create_authoritycerts_treemodel (void) -{ - return gtk_tree_store_new (2, - G_TYPE_STRING, - G_TYPE_OBJECT); - -} - -static void -initialize_authoritycerts_ui (CertificateManagerData *cfm) -{ - GtkCellRenderer *cell = gtk_cell_renderer_text_new (); - GtkTreeSelection *selection; - - gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->authoritycerts_treeview), - gtk_tree_view_column_new_with_attributes (_("Certificate Name"), - cell, - "text", 0, - NULL)); - - gtk_tree_sortable_set_sort_func (GTK_TREE_SORTABLE (cfm->authoritycerts_treemodel), - 0, - iter_string_compare, NULL, NULL); - - gtk_tree_sortable_set_sort_column_id (GTK_TREE_SORTABLE (cfm->authoritycerts_treemodel), - 0, - GTK_SORT_ASCENDING); - - selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (cfm->authoritycerts_treeview)); - g_signal_connect (selection, "changed", G_CALLBACK (authoritycerts_selection_changed), cfm); - - if (cfm->view_ca_button) - g_signal_connect (cfm->view_ca_button, "clicked", G_CALLBACK (view_ca), cfm); - - if (cfm->import_ca_button) - g_signal_connect (cfm->import_ca_button, "clicked", G_CALLBACK (import_ca), cfm); - - if (cfm->delete_ca_button) - g_signal_connect (cfm->delete_ca_button, "clicked", G_CALLBACK (delete_ca), cfm); -} - -static void -add_user_cert (CertificateManagerData *cfm, ECert *cert) -{ - GtkTreeIter iter; - GtkTreeIter *parent_iter = NULL; - const char *organization = e_cert_get_org (cert); - - if (organization) { - parent_iter = g_hash_table_lookup (cfm->yourcerts_root_hash, organization); - if (!parent_iter) { - /* create a new toplevel node */ - gtk_tree_store_append (GTK_TREE_STORE (cfm->yourcerts_treemodel), &iter, NULL); - - gtk_tree_store_set (GTK_TREE_STORE (cfm->yourcerts_treemodel), &iter, - 0, organization, -1); - - /* now copy it off into parent_iter and insert it into - the hashtable */ - parent_iter = gtk_tree_iter_copy (&iter); - g_hash_table_insert (cfm->yourcerts_root_hash, g_strdup (organization), parent_iter); - } - } - - gtk_tree_store_append (GTK_TREE_STORE (cfm->yourcerts_treemodel), &iter, parent_iter); - - if (e_cert_get_cn (cert)) - gtk_tree_store_set (GTK_TREE_STORE (cfm->yourcerts_treemodel), &iter, - 0, e_cert_get_cn (cert), - 4, cert, - -1); - else - gtk_tree_store_set (GTK_TREE_STORE (cfm->yourcerts_treemodel), &iter, - 0, e_cert_get_nickname (cert), - 4, cert, - -1); -} - -static void -add_contact_cert (CertificateManagerData *cfm, ECert *cert) -{ - GtkTreeIter iter; - GtkTreeIter *parent_iter = NULL; - const char *organization = e_cert_get_org (cert); - - if (organization) { - parent_iter = g_hash_table_lookup (cfm->contactcerts_root_hash, organization); - if (!parent_iter) { - /* create a new toplevel node */ - gtk_tree_store_append (GTK_TREE_STORE (cfm->contactcerts_treemodel), &iter, NULL); - - gtk_tree_store_set (GTK_TREE_STORE (cfm->contactcerts_treemodel), &iter, - 0, organization, -1); - - /* now copy it off into parent_iter and insert it into - the hashtable */ - parent_iter = gtk_tree_iter_copy (&iter); - g_hash_table_insert (cfm->contactcerts_root_hash, g_strdup (organization), parent_iter); - } - } - - gtk_tree_store_append (GTK_TREE_STORE (cfm->contactcerts_treemodel), &iter, parent_iter); - - if (e_cert_get_cn (cert)) - gtk_tree_store_set (GTK_TREE_STORE (cfm->contactcerts_treemodel), &iter, - 0, e_cert_get_cn (cert), - 1, e_cert_get_email (cert), - 3, cert, - -1); - else - gtk_tree_store_set (GTK_TREE_STORE (cfm->contactcerts_treemodel), &iter, - 0, e_cert_get_nickname (cert), - 1, e_cert_get_email (cert), - 3, cert, - -1); -} - -static void -add_ca_cert (CertificateManagerData *cfm, ECert *cert) -{ - GtkTreeIter iter; - GtkTreeIter *parent_iter = NULL; - const char *organization = e_cert_get_org (cert); - - if (organization) { - parent_iter = g_hash_table_lookup (cfm->authoritycerts_root_hash, organization); - if (!parent_iter) { - /* create a new toplevel node */ - gtk_tree_store_append (GTK_TREE_STORE (cfm->authoritycerts_treemodel), &iter, NULL); - - gtk_tree_store_set (GTK_TREE_STORE (cfm->authoritycerts_treemodel), &iter, - 0, organization, -1); - - /* now copy it off into parent_iter and insert it into - the hashtable */ - parent_iter = gtk_tree_iter_copy (&iter); - g_hash_table_insert (cfm->authoritycerts_root_hash, g_strdup (organization), parent_iter); - } - } - - - gtk_tree_store_append (GTK_TREE_STORE (cfm->authoritycerts_treemodel), &iter, parent_iter); - - if (e_cert_get_cn (cert)) - gtk_tree_store_set (GTK_TREE_STORE (cfm->authoritycerts_treemodel), &iter, - 0, e_cert_get_cn (cert), - 1, cert, - -1); - else - gtk_tree_store_set (GTK_TREE_STORE (cfm->authoritycerts_treemodel), &iter, - 0, e_cert_get_nickname (cert), - 1, cert, - -1); -} - -static void -destroy_key (gpointer data) -{ - g_free (data); -} - -static void -destroy_value (gpointer data) -{ - gtk_tree_iter_free (data); -} - -static void -unload_certs (CertificateManagerData *cfm, - ECertType type) -{ - switch (type) { - case E_CERT_USER: - break; - case E_CERT_CONTACT: - cfm->contactcerts_treemodel = create_contactcerts_treemodel (); - gtk_tree_view_set_model (GTK_TREE_VIEW (cfm->contactcerts_treeview), - GTK_TREE_MODEL (cfm->contactcerts_treemodel)); - - if (cfm->contactcerts_root_hash) - g_hash_table_destroy (cfm->contactcerts_root_hash); - - cfm->contactcerts_root_hash = g_hash_table_new_full (g_str_hash, g_str_equal, - destroy_key, destroy_value); - break; - case E_CERT_SITE: - break; - case E_CERT_CA: - cfm->authoritycerts_treemodel = create_authoritycerts_treemodel (); - gtk_tree_view_set_model (GTK_TREE_VIEW (cfm->authoritycerts_treeview), - GTK_TREE_MODEL (cfm->authoritycerts_treemodel)); - - if (cfm->authoritycerts_root_hash) - g_hash_table_destroy (cfm->authoritycerts_root_hash); - - cfm->authoritycerts_root_hash = g_hash_table_new_full (g_str_hash, g_str_equal, - destroy_key, destroy_value); - - - break; - case E_CERT_UNKNOWN: - /* nothing to do here */ - break; - } -} - -static void -load_certs (CertificateManagerData *cfm, - ECertType type, - AddCertCb add_cert) -{ - CERTCertList *certList; - CERTCertListNode *node; - - certList = PK11_ListCerts (PK11CertListUnique, NULL); - - printf ("certList = %p\n", certList); - - for (node = CERT_LIST_HEAD(certList); - !CERT_LIST_END(node, certList); - node = CERT_LIST_NEXT(node)) { - ECert *cert = e_cert_new ((CERTCertificate*)node->cert); - if (e_cert_get_cert_type(cert) == type) { - printf ("cert (nickname = '%s') matches\n", e_cert_get_nickname (cert)); - add_cert (cfm, cert); - } - } - -} - -static void -populate_ui (CertificateManagerData *cfm) -{ - unload_certs (cfm, E_CERT_USER); - load_certs (cfm, E_CERT_USER, add_user_cert); - - unload_certs (cfm, E_CERT_CONTACT); - load_certs (cfm, E_CERT_CONTACT, add_contact_cert); - - unload_certs (cfm, E_CERT_CA); - load_certs (cfm, E_CERT_CA, add_ca_cert); -} - -EvolutionConfigControl* -certificate_manager_config_control_new (void) -{ - CertificateManagerData *cfm_data; - GtkWidget *control_widget; - - /* We need to peek the db here to make sure it (and NSS) are fully initialized. */ - e_cert_db_peek (); - - cfm_data = g_new0 (CertificateManagerData, 1); - cfm_data->gui = glade_xml_new (EVOLUTION_GLADEDIR "/" GLADE_FILE_NAME, NULL, NULL); - - cfm_data->yourcerts_treeview = glade_xml_get_widget (cfm_data->gui, "yourcerts-treeview"); - cfm_data->contactcerts_treeview = glade_xml_get_widget (cfm_data->gui, "contactcerts-treeview"); - cfm_data->authoritycerts_treeview = glade_xml_get_widget (cfm_data->gui, "authoritycerts-treeview"); - - cfm_data->view_your_button = glade_xml_get_widget (cfm_data->gui, "your-view-button"); - cfm_data->backup_your_button = glade_xml_get_widget (cfm_data->gui, "your-backup-button"); - cfm_data->backup_all_your_button = glade_xml_get_widget (cfm_data->gui, "your-backup-all-button"); - cfm_data->import_your_button = glade_xml_get_widget (cfm_data->gui, "your-import-button"); - cfm_data->delete_your_button = glade_xml_get_widget (cfm_data->gui, "your-delete-button"); - - cfm_data->view_contact_button = glade_xml_get_widget (cfm_data->gui, "contact-view-button"); - cfm_data->edit_contact_button = glade_xml_get_widget (cfm_data->gui, "contact-edit-button"); - cfm_data->import_contact_button = glade_xml_get_widget (cfm_data->gui, "contact-import-button"); - cfm_data->delete_contact_button = glade_xml_get_widget (cfm_data->gui, "contact-delete-button"); - - cfm_data->view_ca_button = glade_xml_get_widget (cfm_data->gui, "authority-view-button"); - cfm_data->edit_ca_button = glade_xml_get_widget (cfm_data->gui, "authority-edit-button"); - cfm_data->import_ca_button = glade_xml_get_widget (cfm_data->gui, "authority-import-button"); - cfm_data->delete_ca_button = glade_xml_get_widget (cfm_data->gui, "authority-delete-button"); - - initialize_yourcerts_ui(cfm_data); - initialize_contactcerts_ui(cfm_data); - initialize_authoritycerts_ui(cfm_data); - - populate_ui (cfm_data); - - control_widget = glade_xml_get_widget (cfm_data->gui, "cert-manager-notebook"); - gtk_widget_ref (control_widget); - - gtk_container_remove (GTK_CONTAINER (control_widget->parent), control_widget); - - return evolution_config_control_new (control_widget); -} diff --git a/smime/gui/certificate-manager.h b/smime/gui/certificate-manager.h deleted file mode 100644 index ee2002b159..0000000000 --- a/smime/gui/certificate-manager.h +++ /dev/null @@ -1,30 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok - * - * Copyright (C) 2003 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _CERTIFICATE_MANAGER_H_ -#define _CERTIFICATE_MANAGER_H - -#include "evolution-config-control.h" - -EvolutionConfigControl* certificate_manager_config_control_new (void); - -#endif /* _CERTIFICATE_MANAGER_H_ */ diff --git a/smime/gui/certificate-viewer.c b/smime/gui/certificate-viewer.c deleted file mode 100644 index 792ccab01a..0000000000 --- a/smime/gui/certificate-viewer.c +++ /dev/null @@ -1,298 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok - * - * Copyright (C) 2003 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#include "certificate-viewer.h" - -#include "e-asn1-object.h" - -#include - -#include -#include - -#define GLADE_FILE_NAME "smime-ui.glade" - -typedef struct { - GladeXML *gui; - GtkWidget *dialog; - GtkTreeStore *hierarchy_store, *fields_store; - GtkWidget *hierarchy_tree, *fields_tree; - GtkWidget *field_text; - - GList *cert_chain; -} CertificateViewerData; - -static void -free_data (gpointer data, GObject *where_the_object_was) -{ - CertificateViewerData *cvm = data; - - g_list_foreach (cvm->cert_chain, (GFunc)g_object_unref, NULL); - g_list_free (cvm->cert_chain); - - g_object_unref (cvm->gui); - g_free (cvm); -} - -static void -fill_in_general (CertificateViewerData *cvm_data, ECert *cert) -{ - CERTCertificate *mcert = e_cert_get_internal_cert (cert); - GtkWidget *label; - const char *text; - - /* issued to */ - if (e_cert_get_cn (cert)) { - label = glade_xml_get_widget (cvm_data->gui, "issued-to-cn"); - gtk_label_set_text (GTK_LABEL (label), e_cert_get_cn (cert)); - } - - if (e_cert_get_org (cert)) { - label = glade_xml_get_widget (cvm_data->gui, "issued-to-o"); - gtk_label_set_text (GTK_LABEL (label), e_cert_get_org (cert)); - } - - if (e_cert_get_org_unit (cert)) { - label = glade_xml_get_widget (cvm_data->gui, "issued-to-ou"); - gtk_label_set_text (GTK_LABEL (label), e_cert_get_org_unit (cert)); - } - - text = e_cert_get_serial_number (cert); - label = glade_xml_get_widget (cvm_data->gui, "issued-to-serial"); - gtk_label_set_text (GTK_LABEL (label), text); - - /* issued by */ - if (e_cert_get_issuer_cn (cert)) { - label = glade_xml_get_widget (cvm_data->gui, "issued-by-cn"); - gtk_label_set_text (GTK_LABEL (label), e_cert_get_issuer_cn (cert)); - } - - if (e_cert_get_issuer_org (cert)) { - label = glade_xml_get_widget (cvm_data->gui, "issued-by-o"); - gtk_label_set_text (GTK_LABEL (label), e_cert_get_issuer_org (cert)); - } - - if (e_cert_get_issuer_org_unit (cert)) { - label = glade_xml_get_widget (cvm_data->gui, "issued-by-ou"); - gtk_label_set_text (GTK_LABEL (label), e_cert_get_issuer_org_unit (cert)); - } - - /* validity */ - if (e_cert_get_issued_on (cert)) { - label = glade_xml_get_widget (cvm_data->gui, "validity-issued-on"); - gtk_label_set_text (GTK_LABEL (label), e_cert_get_issued_on (cert)); - } - - if (e_cert_get_expires_on (cert)) { - label = glade_xml_get_widget (cvm_data->gui, "validity-expires-on"); - gtk_label_set_text (GTK_LABEL (label), e_cert_get_expires_on (cert)); - } - - /* fingerprints */ - text = e_cert_get_sha1_fingerprint (cert); - label = glade_xml_get_widget (cvm_data->gui, "fingerprints-sha1"); - gtk_label_set_text (GTK_LABEL (label), text); - - text = e_cert_get_md5_fingerprint (cert); - label = glade_xml_get_widget (cvm_data->gui, "fingerprints-md5"); - gtk_label_set_text (GTK_LABEL (label), text); -} - -static void -populate_fields_tree (CertificateViewerData *cvm_data, EASN1Object *asn1, GtkTreeIter *root) -{ - GtkTreeIter new_iter; - - /* first insert a node for the current asn1 */ - gtk_tree_store_insert (cvm_data->fields_store, &new_iter, root, -1); - gtk_tree_store_set (cvm_data->fields_store, &new_iter, - 0, e_asn1_object_get_display_name (asn1), - 1, asn1, - -1); - - if (e_asn1_object_is_valid_container (asn1)) { - GList *children = e_asn1_object_get_children (asn1); - if (children) { - GList *l; - for (l = children; l; l = l->next) { - EASN1Object *subasn1 = l->data; - populate_fields_tree (cvm_data, subasn1, &new_iter); - } - } - g_list_foreach (children, (GFunc)g_object_unref, NULL); - g_list_free (children); - } -} - -static void -hierarchy_selection_changed (GtkTreeSelection *selection, CertificateViewerData *cvm_data) -{ - GtkTreeIter iter; - GtkTreeModel *model; - - if (gtk_tree_selection_get_selected (selection, - &model, - &iter)) { - EASN1Object *asn1_object; - ECert *cert; - - gtk_tree_model_get (model, - &iter, - 1, &cert, - -1); - - if (!cert) - return; - - /* display the cert's ASN1 structure */ - asn1_object = e_cert_get_asn1_struct (cert); - - /* wipe out the old model */ - cvm_data->fields_store = gtk_tree_store_new (2, G_TYPE_STRING, G_TYPE_POINTER); - gtk_tree_view_set_model (GTK_TREE_VIEW (cvm_data->fields_tree), - GTK_TREE_MODEL (cvm_data->fields_store)); - - /* populate the fields from the newly selected cert */ - populate_fields_tree (cvm_data, asn1_object, NULL); - gtk_tree_view_expand_all (GTK_TREE_VIEW (cvm_data->fields_tree)); - g_object_unref (asn1_object); - - /* and blow away the field value */ - gtk_text_buffer_set_text (gtk_text_view_get_buffer (GTK_TEXT_VIEW (cvm_data->field_text)), - "", 0); - } -} - -static void -fields_selection_changed (GtkTreeSelection *selection, CertificateViewerData *cvm_data) -{ - GtkTreeIter iter; - GtkTreeModel *model; - - if (gtk_tree_selection_get_selected (selection, - &model, - &iter)) { - EASN1Object *asn1_object; - const char *value; - - gtk_tree_model_get (model, - &iter, - 1, &asn1_object, - -1); - - value = e_asn1_object_get_display_value (asn1_object); - - if (value) - gtk_text_buffer_set_text (gtk_text_view_get_buffer (GTK_TEXT_VIEW (cvm_data->field_text)), - value, strlen (value)); - else - gtk_text_buffer_set_text (gtk_text_view_get_buffer (GTK_TEXT_VIEW (cvm_data->field_text)), - "", 0); - } -} - -static void -fill_in_details (CertificateViewerData *cvm_data, ECert *cert) -{ - GList *l; - GtkTreeIter *root = NULL; - GtkTreeSelection *selection; - - /* hook up all the hierarchy tree foo */ - cvm_data->hierarchy_store = gtk_tree_store_new (2, G_TYPE_STRING, G_TYPE_OBJECT); - cvm_data->hierarchy_tree = glade_xml_get_widget (cvm_data->gui, "cert-hierarchy-treeview"); - gtk_tree_view_set_model (GTK_TREE_VIEW (cvm_data->hierarchy_tree), - GTK_TREE_MODEL (cvm_data->hierarchy_store)); - - gtk_tree_view_insert_column_with_attributes (GTK_TREE_VIEW (cvm_data->hierarchy_tree), - -1, "Cert", gtk_cell_renderer_text_new(), - "text", 0, NULL); - - selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (cvm_data->hierarchy_tree)); - g_signal_connect (selection, "changed", G_CALLBACK (hierarchy_selection_changed), cvm_data); - - /* hook up all the fields tree foo */ - cvm_data->fields_tree = glade_xml_get_widget (cvm_data->gui, "cert-fields-treeview"); - - gtk_tree_view_insert_column_with_attributes (GTK_TREE_VIEW (cvm_data->fields_tree), - -1, "Field", gtk_cell_renderer_text_new(), - "text", 0, NULL); - - selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (cvm_data->fields_tree)); - g_signal_connect (selection, "changed", G_CALLBACK (fields_selection_changed), cvm_data); - - /* hook up all the field display foo */ - cvm_data->field_text = glade_xml_get_widget (cvm_data->gui, "cert-field-value-textview"); - - /* initially populate the hierarchy from the cert's chain */ - cvm_data->cert_chain = e_cert_get_chain (cert); - cvm_data->cert_chain = g_list_reverse (cvm_data->cert_chain); - for (l = cvm_data->cert_chain; l; l = l->next) { - ECert *c = l->data; - const char *str; - GtkTreeIter new_iter; - - str = e_cert_get_cn (c); - if (!str) - str = e_cert_get_subject_name (c); - - gtk_tree_store_insert (cvm_data->hierarchy_store, &new_iter, root, -1); - gtk_tree_store_set (cvm_data->hierarchy_store, &new_iter, - 0, str, - 1, c, - -1); - - root = &new_iter; - } - - gtk_tree_view_expand_all (GTK_TREE_VIEW (cvm_data->hierarchy_tree)); -} - -GtkWidget* -certificate_viewer_show (ECert *cert) -{ - CertificateViewerData *cvm_data; - char *title; - - cvm_data = g_new0 (CertificateViewerData, 1); - cvm_data->gui = glade_xml_new (EVOLUTION_GLADEDIR "/" GLADE_FILE_NAME, NULL, NULL); - - cvm_data->dialog = glade_xml_get_widget (cvm_data->gui, "certificate-viewer-dialog"); - - title = g_strdup_printf (_("Certificate Viewer: %s"), e_cert_get_window_title (cert)); - - gtk_window_set_title (GTK_WINDOW (cvm_data->dialog), - title); - - g_free (title); - - fill_in_general (cvm_data, cert); - fill_in_details (cvm_data, cert); - - g_object_weak_ref (G_OBJECT (cvm_data->dialog), free_data, cvm_data); - - g_signal_connect (cvm_data->dialog, "response", - G_CALLBACK (gtk_widget_destroy), NULL); - - gtk_widget_show (cvm_data->dialog); - return cvm_data->dialog; -} diff --git a/smime/gui/certificate-viewer.h b/smime/gui/certificate-viewer.h deleted file mode 100644 index ab60043a39..0000000000 --- a/smime/gui/certificate-viewer.h +++ /dev/null @@ -1,31 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok - * - * Copyright (C) 2003 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _CERTIFICATE_VIEWER_H_ -#define _CERTIFICATE_VIEWER_H - -#include -#include "e-cert.h" - -GtkWidget* certificate_viewer_show (ECert *cert); - -#endif /* _CERTIFICATE_VIEWER_H_ */ diff --git a/smime/gui/e-cert-selector.c b/smime/gui/e-cert-selector.c deleted file mode 100644 index b3fcabdc43..0000000000 --- a/smime/gui/e-cert-selector.c +++ /dev/null @@ -1,247 +0,0 @@ - -/* Copyright 2003, Novell Inc. - * - * Author(s): Michael Zucchi - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - */ - -#include - -#include - -#include -#include -#include -#include -#include - -#include "nss.h" -#include "pk11func.h" -#include "certdb.h" -#include "cert.h" - -#include - -#include "e-cert-selector.h" - -struct _ECertSelectorPrivate { - CERTCertList *certlist; - - GtkWidget *menu, *description; -}; - -enum { - ECS_SELECTED, - ECS_LAST_SIGNAL -}; - -static guint ecs_signals[ECS_LAST_SIGNAL]; - -static GtkDialog *ecs_parent_class; - -/* (this is what mozilla shows) -Issued to: - Subject: E=notzed@ximian.com, CN=notzed@ximian.com, O=My Company Ltd, L=Adelaide, ST=SA, C=AU - Serial Number: 03 - Valid from 23/10/03 06:35:29 to 22/10/04 06:35:29 - Purposes: Sign,Encrypt -Issued by: - Subject: E=notzed@ximian.com, O=company, L=there, ST=Here, C=AU -*/ - -static CERTCertListNode * -ecs_find_current(ECertSelector *ecs) -{ - struct _ECertSelectorPrivate *p = ecs->priv; - CERTCertListNode *node; - int n; - - if (CERT_LIST_EMPTY(p->certlist)) - return NULL; - - n = gtk_option_menu_get_history((GtkOptionMenu *)p->menu); - node = CERT_LIST_HEAD(p->certlist); - while (n>0 && !CERT_LIST_END(node, p->certlist)) { - n--; - node = CERT_LIST_NEXT(node); - } - - g_assert(!CERT_LIST_END(node, p->certlist)); - - return node; -} - -static void -ecs_response(GtkDialog *dialog, gint button) -{ - CERTCertListNode *node; - - switch (button) { - case GTK_RESPONSE_OK: - node = ecs_find_current((ECertSelector *)dialog); - break; - default: - node = NULL; - break; - } - - g_signal_emit(dialog, ecs_signals[ECS_SELECTED], 0, node?node->cert->nickname:NULL); -} - -static void -ecs_cert_changed(GtkWidget *w, ECertSelector *ecs) -{ - struct _ECertSelectorPrivate *p = ecs->priv; - CERTCertListNode *node; - GtkTextBuffer *buffer; - GString *text; - - text = g_string_new(""); - node = ecs_find_current(ecs); - if (node) { - /* FIXME: add serial no, validity date, uses */ - g_string_append_printf(text, _("Issued to:\n Subject: %s\n"), node->cert->subjectName); - g_string_append_printf(text, _("Issued by:\n Subject: %s\n"), node->cert->issuerName); - } - - buffer = gtk_text_view_get_buffer((GtkTextView *)p->description); - gtk_text_buffer_set_text(buffer, text->str, text->len); - g_string_free(text, TRUE); -} - -/** - * e_cert_selector_new: - * @type: - * @currentid: - * - * Create a new ECertSelector dialog. @type specifies which type of cert to - * be selected, E_CERT_SELECTOR_SIGNER for signing certs, and - * E_CERT_SELECTOR_RECIPIENT for encrypting certs. - * - * @currentid is the nickname of the cert currently selected for this user. - * - * You only need to connect to a single signal "selected" which will - * be called with either a NULL nickname if cancelled, or the newly - * selected nickname otherwise. - * - * Return value: A dialogue to be shown. - **/ -GtkWidget * -e_cert_selector_new(int type, const char *currentid) -{ - ECertSelector *ecs; - struct _ECertSelectorPrivate *p; - SECCertUsage usage; - CERTCertList *certlist; - CERTCertListNode *node; - GladeXML *gui; - GtkWidget *w, *menu; - int n=0, active=0; - - ecs = g_object_new(e_cert_selector_get_type(), NULL); - p = ecs->priv; - - gui = glade_xml_new(EVOLUTION_GLADEDIR "/smime-ui.glade", "cert_selector_vbox", NULL); - - p->menu = glade_xml_get_widget(gui, "cert_menu"); - p->description = glade_xml_get_widget(gui, "cert_description"); - - w = glade_xml_get_widget(gui, "cert_selector_vbox"); - gtk_box_pack_start((GtkBox *)((GtkDialog *)ecs)->vbox, w, TRUE, TRUE, 3); - - switch (type) { - case E_CERT_SELECTOR_SIGNER: - default: - usage = certUsageEmailSigner; - break; - case E_CERT_SELECTOR_RECIPIENT: - usage = certUsageEmailRecipient; - break; - } - - menu = gtk_menu_new(); - - certlist = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), usage, FALSE, TRUE, NULL); - ecs->priv->certlist = certlist; - node = CERT_LIST_HEAD(certlist); - while (!CERT_LIST_END(node, certlist)) { - w = gtk_menu_item_new_with_label(node->cert->nickname); - gtk_menu_shell_append((GtkMenuShell *)menu, w); - gtk_widget_show(w); - - if (currentid != NULL - && (strcmp(node->cert->nickname, currentid) == 0 - || strcmp(node->cert->emailAddr, currentid) == 0)) - active = n; - - n++; - node = CERT_LIST_NEXT(node); - } - - gtk_option_menu_set_menu((GtkOptionMenu *)p->menu, menu); - gtk_option_menu_set_history((GtkOptionMenu *)p->menu, active); - - g_signal_connect(p->menu, "changed", G_CALLBACK(ecs_cert_changed), ecs); - - g_object_unref(gui); - - ecs_cert_changed(p->menu, ecs); - - return GTK_WIDGET(ecs); -} - -static void -ecs_init(ECertSelector *ecs) -{ - gtk_dialog_add_buttons((GtkDialog *)ecs, - GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, - GTK_STOCK_OK, GTK_RESPONSE_OK, NULL); - - ecs->priv = g_malloc0(sizeof(*ecs->priv)); -} - -static void -ecs_finalise(GObject *o) -{ - ECertSelector *ecs = (ECertSelector *)o; - - if (ecs->priv->certlist) - CERT_DestroyCertList(ecs->priv->certlist); - - g_free(ecs->priv); - - ((GObjectClass *)ecs_parent_class)->finalize(o); -} - -static void -ecs_class_init(ECertSelectorClass *klass) -{ - ecs_parent_class = g_type_class_ref(gtk_dialog_get_type()); - - ((GObjectClass *)klass)->finalize = ecs_finalise; - ((GtkDialogClass *)klass)->response = ecs_response; - - ecs_signals[ECS_SELECTED] = - g_signal_new("selected", - G_OBJECT_CLASS_TYPE(klass), - G_SIGNAL_RUN_LAST, - G_STRUCT_OFFSET(ECertSelectorClass, selected), - NULL, NULL, - g_cclosure_marshal_VOID__POINTER, - G_TYPE_NONE, 1, G_TYPE_POINTER); -} - -E_MAKE_TYPE(e_cert_selector, "ECertSelector", ECertSelector, ecs_class_init, ecs_init, gtk_dialog_get_type()) diff --git a/smime/gui/e-cert-selector.h b/smime/gui/e-cert-selector.h deleted file mode 100644 index 8919a3e916..0000000000 --- a/smime/gui/e-cert-selector.h +++ /dev/null @@ -1,67 +0,0 @@ -/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ -/* e-cert-selector.h - * - * Copyright (C) 2003 Novell Inc. - * - * Authors: Michael Zucchi - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - * - */ - -#ifndef E_CERT_SELECTOR_H -#define E_CERT_SELECTOR_H - -#include - -#ifdef cplusplus -extern "C" { -#pragma } -#endif /* cplusplus */ - -#define E_TYPE_CERT_SELECTOR (e_cert_selector_get_type ()) -#define E_CERT_SELECTOR(obj) (GTK_CHECK_CAST ((obj), E_TYPE_CERT_SELECTOR, ECertSelector)) -#define E_CERT_SELECTOR_CLASS(klass) (GTK_CHECK_CLASS_CAST ((klass), E_TYPE_CERT_SELECTOR, ECertSelectorClass)) -#define E_IS_CERT_SELECTOR(obj) (GTK_CHECK_TYPE ((obj), E_TYPE_CERT_SELECTOR)) -#define E_IS_CERT_SELECTOR_CLASS(klass) (GTK_CHECK_CLASS_TYPE ((obj), E_TYPE_CERT_SELECTOR)) - -typedef struct _ECertSelector ECertSelector; -typedef struct _ECertSelectorClass ECertSelectorClass; - -struct _ECertSelector { - GtkDialog parent; - - struct _ECertSelectorPrivate *priv; -}; - -struct _ECertSelectorClass { - GtkDialogClass parent_class; - - void (*selected)(ECertSelector *, const char *certid); -}; - -enum _e_cert_selector_type { - E_CERT_SELECTOR_SIGNER, - E_CERT_SELECTOR_RECIPIENT, -}; - -GtkType e_cert_selector_get_type (void); -GtkWidget *e_cert_selector_new (int type, const char *currentid); - -#ifdef cplusplus -} -#endif /* cplusplus */ - -#endif /* E_CERT_SELECTOR_H */ diff --git a/smime/gui/smime-ui.glade b/smime/gui/smime-ui.glade deleted file mode 100644 index 36966f7443..0000000000 --- a/smime/gui/smime-ui.glade +++ /dev/null @@ -1,2100 +0,0 @@ - - - - - - - dialog1 - GTK_WINDOW_TOPLEVEL - GTK_WIN_POS_NONE - False - True - False - True - - - - True - False - 0 - - - - True - GTK_BUTTONBOX_END - - - - True - True - True - gtk-close - True - GTK_RELIEF_NORMAL - -7 - - - - - 0 - False - True - GTK_PACK_END - - - - - - 12 - True - True - True - True - GTK_POS_TOP - False - False - - - - 6 - True - False - 6 - - - - True - 0 - 0.5 - GTK_SHADOW_NONE - - - - 6 - True - False - 0 - - - - True - SSL Client Certificate - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - SSL Server Certificate - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - Email Signer Certificate - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - Email Recipient Certificate - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - - - True - <b>This certificate has been verified for the following uses:</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - label_item - - - - - 0 - False - True - - - - - - True - - - 0 - False - True - - - - - - 3 - True - 15 - 2 - False - 0 - 6 - - - - True - <b>Issued To</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 1 - 0 - 3 - - - 0 - 2 - 0 - 1 - fill - - - - - - - True - Common Name (CN) - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 6 - 0 - - - 0 - 1 - 1 - 2 - fill - - - - - - - True - Organization (O) - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 6 - 0 - - - 0 - 1 - 2 - 3 - fill - - - - - - - True - Organizational Unit (OU) - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 6 - 0 - - - 0 - 1 - 3 - 4 - fill - - - - - - - True - Serial Number - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 6 - 0 - - - 0 - 1 - 4 - 5 - fill - - - - - - - True - Common Name (CN) - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 6 - 0 - - - 0 - 1 - 6 - 7 - fill - - - - - - - True - Organization (O) - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 6 - 0 - - - 0 - 1 - 7 - 8 - fill - - - - - - - True - Organizational Unit (OU) - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 6 - 0 - - - 0 - 1 - 8 - 9 - fill - - - - - - - True - Issued On - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 6 - 0 - - - 0 - 1 - 10 - 11 - fill - - - - - - - True - Expires On - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 6 - 0 - - - 0 - 1 - 11 - 12 - fill - - - - - - - True - <b>Issued By</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 1 - 0 - 3 - - - 0 - 2 - 5 - 6 - fill - - - - - - - True - <b>Fingerprints</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 3 - - - 0 - 2 - 12 - 13 - fill - - - - - - - True - SHA1 Fingerprint - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 6 - 0 - - - 0 - 1 - 13 - 14 - fill - - - - - - - True - MD5 Fingerprint - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 6 - 0 - - - 0 - 1 - 14 - 15 - fill - - - - - - - True - True - <Not Part of Certificate> - False - False - GTK_JUSTIFY_LEFT - False - True - 0 - 0.5 - 0 - 0 - - - 1 - 2 - 2 - 3 - fill - - - - - - - True - True - <Not Part of Certificate> - False - False - GTK_JUSTIFY_LEFT - False - True - 0 - 0.5 - 0 - 0 - - - 1 - 2 - 3 - 4 - fill - - - - - - - True - True - <Not Part of Certificate> - False - False - GTK_JUSTIFY_LEFT - False - True - 0 - 0.5 - 0 - 0 - - - 1 - 2 - 4 - 5 - fill - - - - - - - True - True - <Not Part of Certificate> - False - False - GTK_JUSTIFY_LEFT - False - True - 0 - 0.5 - 0 - 0 - - - 1 - 2 - 6 - 7 - fill - - - - - - - True - True - <Not Part of Certificate> - False - False - GTK_JUSTIFY_LEFT - False - True - 0 - 0.5 - 0 - 0 - - - 1 - 2 - 7 - 8 - fill - - - - - - - True - True - <Not Part of Certificate> - False - False - GTK_JUSTIFY_LEFT - False - True - 0 - 0.5 - 0 - 0 - - - 1 - 2 - 8 - 9 - fill - - - - - - - True - True - <Not Part of Certificate> - False - False - GTK_JUSTIFY_LEFT - False - True - 0 - 0.5 - 0 - 0 - - - 1 - 2 - 10 - 11 - fill - - - - - - - True - True - <Not Part of Certificate> - False - False - GTK_JUSTIFY_LEFT - False - True - 0 - 0.5 - 0 - 0 - - - 1 - 2 - 11 - 12 - fill - - - - - - - True - True - <Not Part of Certificate> - False - False - GTK_JUSTIFY_LEFT - False - True - 0 - 0.5 - 0 - 0 - - - 1 - 2 - 13 - 14 - fill - - - - - - - True - True - <Not Part of Certificate> - False - False - GTK_JUSTIFY_LEFT - False - True - 0 - 0.5 - 0 - 0 - - - 1 - 2 - 14 - 15 - fill - - - - - - - True - True - <Not Part of Certificate> - False - False - GTK_JUSTIFY_LEFT - False - True - 0 - 0.5 - 0 - 0 - - - 1 - 2 - 1 - 2 - fill - - - - - - - True - <b>Validity</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 3 - - - 0 - 2 - 9 - 10 - fill - - - - - - 0 - False - True - - - - - False - True - - - - - - True - General - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - tab - - - - - - True - False - 0 - - - - True - 0 - 0.5 - GTK_SHADOW_NONE - - - - 6 - True - True - GTK_POLICY_AUTOMATIC - GTK_POLICY_AUTOMATIC - GTK_SHADOW_IN - GTK_CORNER_TOP_LEFT - - - - True - True - False - False - False - True - - - - - - - - True - <b>Certificate Hierarchy</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - label_item - - - - - 0 - True - True - - - - - - True - 0 - 0.5 - GTK_SHADOW_NONE - - - - 6 - True - True - GTK_POLICY_AUTOMATIC - GTK_POLICY_AUTOMATIC - GTK_SHADOW_IN - GTK_CORNER_TOP_LEFT - - - - True - True - False - False - False - True - - - - - - - - True - <b>Certificate Fields</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - label_item - - - - - 0 - True - True - - - - - - True - 0 - 0.5 - GTK_SHADOW_NONE - - - - 6 - True - True - GTK_POLICY_AUTOMATIC - GTK_POLICY_AUTOMATIC - GTK_SHADOW_ETCHED_IN - GTK_CORNER_TOP_LEFT - - - - True - True - False - GTK_JUSTIFY_LEFT - GTK_WRAP_NONE - False - 0 - 0 - 0 - 0 - 0 - 0 - - - - - - - - - True - <b>Field Value</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - label_item - - - - - 0 - False - True - - - - - False - True - - - - - - True - Details - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - tab - - - - - 0 - True - True - - - - - - - - window1 - GTK_WINDOW_TOPLEVEL - GTK_WIN_POS_NONE - False - True - False - - - - True - True - True - True - GTK_POS_TOP - False - False - - - - 6 - True - False - 6 - - - - True - You have certificates from these organizations that identify you: - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - True - GTK_POLICY_AUTOMATIC - GTK_POLICY_AUTOMATIC - GTK_SHADOW_IN - GTK_CORNER_TOP_LEFT - - - - True - True - True - False - False - True - - - - - 0 - True - True - - - - - - True - GTK_BUTTONBOX_DEFAULT_STYLE - 6 - - - - True - False - True - True - View - True - GTK_RELIEF_NORMAL - - - - - - True - False - True - True - GTK_RELIEF_NORMAL - - - - True - 0.5 - 0.5 - 0 - 0 - - - - True - False - 2 - - - - True - gtk-save - 4 - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - Backup - True - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - - - - - - - True - True - True - GTK_RELIEF_NORMAL - - - - True - 0.5 - 0.5 - 0 - 0 - - - - True - False - 2 - - - - True - gtk-save - 4 - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - Backup All - True - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - - - - - - - True - True - True - Import - True - GTK_RELIEF_NORMAL - - - - - - True - False - True - True - gtk-delete - True - GTK_RELIEF_NORMAL - - - - - 0 - False - True - - - - - False - True - - - - - - True - Your Certificates - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - tab - - - - - - 6 - True - False - 6 - - - - True - You have certificates on file that identify these people: - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - True - GTK_POLICY_AUTOMATIC - GTK_POLICY_AUTOMATIC - GTK_SHADOW_IN - GTK_CORNER_TOP_LEFT - - - - True - True - True - False - False - True - - - - - 0 - True - True - - - - - - True - GTK_BUTTONBOX_DEFAULT_STYLE - 0 - - - - True - False - True - True - View - True - GTK_RELIEF_NORMAL - - - - - - True - False - True - True - GTK_RELIEF_NORMAL - - - - True - 0.5 - 0.5 - 0 - 0 - - - - True - False - 2 - - - - True - gtk-properties - 4 - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - Edit - True - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - - - - - - - True - True - True - Import - True - GTK_RELIEF_NORMAL - - - - - - True - False - True - True - gtk-delete - True - GTK_RELIEF_NORMAL - - - - - 0 - False - True - - - - - False - True - - - - - - True - Contact Certificates - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - tab - - - - - - 6 - True - False - 6 - - - - True - You have certificates on file that identify these certificate authorities: - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - True - GTK_POLICY_AUTOMATIC - GTK_POLICY_AUTOMATIC - GTK_SHADOW_IN - GTK_CORNER_TOP_LEFT - - - - True - True - True - False - False - True - - - - - 0 - True - True - - - - - - True - GTK_BUTTONBOX_DEFAULT_STYLE - 0 - - - - True - False - True - True - View - True - GTK_RELIEF_NORMAL - - - - - - True - False - True - True - GTK_RELIEF_NORMAL - - - - True - 0.5 - 0.5 - 0 - 0 - - - - True - False - 2 - - - - True - gtk-properties - 4 - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - Edit - True - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - - - - - - - True - True - True - Import - True - GTK_RELIEF_NORMAL - - - - - - True - False - True - True - gtk-delete - True - GTK_RELIEF_NORMAL - - - - - 0 - False - True - - - - - False - True - - - - - - True - Authorities - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - tab - - - - - - - - Certificate Authority Trust - GTK_WINDOW_TOPLEVEL - GTK_WIN_POS_NONE - False - True - False - True - - - - True - False - 0 - - - - True - GTK_BUTTONBOX_END - - - - True - True - True - gtk-cancel - True - GTK_RELIEF_NORMAL - -6 - - - - - - True - True - True - gtk-ok - True - GTK_RELIEF_NORMAL - -5 - - - - - 0 - False - True - GTK_PACK_END - - - - - - True - You have been asked to trust a new Certificate Authority (CA). - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - Do you want to trust "%s" for the following purposes? - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - False - 0 - - - - True - True - Trust this CA to identify web sites. - True - GTK_RELIEF_NORMAL - False - False - True - - - 0 - False - False - - - - - - True - True - Trust this CA to identify email users. - True - GTK_RELIEF_NORMAL - False - False - True - - - 0 - False - False - - - - - - True - True - Trust this CA to identify software developers. - True - GTK_RELIEF_NORMAL - False - False - True - - - 0 - False - False - - - - - 0 - False - False - - - - - - True - Before trusting this CA for any purpose, you should examine its certificate and its policy and procedures (if available). - False - False - GTK_JUSTIFY_LEFT - True - False - 0 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - 0 - 0.5 - 0 - 1 - - - - True - True - View Certificate - True - GTK_RELIEF_NORMAL - - - - - 0 - False - False - - - - - - - - Dummy window only - GTK_WINDOW_TOPLEVEL - GTK_WIN_POS_NONE - False - True - False - - - - True - False - 0 - - - - 6 - True - False - 6 - - - - True - Certificate - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - True - -1 - - - 0 - False - False - - - - - 0 - False - True - - - - - - True - 0 - 0.5 - GTK_SHADOW_ETCHED_IN - - - - 6 - True - True - GTK_POLICY_AUTOMATIC - GTK_POLICY_AUTOMATIC - GTK_SHADOW_IN - GTK_CORNER_TOP_LEFT - - - - True - True - True - GTK_JUSTIFY_LEFT - GTK_WRAP_NONE - True - 0 - 0 - 0 - 0 - 0 - 0 - - - - - - - - - True - Certificate details - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - - - label_item - - - - - 0 - True - True - - - - - - - diff --git a/smime/lib/.cvsignore b/smime/lib/.cvsignore deleted file mode 100644 index 74b73492ca..0000000000 --- a/smime/lib/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -Makefile -Makefile.in -*.la diff --git a/smime/lib/Makefile.am b/smime/lib/Makefile.am deleted file mode 100644 index f534fd01f3..0000000000 --- a/smime/lib/Makefile.am +++ /dev/null @@ -1,28 +0,0 @@ -INCLUDES = \ - -DG_LOG_DOMAIN=\"evolution-smime\" \ - -I$(top_srcdir) \ - -I$(top_srcdir)/shell \ - -I$(top_builddir) \ - -DEVOLUTION_DATADIR=\""$(datadir)"\" \ - -DEVOLUTION_GLADEDIR=\""$(gladedir)"\" \ - -DEVOLUTION_ETSPECDIR=\""$(etspecdir)"\" \ - -DEVOLUTION_IMAGESDIR=\""$(imagesdir)"\" \ - -DEVOLUTION_LOCALEDIR=\""$(localedir)"\" \ - -DEVOLUTION_UIDIR=\""$(evolutionuidir)"\" \ - -DPREFIX=\""$(prefix)"\" \ - $(EVOLUTION_ADDRESSBOOK_CFLAGS) \ - $(CERT_UI_CFLAGS) - -noinst_LTLIBRARIES = libessmime.la - -libessmime_la_SOURCES = \ - e-asn1-object.c \ - e-asn1-object.h \ - e-cert.c \ - e-cert.h \ - e-cert-trust.c \ - e-cert-trust.h \ - e-cert-db.c \ - e-cert-db.h \ - e-pkcs12.c \ - e-pkcs12.h diff --git a/smime/lib/e-asn1-object.c b/smime/lib/e-asn1-object.c deleted file mode 100644 index b7528dcd22..0000000000 --- a/smime/lib/e-asn1-object.c +++ /dev/null @@ -1,393 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* e-cert.c - * - * Copyright (C) 2003 Ximian, Inc. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: Chris Toshok (toshok@ximian.com) - */ - -/* The following is the mozilla license blurb, as the bodies some of - these functions were derived from the mozilla source. */ - -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - */ - -#include "e-asn1-object.h" - -#include "secasn1.h" - -struct _EASN1ObjectPrivate { - PRUint32 tag; - PRUint32 type; - gboolean valid_container; - - GList *children; - - char *display_name; - char *value; - - char *data; - guint data_len; -}; - -#define PARENT_TYPE G_TYPE_OBJECT -static GObjectClass *parent_class; - -static void -e_asn1_object_dispose (GObject *object) -{ - EASN1Object *obj = E_ASN1_OBJECT (object); - if (obj->priv) { - - if (obj->priv->display_name) - g_free (obj->priv->display_name); - - if (obj->priv->value) - g_free (obj->priv->value); - - g_list_foreach (obj->priv->children, (GFunc)g_object_unref, NULL); - g_list_free (obj->priv->children); - - g_free (obj->priv); - obj->priv = NULL; - } -} - -static void -e_asn1_object_class_init (EASN1ObjectClass *klass) -{ - GObjectClass *object_class; - - object_class = G_OBJECT_CLASS(klass); - - parent_class = g_type_class_ref (PARENT_TYPE); - - object_class->dispose = e_asn1_object_dispose; -} - -static void -e_asn1_object_init (EASN1Object *asn1) -{ - asn1->priv = g_new0 (EASN1ObjectPrivate, 1); - - asn1->priv->valid_container = TRUE; -} - -GType -e_asn1_object_get_type (void) -{ - static GType asn1_object_type = 0; - - if (!asn1_object_type) { - static const GTypeInfo asn1_object_info = { - sizeof (EASN1ObjectClass), - NULL, /* base_init */ - NULL, /* base_finalize */ - (GClassInitFunc) e_asn1_object_class_init, - NULL, /* class_finalize */ - NULL, /* class_data */ - sizeof (EASN1Object), - 0, /* n_preallocs */ - (GInstanceInitFunc) e_asn1_object_init, - }; - - asn1_object_type = g_type_register_static (PARENT_TYPE, "EASN1Object", &asn1_object_info, 0); - } - - return asn1_object_type; -} - - -/* This function is used to interpret an integer that - was encoded in a DER buffer. This function is used - when converting a DER buffer into a nsIASN1Object - structure. This interprets the buffer in data - as defined by the DER (Distinguised Encoding Rules) of - ASN1. -*/ -static int -get_integer_256 (unsigned char *data, unsigned int nb) -{ - int val; - - switch (nb) { - case 1: - val = data[0]; - break; - case 2: - val = (data[0] << 8) | data[1]; - break; - case 3: - val = (data[0] << 16) | (data[1] << 8) | data[2]; - break; - case 4: - val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; - break; - default: - return -1; - } - - return val; -} - -/* This function is used to retrieve the lenght of a DER encoded - item. It looks to see if this a multibyte length and then - interprets the buffer accordingly to get the actual length value. - This funciton is used mostly while parsing the DER headers. - - A DER encoded item has the following structure: - - -*/ -static guint32 -get_der_item_length (unsigned char *data, unsigned char *end, - unsigned long *bytesUsed, gboolean *indefinite) -{ - unsigned char lbyte = *data++; - PRInt32 length = -1; - - *indefinite = FALSE; - if (lbyte >= 0x80) { - /* Multibyte length */ - unsigned nb = (unsigned) (lbyte & 0x7f); - if (nb > 4) { - return -1; - } - if (nb > 0) { - - if ((data+nb) > end) { - return -1; - } - length = get_integer_256 (data, nb); - if (length < 0) - return -1; - } else { - *indefinite = TRUE; - length = 0; - } - *bytesUsed = nb+1; - } else { - length = lbyte; - *bytesUsed = 1; - } - return length; -} - -static gboolean -build_from_der (EASN1Object *parent, char *data, char *end) -{ - unsigned long bytesUsed; - gboolean indefinite; - PRInt32 len; - PRUint32 type; - unsigned char code, tagnum; - EASN1Object *asn1object; - - if (data >= end) - return TRUE; - - /* - A DER item has the form of |tag|len|data - tag is one byte and describes the type of elment - we are dealing with. - len is a DER encoded int telling us how long the data is - data is a buffer that is len bytes long and has to be - interpreted according to its type. - */ - - while (data < end) { - code = *data; - tagnum = code & SEC_ASN1_TAGNUM_MASK; - - /* - * NOTE: This code does not (yet) handle the high-tag-number form! - */ - if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) { - return FALSE; - } - data++; - len = get_der_item_length (data, end, &bytesUsed, &indefinite); - data += bytesUsed; - if ((len < 0) || ((data+len) > end)) - return FALSE; - - if (code & SEC_ASN1_CONSTRUCTED) { - if (len > 0 || indefinite) { - switch (code & SEC_ASN1_CLASS_MASK) { - case SEC_ASN1_UNIVERSAL: - type = tagnum; - break; - case SEC_ASN1_APPLICATION: - type = E_ASN1_OBJECT_TYPE_APPLICATION; - break; - case SEC_ASN1_CONTEXT_SPECIFIC: - type = E_ASN1_OBJECT_TYPE_CONTEXT_SPECIFIC; - break; - case SEC_ASN1_PRIVATE: - type = E_ASN1_OBJECT_TYPE_PRIVATE; - break; - default: - g_warning ("bad DER"); - return FALSE; - } - - asn1object = e_asn1_object_new (); - asn1object->priv->tag = tagnum; - asn1object->priv->type = type; - - if (!build_from_der (asn1object, data, (len == 0) ? end : data + len)) { - g_object_unref (asn1object); - return FALSE; - } - } - } else { - asn1object = e_asn1_object_new (); - - asn1object->priv->type = tagnum; - asn1object->priv->tag = tagnum; - - /*printableItem->SetData((char*)data, len);*/ - } - data += len; - - parent->priv->children = g_list_append (parent->priv->children, asn1object); - } - - return TRUE; -} - -EASN1Object* -e_asn1_object_new_from_der (char *data, guint32 len) -{ - EASN1Object *obj = g_object_new (E_TYPE_ASN1_OBJECT, NULL); - - if (!build_from_der (obj, data, data + len)) { - g_object_unref (obj); - return NULL; - } - - return obj; -} - -EASN1Object* -e_asn1_object_new (void) -{ - return E_ASN1_OBJECT (g_object_new (E_TYPE_ASN1_OBJECT, NULL)); -} - - -void -e_asn1_object_set_valid_container (EASN1Object *obj, gboolean flag) -{ - obj->priv->valid_container = flag; -} - -gboolean -e_asn1_object_is_valid_container (EASN1Object *obj) -{ - return obj->priv->valid_container; -} - -PRUint32 -e_asn1_object_get_asn1_type (EASN1Object *obj) -{ - return obj->priv->type; -} - -PRUint32 -e_asn1_object_get_asn1_tag (EASN1Object *obj) -{ - return obj->priv->tag; -} - -GList* -e_asn1_object_get_children (EASN1Object *obj) -{ - GList *children = g_list_copy (obj->priv->children); - - g_list_foreach (children, (GFunc)g_object_ref, NULL); - - return children; -} - -void -e_asn1_object_append_child (EASN1Object *parent, EASN1Object *child) -{ - parent->priv->children = g_list_append (parent->priv->children, g_object_ref (child)); -} - -void -e_asn1_object_set_display_name (EASN1Object *obj, const char *name) -{ - g_free (obj->priv->display_name); - obj->priv->display_name = g_strdup (name); -} - -const char* -e_asn1_object_get_display_name (EASN1Object *obj) -{ - return obj->priv->display_name; -} - -void -e_asn1_object_set_display_value (EASN1Object *obj, const char *value) -{ - g_free (obj->priv->value); - obj->priv->value = g_strdup (value); -} - -const char* -e_asn1_object_get_display_value (EASN1Object *obj) -{ - return obj->priv->value; -} - -void -e_asn1_object_get_data (EASN1Object *obj, char **data, guint32 *len) -{ - *data = obj->priv->data; - *len = obj->priv->data_len; -} diff --git a/smime/lib/e-asn1-object.h b/smime/lib/e-asn1-object.h deleted file mode 100644 index 76e2530fcc..0000000000 --- a/smime/lib/e-asn1-object.h +++ /dev/null @@ -1,105 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok - * - * Copyright (C) 2003 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _E_ASN1_OBJECT_H_ -#define _E_ASN1_OBJECT_H_ - -#include - -#include - -#define E_TYPE_ASN1_OBJECT (e_asn1_object_get_type ()) -#define E_ASN1_OBJECT(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_ASN1_OBJECT, EASN1Object)) -#define E_ASN1_OBJECT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_ASN1_OBJECT, EASN1ObjectClass)) -#define E_IS_ASN1_OBJECT(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_ASN1_OBJECT)) -#define E_IS_ASN1_OBJECT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_ASN1_OBJECT)) -#define E_ASN1_OBJECT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_ASN1_OBJECT, EASN1ObjectClass)) - -typedef struct _EASN1Object EASN1Object; -typedef struct _EASN1ObjectClass EASN1ObjectClass; -typedef struct _EASN1ObjectPrivate EASN1ObjectPrivate; - -enum { - /* - * Identifiers for the possible types of object. - */ - E_ASN1_OBJECT_TYPE_END_CONTENTS = 0, - E_ASN1_OBJECT_TYPE_BOOLEAN = 1, - E_ASN1_OBJECT_TYPE_INTEGER = 2, - E_ASN1_OBJECT_TYPE_BIT_STRING = 3, - E_ASN1_OBJECT_TYPE_OCTET_STRING = 4, - E_ASN1_OBJECT_TYPE_NULL = 5, - E_ASN1_OBJECT_TYPE_OBJECT_ID = 6, - E_ASN1_OBJECT_TYPE_ENUMERATED = 10, - E_ASN1_OBJECT_TYPE_UTF8_STRING = 12, - E_ASN1_OBJECT_TYPE_SEQUENCE = 16, - E_ASN1_OBJECT_TYPE_SET = 17, - E_ASN1_OBJECT_TYPE_PRINTABLE_STRING = 19, - E_ASN1_OBJECT_TYPE_T61_STRING = 20, - E_ASN1_OBJECT_TYPE_IA5_STRING = 22, - E_ASN1_OBJECT_TYPE_UTC_TIME = 23, - E_ASN1_OBJECT_TYPE_GEN_TIME = 24, - E_ASN1_OBJECT_TYPE_VISIBLE_STRING = 26, - E_ASN1_OBJECT_TYPE_UNIVERSAL_STRING = 28, - E_ASN1_OBJECT_TYPE_BMP_STRING = 30, - E_ASN1_OBJECT_TYPE_HIGH_TAG_NUMBER = 31, - E_ASN1_OBJECT_TYPE_CONTEXT_SPECIFIC = 32, - E_ASN1_OBJECT_TYPE_APPLICATION = 33, - E_ASN1_OBJECT_TYPE_PRIVATE = 34, -}; - -struct _EASN1Object { - GObject parent; - - EASN1ObjectPrivate *priv; -}; - -struct _EASN1ObjectClass { - GObjectClass parent_class; - - /* Padding for future expansion */ - void (*_ecert_reserved0) (void); - void (*_ecert_reserved1) (void); - void (*_ecert_reserved2) (void); - void (*_ecert_reserved3) (void); - void (*_ecert_reserved4) (void); -}; - -EASN1Object *e_asn1_object_new_from_der (char *data, guint32 len); -EASN1Object *e_asn1_object_new (void); - -void e_asn1_object_set_valid_container (EASN1Object *obj, gboolean flag); -gboolean e_asn1_object_is_valid_container (EASN1Object *obj); -PRUint32 e_asn1_object_get_asn1_type (EASN1Object *obj); -PRUint32 e_asn1_object_get_asn1_tag (EASN1Object *obj); -GList *e_asn1_object_get_children (EASN1Object *obj); -void e_asn1_object_append_child (EASN1Object *parent, EASN1Object *child); -void e_asn1_object_set_display_name (EASN1Object *obj, const char *name); -const char *e_asn1_object_get_display_name (EASN1Object *obj); -void e_asn1_object_set_display_value (EASN1Object *obj, const char *value); -const char *e_asn1_object_get_display_value (EASN1Object *obj); - -void e_asn1_object_get_data (EASN1Object *obj, char **data, guint32 *len); - -GType e_asn1_object_get_type (void); - -#endif /* _E_ASN1_OBJECT_H_ */ diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c deleted file mode 100644 index 5acdf4e847..0000000000 --- a/smime/lib/e-cert-db.c +++ /dev/null @@ -1,1077 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* e-cert-db.c - * - * Copyright (C) 2003 Ximian, Inc. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: Chris Toshok (toshok@ximian.com) - */ - -/* The following is the mozilla license blurb, as the bodies of most - of these functions were derived from the mozilla source. */ - -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - */ - -/* XXX toshok why oh *why* god WHY did they do this? no fucking - sense */ -/* private NSS defines used by PSM */ -/* (must be declated before cert.h) */ -#define CERT_NewTempCertificate __CERT_NewTempCertificate -#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm - -#include "e-cert-db.h" -#include "e-cert-trust.h" - -#include "gmodule.h" - -#include "nss.h" -#include "pk11func.h" -#include "secmod.h" -#include "certdb.h" -#include "plstr.h" -#include "prprf.h" -#include "prmem.h" -#include "e-util/e-dialog-utils.h" -#include -#include -#include -#include -#include -#include - -struct _ECertDBPrivate { -}; - -#define PARENT_TYPE G_TYPE_OBJECT -static GObjectClass *parent_class; - -static CERTDERCerts* e_cert_db_get_certs_from_package (PRArenaPool *arena, char *data, guint32 length); - - - -static void -e_cert_db_dispose (GObject *object) -{ - ECertDB *ec = E_CERT_DB (object); - - if (!ec->priv) - return; - - /* XXX free instance specific data */ - - g_free (ec->priv); - ec->priv = NULL; - - if (G_OBJECT_CLASS (parent_class)->dispose) - G_OBJECT_CLASS (parent_class)->dispose (object); -} - -static void -e_cert_db_class_init (ECertDBClass *klass) -{ - GObjectClass *object_class; - char *evolution_dir_path; - gboolean success; - gboolean has_roots; - PK11SlotList *list; - - object_class = G_OBJECT_CLASS(klass); - - parent_class = g_type_class_ref (PARENT_TYPE); - - object_class->dispose = e_cert_db_dispose; - - evolution_dir_path = g_build_path ("/", g_get_home_dir (), ".evolution", NULL); - - /* we initialize NSS here to make sure it only happens once */ - success = (SECSuccess == NSS_InitReadWrite (evolution_dir_path)); - if (!success) { - success = (SECSuccess == NSS_Init (evolution_dir_path)); - if (success) - g_warning ("opening cert databases read-only"); - } - if (!success) { - success = (SECSuccess == NSS_NoDB_Init (evolution_dir_path)); - if (success) - g_warning ("initializing security library without cert databases."); - } - g_free (evolution_dir_path); - - if (!success) { - g_warning ("Failed all methods for initializing NSS"); - } - - /* - * check to see if you have a rootcert module installed - */ - - has_roots = FALSE; - list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL); - if (list) { - PK11SlotListElement *le; - - for (le = list->head; le; le = le->next) { - if (PK11_HasRootCerts(le->slot)) { - has_roots = TRUE; - break; - } - } - } - - if (!has_roots) { - /* grovel in various places for mozilla's built-in - cert module. - - XXX yes this is gross. *sigh* - */ - char *paths_to_check[] = { - "/usr/lib", - "/usr/lib/mozilla", - }; - int i; - - for (i = 0; i < G_N_ELEMENTS (paths_to_check); i ++) { - char *dll_path = g_module_build_path (paths_to_check [i], - "nssckbi"); - - if (g_file_test (dll_path, G_FILE_TEST_EXISTS)) { - SECMOD_AddNewModule("Mozilla Root Certs",dll_path, 0, 0); - g_free (dll_path); - break; - } - - g_free (dll_path); - } - } -} - -static void -e_cert_db_init (ECertDB *ec) -{ - ec->priv = g_new0 (ECertDBPrivate, 1); -} - -GType -e_cert_db_get_type (void) -{ - static GType cert_type = 0; - - if (!cert_type) { - static const GTypeInfo cert_info = { - sizeof (ECertDBClass), - NULL, /* base_init */ - NULL, /* base_finalize */ - (GClassInitFunc) e_cert_db_class_init, - NULL, /* class_finalize */ - NULL, /* class_data */ - sizeof (ECertDB), - 0, /* n_preallocs */ - (GInstanceInitFunc) e_cert_db_init, - }; - - cert_type = g_type_register_static (PARENT_TYPE, "ECertDB", &cert_info, 0); - } - - return cert_type; -} - - - -GStaticMutex init_mutex = G_STATIC_MUTEX_INIT; -static ECertDB *cert_db = NULL; - -ECertDB* -e_cert_db_peek (void) -{ - g_static_mutex_lock (&init_mutex); - if (!cert_db) - cert_db = g_object_new (E_TYPE_CERT_DB, NULL); - g_static_mutex_unlock (&init_mutex); - - return cert_db; -} - -void -e_cert_db_shutdown (void) -{ - /* XXX */ -} - -/* searching for certificates */ -ECert* -e_cert_db_find_cert_by_nickname (ECertDB *certdb, - const char *nickname, - GError **error) -{ - /* nsNSSShutDownPreventionLock locker;*/ - CERTCertificate *cert = NULL; - - /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));*/ -#if 0 - /* what it should be, but for now...*/ - if (aToken) { - cert = PK11_FindCertFromNickname(asciiname, NULL); - } else { - cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname); - } -#endif - cert = PK11_FindCertFromNickname((char*)nickname, NULL); - if (!cert) { - cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char*)nickname); - } - - - if (cert) { - /* PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("got it\n"));*/ - ECert *ecert = e_cert_new (cert); - return ecert; - } - else { - /* XXX gerror */ - return NULL; - } -} - -ECert* -e_cert_db_find_cert_by_key (ECertDB *certdb, - const char *db_key, - GError **error) -{ -#if 0 - /* nsNSSShutDownPreventionLock locker;*/ - SECItem keyItem = {siBuffer, NULL, 0}; - SECItem *dummy; - CERTIssuerAndSN issuerSN; - unsigned long moduleID,slotID; - CERTCertificate *cert; - - if (!db_key) { - /* XXX gerror */ - return NULL; - } - - dummy = NSSBase64_DecodeBuffer(NULL, &keyItem, db_key, - (PRUint32)PL_strlen(db_key)); - - /* someday maybe we can speed up the search using the moduleID and slotID*/ - moduleID = NS_NSS_GET_LONG(keyItem.data); - slotID = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG]); - - /* build the issuer/SN structure*/ - issuerSN.serialNumber.len = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG*2]); - issuerSN.derIssuer.len = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG*3]); - issuerSN.serialNumber.data= &keyItem.data[NS_NSS_LONG*4]; - issuerSN.derIssuer.data= &keyItem.data[NS_NSS_LONG*4+ - issuerSN.serialNumber.len]; - - cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN); - PR_FREEIF(keyItem.data); - if (cert) { - ECert *ecert = e_cert_new (cert); - return e_cert; - } - - /* XXX gerror */ - return NULL; -#endif -} - -GList* -e_cert_db_get_cert_nicknames (ECertDB *certdb, - ECertType cert_type, - GError **error) -{ -} - -ECert* -e_cert_db_find_email_encryption_cert (ECertDB *certdb, - const char *nickname, - GError **error) -{ -} - -ECert* -e_cert_db_find_email_signing_cert (ECertDB *certdb, - const char *nickname, - GError **error) -{ -} - -ECert* -e_cert_db_find_cert_by_email_address (ECertDB *certdb, - const char *email, - GError **error) -{ - /* nsNSSShutDownPreventionLock locker; */ - ECert *cert; - CERTCertificate *any_cert = CERT_FindCertByNicknameOrEmailAddr(CERT_GetDefaultCertDB(), - (char*)email); - CERTCertList *certlist; - - if (!any_cert) { - /* XXX gerror */ - return NULL; - } - - /* any_cert now contains a cert with the right subject, but it might not have the correct usage */ - certlist = CERT_CreateSubjectCertList(NULL, - CERT_GetDefaultCertDB(), - &any_cert->derSubject, - PR_Now(), PR_TRUE); - if (!certlist) { - /* XXX gerror */ - CERT_DestroyCertificate(any_cert); - return NULL; - } - - if (SECSuccess != CERT_FilterCertListByUsage(certlist, certUsageEmailRecipient, PR_FALSE)) { - /* XXX gerror */ - CERT_DestroyCertificate(any_cert); - /* XXX free certlist? */ - return NULL; - } - - if (CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) { - /* XXX gerror */ - CERT_DestroyCertificate(any_cert); - /* XXX free certlist? */ - return NULL; - } - - cert = e_cert_new (CERT_LIST_HEAD(certlist)->cert); - - return cert; -} - -static gboolean -_confirm_download_ca_cert (ECert *cert, guint32 *trustBits, gboolean *allow) -{ - /* right now just allow it and set the trustBits to 0 */ - *trustBits = 0; - *allow = TRUE; - return TRUE; -} - -static gboolean -handle_ca_cert_download(GList *certs, GError **error) -{ - ECert *certToShow; - SECItem der; - CERTCertificate *tmpCert; - - /* First thing we have to do is figure out which certificate - we're gonna present to the user. The CA may have sent down - a list of certs which may or may not be a chained list of - certs. Until the day we can design some solid UI for the - general case, we'll code to the > 90% case. That case is - where a CA sends down a list that is a chain up to its root - in either ascending or descending order. What we're gonna - do is compare the first 2 entries, if the first was signed - by the second, we assume the leaf cert is the first cert - and display it. If the second cert was signed by the first - cert, then we assume the first cert is the root and the - last cert in the array is the leaf. In this case we - display the last cert. - */ - - /* nsNSSShutDownPreventionLock locker;*/ - - if (certs == NULL) { - g_warning ("Didn't get any certs to import."); - return TRUE; - } - else if (certs->next == NULL) { - /* there's 1 cert */ - certToShow = E_CERT (certs->data); - } - else { - /* there are multiple certs */ - ECert *cert0; - ECert *cert1; - const char* cert0SubjectName; - const char* cert0IssuerName; - const char* cert1SubjectName; - const char* cert1IssuerName; - - cert0 = E_CERT (certs->data); - cert1 = E_CERT (certs->next->data); - - cert0IssuerName = e_cert_get_issuer_name (cert0); - cert0SubjectName = e_cert_get_subject_name (cert0); - - cert1IssuerName = e_cert_get_issuer_name (cert1); - cert1SubjectName = e_cert_get_subject_name (cert1); - - if (!strcmp(cert1IssuerName, cert0SubjectName)) { - /* In this case, the first cert in the list signed the second, - so the first cert is the root. Let's display the last cert - in the list. */ - certToShow = E_CERT (g_list_last (certs)->data); - } - else if (!strcmp(cert0IssuerName, cert1SubjectName)) { - /* In this case the second cert has signed the first cert. The - first cert is the leaf, so let's display it. */ - certToShow = cert0; - } else { - /* It's not a chain, so let's just show the first one in the - downloaded list. */ - certToShow = cert0; - } - } - - if (!certToShow) { - /* XXX gerror */ - return FALSE; - } - - if (!e_cert_get_raw_der (certToShow, (char**)&der.data, &der.len)) { - /* XXX gerror */ - return FALSE; - } - - { - /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Creating temp cert\n"));*/ - CERTCertDBHandle *certdb = CERT_GetDefaultCertDB(); - tmpCert = CERT_FindCertByDERCert(certdb, &der); - if (!tmpCert) { - tmpCert = CERT_NewTempCertificate(certdb, &der, - NULL, PR_FALSE, PR_TRUE); - } - if (!tmpCert) { - g_warning ("Couldn't create cert from DER blob"); - return FALSE; - } - } - -#if 0 - CERTCertificateCleaner tmpCertCleaner(tmpCert); -#endif - - if (tmpCert->isperm) { - e_notice (NULL, GTK_MESSAGE_WARNING, _("Certificate already exists")); - /* XXX gerror */ - return FALSE; - } - else { - guint32 trustBits; - gboolean allow; - char *nickname; - SECStatus srv; - CERTCertTrust trust; - - if (!_confirm_download_ca_cert (certToShow, &trustBits, &allow)) { - /* XXX gerror */ - return FALSE; - } - - if (!allow) { - /* XXX gerror */ - return FALSE; - } - - /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("trust is %d\n", trustBits));*/ - - nickname = CERT_MakeCANickname(tmpCert); - - /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Created nick \"%s\"\n", nickname.get()));*/ - - e_cert_trust_init (&trust); - e_cert_trust_set_valid_ca (&trust); - e_cert_trust_add_ca_trust (&trust, -#if 1 - /* XXX we need that ui working i guess. */ - 0, 0, 0 -#else - trustBits & nsIX509CertDB::TRUSTED_SSL, - trustBits & nsIX509CertDB::TRUSTED_EMAIL, - trustBits & nsIX509CertDB::TRUSTED_OBJSIGN -#endif -); - - srv = CERT_AddTempCertToPerm(tmpCert, - nickname, - &trust); - - if (srv != SECSuccess) { - /* XXX gerror */ - return FALSE; - } - -#if 0 - /* Now it's time to add the rest of the certs we just downloaded. - Since we didn't prompt the user about any of these certs, we - won't set any trust bits for them. */ - e_cert_trust_init (&trust); - e_cert_trust_set_valid_ca (&trust); - e_cert_trusts_add_ca_trust (&trust, 0, 0, 0); - for (PRUint32 i=0; iGetRawDER(&der.len, (PRUint8 **)&der.data); - - CERTCertificate *tmpCert2 = - CERT_NewTempCertificate(certdb, &der, nsnull, PR_FALSE, PR_TRUE); - - if (!tmpCert2) { - NS_ASSERTION(0, "Couldn't create temp cert from DER blob\n"); - continue; /* Let's try to import the rest of 'em */ - } - nickname.Adopt(CERT_MakeCANickname(tmpCert2)); - CERT_AddTempCertToPerm(tmpCert2, NS_CONST_CAST(char*,nickname.get()), - defaultTrust.GetTrust()); - CERT_DestroyCertificate(tmpCert2); - } -#endif - return TRUE; - } -} - -/* deleting certificates */ -gboolean -e_cert_db_delete_cert (ECertDB *certdb, - ECert *ecert) -{ - /* nsNSSShutDownPreventionLock locker; - nsNSSCertificate *nssCert = NS_STATIC_CAST(nsNSSCertificate*, aCert); */ - - CERTCertificate *cert; - SECStatus srv = SECSuccess; - if (!e_cert_mark_for_deletion (ecert)) { - return FALSE; - } - - cert = e_cert_get_internal_cert (ecert); - if (cert->slot && e_cert_get_cert_type (ecert) != E_CERT_USER) { - /* To delete a cert of a slot (builtin, most likely), mark it as - completely untrusted. This way we keep a copy cached in the - local database, and next time we try to load it off of the - external token/slot, we'll know not to trust it. We don't - want to do that with user certs, because a user may re-store - the cert onto the card again at which point we *will* want to - trust that cert if it chains up properly. */ - CERTCertTrust trust; - - e_cert_trust_init_with_values (&trust, 0, 0, 0); - srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), - cert, &trust); - } - - /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("cert deleted: %d", srv));*/ - return (srv) ? FALSE : TRUE; -} - -/* importing certificates */ -gboolean -e_cert_db_import_certs (ECertDB *certdb, - char *data, guint32 length, - ECertType cert_type, - GError **error) -{ - /*nsNSSShutDownPreventionLock locker;*/ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - GList *certs = NULL; - CERTDERCerts *certCollection = e_cert_db_get_certs_from_package (arena, data, length); - int i; - gboolean rv; - - if (!certCollection) { - /* XXX gerror */ - PORT_FreeArena(arena, PR_FALSE); - return FALSE; - } - - /* Now let's create some certs to work with */ - for (i=0; inumcerts; i++) { - SECItem *currItem = &certCollection->rawCerts[i]; - ECert *cert; - - cert = e_cert_new_from_der ((char*)currItem->data, currItem->len); - if (!cert) { - /* XXX gerror */ - g_list_foreach (certs, (GFunc)g_object_unref, NULL); - g_list_free (certs); - PORT_FreeArena(arena, PR_FALSE); - return FALSE; - } - certs = g_list_append (certs, cert); - } - switch (cert_type) { - case E_CERT_CA: - rv = handle_ca_cert_download(certs, error); - break; - default: - /* We only deal with import CA certs in this method currently.*/ - /* XXX gerror */ - PORT_FreeArena(arena, PR_FALSE); - rv = FALSE; - } - - g_list_foreach (certs, (GFunc)g_object_unref, NULL); - g_list_free (certs); - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -gboolean -e_cert_db_import_email_cert (ECertDB *certdb, - char *data, guint32 length, - GError **error) -{ - /*nsNSSShutDownPreventionLock locker;*/ - SECStatus srv = SECFailure; - gboolean rv = TRUE; - CERTCertificate * cert; - SECItem **rawCerts; - int numcerts; - int i; - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTDERCerts *certCollection = e_cert_db_get_certs_from_package (arena, data, length); - - if (!certCollection) { - /* XXX g_error */ - - PORT_FreeArena(arena, PR_FALSE); - return FALSE; - } - - cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), certCollection->rawCerts, - (char *)NULL, PR_FALSE, PR_TRUE); - if (!cert) { - /* XXX g_error */ - rv = FALSE; - goto loser; - } - numcerts = certCollection->numcerts; - rawCerts = (SECItem **) PORT_Alloc(sizeof(SECItem *) * numcerts); - if ( !rawCerts ) { - /* XXX g_error */ - rv = FALSE; - goto loser; - } - - for ( i = 0; i < numcerts; i++ ) { - rawCerts[i] = &certCollection->rawCerts[i]; - } - - srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), certUsageEmailSigner, - numcerts, rawCerts, NULL, PR_TRUE, PR_FALSE, - NULL); - if ( srv != SECSuccess ) { - /* XXX g_error */ - rv = FALSE; - goto loser; - } - srv = CERT_SaveSMimeProfile(cert, NULL, NULL); - PORT_Free(rawCerts); - loser: - if (cert) - CERT_DestroyCertificate(cert); - if (arena) - PORT_FreeArena(arena, PR_TRUE); - return rv; -} - -static char * -default_nickname (CERTCertificate *cert) -{ - /* nsNSSShutDownPreventionLock locker; */ - char *username = NULL; - char *caname = NULL; - char *nickname = NULL; - char *tmp = NULL; - int count; - char *nickFmt=NULL, *nickFmtWithNum = NULL; - CERTCertificate *dummycert; - PK11SlotInfo *slot=NULL; - CK_OBJECT_HANDLE keyHandle; - - CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB(); - - username = CERT_GetCommonName(&cert->subject); - if ( username == NULL ) - username = PL_strdup(""); - - if ( username == NULL ) - goto loser; - - caname = CERT_GetOrgName(&cert->issuer); - if ( caname == NULL ) - caname = PL_strdup(""); - - if ( caname == NULL ) - goto loser; - - count = 1; - - nickFmt = "%1$s's %2$s ID"; - nickFmtWithNum = "%1$s's %2$s ID #%3$d"; - - nickname = PR_smprintf(nickFmt, username, caname); - /* - * We need to see if the private key exists on a token, if it does - * then we need to check for nicknames that already exist on the smart - * card. - */ - slot = PK11_KeyForCertExists(cert, &keyHandle, NULL); - if (slot == NULL) { - goto loser; - } - if (!PK11_IsInternal(slot)) { - tmp = PR_smprintf("%s:%s", PK11_GetTokenName(slot), nickname); - PR_Free(nickname); - nickname = tmp; - tmp = NULL; - } - tmp = nickname; - while ( 1 ) { - if ( count > 1 ) { - nickname = PR_smprintf("%s #%d", tmp, count); - } - - if ( nickname == NULL ) - goto loser; - - if (PK11_IsInternal(slot)) { - /* look up the nickname to make sure it isn't in use already */ - dummycert = CERT_FindCertByNickname(defaultcertdb, nickname); - - } else { - /* - * Check the cert against others that already live on the smart - * card. - */ - dummycert = PK11_FindCertFromNickname(nickname, NULL); - if (dummycert != NULL) { - /* - * Make sure the subject names are different. - */ - if (CERT_CompareName(&cert->subject, &dummycert->subject) == SECEqual) { - /* - * There is another certificate with the same nickname and - * the same subject name on the smart card, so let's use this - * nickname. - */ - CERT_DestroyCertificate(dummycert); - dummycert = NULL; - } - } - } - if ( dummycert == NULL ) - goto done; - - /* found a cert, destroy it and loop */ - CERT_DestroyCertificate(dummycert); - if (tmp != nickname) PR_Free(nickname); - count++; - } /* end of while(1) */ - - loser: - if ( nickname ) { - PR_Free(nickname); - } - nickname = NULL; - done: - if ( caname ) { - PR_Free(caname); - } - if ( username ) { - PR_Free(username); - } - if (slot != NULL) { - PK11_FreeSlot(slot); - if (nickname != NULL) { - tmp = nickname; - nickname = strchr(tmp, ':'); - if (nickname != NULL) { - nickname++; - nickname = PL_strdup(nickname); - PR_Free(tmp); - tmp = NULL; - } else { - nickname = tmp; - tmp = NULL; - } - } - } - PR_FREEIF(tmp); - return(nickname); -} - -gboolean -e_cert_db_import_user_cert (ECertDB *certdb, - char *data, guint32 length, - GError **error) -{ - /* nsNSSShutDownPreventionLock locker;*/ - PK11SlotInfo *slot; - char * nickname = NULL; - gboolean rv = FALSE; - int numCACerts; - SECItem *CACerts; - CERTDERCerts * collectArgs; - PRArenaPool *arena; - CERTCertificate * cert=NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( arena == NULL ) { - /* XXX g_error */ - goto loser; - } - - collectArgs = e_cert_db_get_certs_from_package (arena, data, length); - if (!collectArgs) { - /* XXX g_error */ - goto loser; - } - - cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), collectArgs->rawCerts, - (char *)NULL, PR_FALSE, PR_TRUE); - if (!cert) { - /* XXX g_error */ - goto loser; - } - - slot = PK11_KeyForCertExists(cert, NULL, NULL); - if ( slot == NULL ) { - /* XXX g_error */ - goto loser; - } - PK11_FreeSlot(slot); - - /* pick a nickname for the cert */ - if (cert->nickname) { - /* sigh, we need a call to look up other certs with this subject and - * identify nicknames from them. We can no longer walk down internal - * database structures rjr */ - nickname = cert->nickname; - } - else { - nickname = default_nickname(cert); - } - - /* user wants to import the cert */ - slot = PK11_ImportCertForKey(cert, nickname, NULL); - if (!slot) { - /* XXX g_error */ - goto loser; - } - PK11_FreeSlot(slot); - numCACerts = collectArgs->numcerts - 1; - - if (numCACerts) { - CACerts = collectArgs->rawCerts+1; - if ( ! CERT_ImportCAChain(CACerts, numCACerts, certUsageUserCertImport) ) { - rv = TRUE; - } - } - - loser: - if (arena) { - PORT_FreeArena(arena, PR_FALSE); - } - if ( cert ) { - CERT_DestroyCertificate(cert); - } - return rv; -} - -gboolean -e_cert_db_import_server_cert (ECertDB *certdb, - char *data, guint32 length, - GError **error) -{ - /* not c&p'ing this over at the moment, as we don't have a UI - for server certs anyway */ - return FALSE; -} - -gboolean -e_cert_db_import_certs_from_file (ECertDB *cert_db, - const char *file_path, - ECertType cert_type, - GError **error) -{ - gboolean rv; - int fd; - struct stat sb; - char *buf; - int bytes_read; - - switch (cert_type) { - case E_CERT_CA: - case E_CERT_CONTACT: - case E_CERT_SITE: - /* good */ - break; - - default: - /* not supported (yet) */ - /* XXX gerror */ - return FALSE; - } - - fd = open (file_path, O_RDONLY); - if (fd == -1) { - /* XXX gerror */ - return FALSE; - } - - if (-1 == fstat (fd, &sb)) { - /* XXX gerror */ - close (fd); - return FALSE; - } - - buf = g_malloc (sb.st_size); - if (!buf) { - /* XXX gerror */ - close (fd); - return FALSE; - } - - bytes_read = read (fd, buf, sb.st_size); - - close (fd); - - if (bytes_read != sb.st_size) { - /* XXX gerror */ - rv = FALSE; - } - else { - printf ("importing %d bytes from `%s'\n", bytes_read, file_path); - - switch (cert_type) { - case E_CERT_CA: - rv = e_cert_db_import_certs (cert_db, buf, bytes_read, cert_type, error); - break; - - case E_CERT_SITE: - rv = e_cert_db_import_server_cert (cert_db, buf, bytes_read, error); - break; - - case E_CERT_CONTACT: - rv = e_cert_db_import_email_cert (cert_db, buf, bytes_read, error); - break; - - default: - rv = FALSE; - break; - } - } - - g_free (buf); - return rv; -} - -gboolean -e_cert_db_import_pkcs12_file (ECertDB *cert_db, - const char *file_path, - GError **error) -{ -} - -gboolean -e_cert_db_export_pkcs12_file (ECertDB *cert_db, - const char *file_path, - GList *certs, - GError **error) -{ -} - - - -static SECStatus PR_CALLBACK -collect_certs(void *arg, SECItem **certs, int numcerts) -{ - CERTDERCerts *collectArgs; - SECItem *cert; - SECStatus rv; - - collectArgs = (CERTDERCerts *)arg; - - collectArgs->numcerts = numcerts; - collectArgs->rawCerts = (SECItem *) PORT_ArenaZAlloc(collectArgs->arena, sizeof(SECItem) * numcerts); - if ( collectArgs->rawCerts == NULL ) - return(SECFailure); - - cert = collectArgs->rawCerts; - - while ( numcerts-- ) { - rv = SECITEM_CopyItem(collectArgs->arena, cert, *certs); - if ( rv == SECFailure ) - return(SECFailure); - cert++; - certs++; - } - - return (SECSuccess); -} - -static CERTDERCerts* -e_cert_db_get_certs_from_package (PRArenaPool *arena, - char *data, - guint32 length) -{ - /*nsNSSShutDownPreventionLock locker;*/ - CERTDERCerts *collectArgs = - (CERTDERCerts *)PORT_ArenaZAlloc(arena, sizeof(CERTDERCerts)); - SECStatus sec_rv; - - if (!collectArgs) - return NULL; - - collectArgs->arena = arena; - sec_rv = CERT_DecodeCertPackage(data, - length, collect_certs, - (void *)collectArgs); - - if (sec_rv != SECSuccess) - return NULL; - - return collectArgs; -} diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h deleted file mode 100644 index ffc381587a..0000000000 --- a/smime/lib/e-cert-db.h +++ /dev/null @@ -1,128 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok - * - * Copyright (C) 2003 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _E_CERT_DB_H_ -#define _E_CERT_DB_H_ - -#include -#include "e-cert.h" -#include - -#define E_TYPE_CERT_DB (e_cert_db_get_type ()) -#define E_CERT_DB(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_CERT_DB, ECertDB)) -#define E_CERT_DB_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_CERT_DB, ECertDBClass)) -#define E_IS_CERT_DB(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_CERT_DB)) -#define E_IS_CERT_DB_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_CERT_DB)) -#define E_CERT_DB_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_CERT_DB, ECertDBClass)) - -typedef struct _ECertDB ECertDB; -typedef struct _ECertDBClass ECertDBClass; -typedef struct _ECertDBPrivate ECertDBPrivate; - -struct _ECertDB { - GObject parent; - - ECertDBPrivate *priv; -}; - -struct _ECertDBClass { - GObjectClass parent_class; - - /* Padding for future expansion */ - void (*_ecert_reserved0) (void); - void (*_ecert_reserved1) (void); - void (*_ecert_reserved2) (void); - void (*_ecert_reserved3) (void); - void (*_ecert_reserved4) (void); -}; - -GType e_cert_db_get_type (void); - -/* single instance */ -ECertDB* e_cert_db_peek (void); - -void e_cert_db_shutdown (void); - -/* searching for certificates */ -ECert* e_cert_db_find_cert_by_nickname (ECertDB *certdb, - const char *nickname, - GError **error); - -ECert* e_cert_db_find_cert_by_key (ECertDB *certdb, - const char *db_key, - GError **error); - -GList* e_cert_db_get_cert_nicknames (ECertDB *certdb, - ECertType cert_type, - GError **error); - - -ECert* e_cert_db_find_email_encryption_cert (ECertDB *certdb, - const char *nickname, - GError **error); - -ECert* e_cert_db_find_email_signing_cert (ECertDB *certdb, - const char *nickname, - GError **error); - -ECert* e_cert_db_find_cert_by_email_address (ECertDB *certdb, - const char *nickname, - GError **error); - -/* deleting certificates */ -gboolean e_cert_db_delete_cert (ECertDB *certdb, - ECert *cert); - -/* importing certificates */ -gboolean e_cert_db_import_certs (ECertDB *certdb, - char *data, guint32 length, - ECertType cert_type, - GError **error); - -gboolean e_cert_db_import_email_cert (ECertDB *certdb, - char *data, guint32 length, - GError **error); - -gboolean e_cert_db_import_user_cert (ECertDB *certdb, - char *data, guint32 length, - GError **error); - -gboolean e_cert_db_import_server_cert (ECertDB *certdb, - char *data, guint32 length, - GError **error); - -gboolean e_cert_db_import_certs_from_file (ECertDB *cert_db, - const char *file_path, - ECertType cert_type, - GError **error); - -gboolean e_cert_db_import_pkcs12_file (ECertDB *cert_db, - const char *file_path, - GError **error); - -gboolean e_cert_db_export_pkcs12_file (ECertDB *cert_db, - const char *file_path, - GList *certs, - GError **error); - - -#endif /* _E_CERT_DB_H_ */ diff --git a/smime/lib/e-cert-trust.c b/smime/lib/e-cert-trust.c deleted file mode 100644 index 7386a88963..0000000000 --- a/smime/lib/e-cert-trust.c +++ /dev/null @@ -1,418 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok - * - * Copyright (C) 2003 Novell, Inc. (www.novell.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -/* this code is pretty much cut&pasted and renamed from mozilla. - here's their copyright/blurb */ - -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * Ian McGreer - * Javier Delgadillo - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - */ - -#include "e-cert-trust.h" - -void -e_cert_trust_init (CERTCertTrust *trust) -{ - memset(trust, 0, sizeof(CERTCertTrust)); -} - -void -e_cert_trust_init_with_values (CERTCertTrust *trust, - unsigned int ssl, - unsigned int email, - unsigned int objsign) -{ - memset(trust, 0, sizeof(CERTCertTrust)); - e_cert_trust_add_trust(&trust->sslFlags, ssl); - e_cert_trust_add_trust(&trust->emailFlags, email); - e_cert_trust_add_trust(&trust->objectSigningFlags, objsign); -} - -void -e_cert_trust_copy (CERTCertTrust *trust, CERTCertTrust *t) -{ - if (t) - memcpy(trust, t, sizeof(CERTCertTrust)); - else - memset(trust, 0, sizeof(CERTCertTrust)); -} - -void -e_cert_trust_add_ca_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign) -{ - if (ssl) { - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CA); - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA); - } - if (email) { - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CA); - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA); - } - if (objSign) { - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CA); - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA); - } -} - -void -e_cert_trust_add_peer_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign) -{ - if (ssl) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED); - if (email) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED); - if (objSign) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED); -} - -void -e_cert_trust_set_ssl_trust (CERTCertTrust *trust, - PRBool peer, PRBool tPeer, - PRBool ca, PRBool tCA, PRBool tClientCA, - PRBool user, PRBool warn) -{ - trust->sslFlags = 0; - if (peer || tPeer) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_VALID_PEER); - if (tPeer) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED); - if (ca || tCA) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_VALID_CA); - if (tClientCA) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA); - if (tCA) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CA); - if (user) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_USER); - if (warn) - e_cert_trust_add_trust(&trust->sslFlags, CERTDB_SEND_WARN); -} - -void -e_cert_trust_set_email_trust (CERTCertTrust *trust, - PRBool peer, PRBool tPeer, - PRBool ca, PRBool tCA, PRBool tClientCA, - PRBool user, PRBool warn) -{ - trust->emailFlags = 0; - if (peer || tPeer) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_VALID_PEER); - if (tPeer) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED); - if (ca || tCA) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_VALID_CA); - if (tClientCA) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA); - if (tCA) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CA); - if (user) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_USER); - if (warn) - e_cert_trust_add_trust(&trust->emailFlags, CERTDB_SEND_WARN); -} - -void -e_cert_trust_set_objsign_trust (CERTCertTrust *trust, - PRBool peer, PRBool tPeer, - PRBool ca, PRBool tCA, PRBool tClientCA, - PRBool user, PRBool warn) -{ - trust->objectSigningFlags = 0; - if (peer || tPeer) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_VALID_PEER); - if (tPeer) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED); - if (ca || tCA) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_VALID_CA); - if (tClientCA) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA); - if (tCA) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CA); - if (user) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_USER); - if (warn) - e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_SEND_WARN); -} - -void -e_cert_trust_set_valid_ca (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); -} - -void -e_cert_trust_set_trusted_server_ca (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE); -} - -void -e_cert_trust_set_trusted_ca (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_TRUE, PR_TRUE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_TRUE, PR_TRUE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_FALSE, PR_FALSE, - PR_TRUE, PR_TRUE, PR_TRUE, - PR_FALSE, PR_FALSE); -} - -void -e_cert_trust_set_valid_peer (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); -} - -void -e_cert_trust_set_valid_server_peer (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_TRUE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); -} - -void -e_cert_trust_set_trusted_peer (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_TRUE, PR_TRUE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_TRUE, PR_TRUE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_TRUE, PR_TRUE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE); -} - -void -e_cert_trust_set_user (CERTCertTrust *trust) -{ - e_cert_trust_set_ssl_trust (trust, - PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE); - e_cert_trust_set_email_trust (trust, - PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE); - e_cert_trust_set_objsign_trust (trust, - PR_FALSE, PR_FALSE, - PR_FALSE, PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE); -} - -PRBool -e_cert_trust_has_any_ca (CERTCertTrust *trust) -{ - if (e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_CA) || - e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_CA) || - e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_CA)) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -e_cert_trust_has_ca (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign) -{ - if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_CA)) - return PR_FALSE; - if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_CA)) - return PR_FALSE; - if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_CA)) - return PR_FALSE; - return PR_TRUE; -} - -PRBool -e_cert_trust_has_peer (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign) -{ - if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_PEER)) - return PR_FALSE; - if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_PEER)) - return PR_FALSE; - if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_PEER)) - return PR_FALSE; - return PR_TRUE; -} - -PRBool -e_cert_trust_has_any_user (CERTCertTrust *trust) -{ - if (e_cert_trust_has_trust(trust->sslFlags, CERTDB_USER) || - e_cert_trust_has_trust(trust->emailFlags, CERTDB_USER) || - e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_USER)) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -e_cert_trust_has_user (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign) -{ - if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_USER)) - return PR_FALSE; - if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_USER)) - return PR_FALSE; - if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_USER)) - return PR_FALSE; - return PR_TRUE; -} - -PRBool -e_cert_trust_has_trusted_ca (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign) -{ - if (checkSSL && !(e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED_CA) || - e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA))) - return PR_FALSE; - if (checkEmail && !(e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED_CA) || - e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA))) - return PR_FALSE; - if (checkObjSign && - !(e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED_CA) || - e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA))) - return PR_FALSE; - return PR_TRUE; -} - -PRBool -e_cert_trust_has_trusted_peer (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign) -{ - if (checkSSL && !(e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED))) - return PR_FALSE; - if (checkEmail && !(e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED))) - return PR_FALSE; - if (checkObjSign && - !(e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED))) - return PR_FALSE; - return PR_TRUE; -} - -void -e_cert_trust_add_trust (unsigned int *t, unsigned int v) -{ - *t |= v; -} - -PRBool -e_cert_trust_has_trust (unsigned int t, unsigned int v) -{ - return (t & v); -} - diff --git a/smime/lib/e-cert-trust.h b/smime/lib/e-cert-trust.h deleted file mode 100644 index c55d928019..0000000000 --- a/smime/lib/e-cert-trust.h +++ /dev/null @@ -1,86 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok - * - * Copyright (C) 2003 Novell, Inc. (www.novell.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _E_CERT_TRUST_H_ -#define _E_CERT_TRUST_H_ - -#include -#include -#include - -G_BEGIN_DECLS - -void e_cert_trust_init (CERTCertTrust *trust); -void e_cert_trust_init_with_values (CERTCertTrust *trust, - unsigned int ssl, - unsigned int email, - unsigned int objsign); -void e_cert_trust_copy (CERTCertTrust *dst_trust, CERTCertTrust *src_trust); -void e_cert_trust_add_ca_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign); -void e_cert_trust_add_peer_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign); -void e_cert_trust_set_ssl_trust (CERTCertTrust *trust, - PRBool peer, PRBool tPeer, - PRBool ca, PRBool tCA, PRBool tClientCA, - PRBool user, PRBool warn); -void e_cert_trust_set_email_trust (CERTCertTrust *trust, - PRBool peer, PRBool tPeer, - PRBool ca, PRBool tCA, PRBool tClientCA, - PRBool user, PRBool warn); -void e_cert_trust_set_objsign_trust (CERTCertTrust *trust, - PRBool peer, PRBool tPeer, - PRBool ca, PRBool tCA, PRBool tClientCA, - PRBool user, PRBool warn); -void e_cert_trust_set_valid_ca (CERTCertTrust *trust); -void e_cert_trust_set_trusted_server_ca (CERTCertTrust *trust); -void e_cert_trust_set_trusted_ca (CERTCertTrust *trust); -void e_cert_trust_set_valid_peer (CERTCertTrust *trust); -void e_cert_trust_set_valid_server_peer (CERTCertTrust *trust); -void e_cert_trust_set_trusted_peer (CERTCertTrust *trust); -void e_cert_trust_set_user (CERTCertTrust *trust); -PRBool e_cert_trust_has_any_ca (CERTCertTrust *trust); -PRBool e_cert_trust_has_ca (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign); -PRBool e_cert_trust_has_peer (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign); -PRBool e_cert_trust_has_any_user (CERTCertTrust *trust); -PRBool e_cert_trust_has_user (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign); -PRBool e_cert_trust_has_trusted_ca (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign); -PRBool e_cert_trust_has_trusted_peer (CERTCertTrust *trust, - PRBool checkSSL, - PRBool checkEmail, - PRBool checkObjSign); -void e_cert_trust_add_trust (unsigned int *t, unsigned int v); -PRBool e_cert_trust_has_trust (unsigned int t, unsigned int v); - -G_END_DECLS - -#endif /* _E_CERT_H_ */ diff --git a/smime/lib/e-cert.c b/smime/lib/e-cert.c deleted file mode 100644 index 54f79690d6..0000000000 --- a/smime/lib/e-cert.c +++ /dev/null @@ -1,1227 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* e-cert.c - * - * Copyright (C) 2003 Ximian, Inc. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: Chris Toshok (toshok@ximian.com) - */ - -/* The following is the mozilla license blurb, as the bodies some of - these functions were derived from the mozilla source. */ - -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - */ - -#include - -#include -#include /* for e_utf8_strftime, what about e_time_format_time? */ - -#include "e-cert.h" -#include "e-cert-trust.h" -#include "pk11func.h" -#include "certdb.h" -#include "hasht.h" - -struct _ECertPrivate { - CERTCertificate *cert; - - /* pointers we cache since the nss implementation allocs the - string */ - char *org_name; - char *org_unit_name; - char *cn; - - char *issuer_org_name; - char *issuer_org_unit_name; - char *issuer_cn; - - PRTime issued_on; - PRTime expires_on; - - char *issued_on_string; - char *expires_on_string; - - char *serial_number; - - char *sha1_fingerprint; - char *md5_fingerprint; - - EASN1Object *asn1; - - gboolean delete; -}; - -#define PARENT_TYPE G_TYPE_OBJECT -static GObjectClass *parent_class; - -static void -e_cert_dispose (GObject *object) -{ - ECert *ec = E_CERT (object); - - if (!ec->priv) - return; - - if (ec->priv->org_name) - PORT_Free (ec->priv->org_name); - if (ec->priv->org_unit_name) - PORT_Free (ec->priv->org_unit_name); - if (ec->priv->cn) - PORT_Free (ec->priv->cn); - - if (ec->priv->issuer_org_name) - PORT_Free (ec->priv->issuer_org_name); - if (ec->priv->issuer_org_unit_name) - PORT_Free (ec->priv->issuer_org_unit_name); - if (ec->priv->issuer_cn) - PORT_Free (ec->priv->issuer_cn); - - if (ec->priv->issued_on_string) - PORT_Free (ec->priv->issued_on_string); - if (ec->priv->expires_on_string) - PORT_Free (ec->priv->expires_on_string); - if (ec->priv->serial_number) - PORT_Free (ec->priv->serial_number); - - if (ec->priv->sha1_fingerprint) - PORT_Free (ec->priv->sha1_fingerprint); - if (ec->priv->md5_fingerprint) - PORT_Free (ec->priv->md5_fingerprint); - - if (ec->priv->asn1) - g_object_unref (ec->priv->asn1); - - if (ec->priv->delete) { - printf ("attempting to delete cert marked for deletion\n"); - if (e_cert_get_cert_type (ec) == E_CERT_USER) { - PK11_DeleteTokenCertAndKey(ec->priv->cert, NULL); - } else if (!PK11_IsReadOnly(ec->priv->cert->slot)) { - /* If the list of built-ins does contain a non-removable - copy of this certificate, our call will not remove - the certificate permanently, but rather remove all trust. */ - SEC_DeletePermCertificate(ec->priv->cert); - } - } - - g_free (ec->priv); - ec->priv = NULL; - - if (G_OBJECT_CLASS (parent_class)->dispose) - G_OBJECT_CLASS (parent_class)->dispose (object); -} - -static void -e_cert_class_init (ECertClass *klass) -{ - GObjectClass *object_class; - - object_class = G_OBJECT_CLASS(klass); - - parent_class = g_type_class_ref (PARENT_TYPE); - - object_class->dispose = e_cert_dispose; -} - -static void -e_cert_init (ECert *ec) -{ - ec->priv = g_new0 (ECertPrivate, 1); -} - -GType -e_cert_get_type (void) -{ - static GType cert_type = 0; - - if (!cert_type) { - static const GTypeInfo cert_info = { - sizeof (ECertClass), - NULL, /* base_init */ - NULL, /* base_finalize */ - (GClassInitFunc) e_cert_class_init, - NULL, /* class_finalize */ - NULL, /* class_data */ - sizeof (ECert), - 0, /* n_preallocs */ - (GInstanceInitFunc) e_cert_init, - }; - - cert_type = g_type_register_static (PARENT_TYPE, "ECert", &cert_info, 0); - } - - return cert_type; -} - - - -static void -e_cert_populate (ECert *cert) -{ - CERTCertificate *c = cert->priv->cert; - unsigned char fingerprint[20]; - SECItem fpItem; - - cert->priv->org_name = CERT_GetOrgName (&c->subject); - cert->priv->org_unit_name = CERT_GetOrgUnitName (&c->subject); - - cert->priv->issuer_org_name = CERT_GetOrgName (&c->issuer); - cert->priv->issuer_org_unit_name = CERT_GetOrgUnitName (&c->issuer); - - cert->priv->cn = CERT_GetCommonName (&c->subject); - cert->priv->issuer_cn = CERT_GetCommonName (&c->issuer); - - if (SECSuccess == CERT_GetCertTimes (c, &cert->priv->issued_on, &cert->priv->expires_on)) { - PRExplodedTime explodedTime; - struct tm exploded_tm; - char buf[32]; - - PR_ExplodeTime (cert->priv->issued_on, PR_LocalTimeParameters, &explodedTime); - exploded_tm.tm_sec = explodedTime.tm_sec; - exploded_tm.tm_min = explodedTime.tm_min; - exploded_tm.tm_hour = explodedTime.tm_hour; - exploded_tm.tm_mday = explodedTime.tm_mday; - exploded_tm.tm_mon = explodedTime.tm_month; - exploded_tm.tm_year = explodedTime.tm_year - 1900; - e_utf8_strftime (buf, sizeof(buf), _("%d/%m/%Y"), &exploded_tm); - cert->priv->issued_on_string = g_strdup (buf); - - PR_ExplodeTime (cert->priv->expires_on, PR_LocalTimeParameters, &explodedTime); - exploded_tm.tm_sec = explodedTime.tm_sec; - exploded_tm.tm_min = explodedTime.tm_min; - exploded_tm.tm_hour = explodedTime.tm_hour; - exploded_tm.tm_mday = explodedTime.tm_mday; - exploded_tm.tm_mon = explodedTime.tm_month; - exploded_tm.tm_year = explodedTime.tm_year - 1900; - e_utf8_strftime (buf, sizeof(buf), _("%d/%m/%Y"), &exploded_tm); - cert->priv->expires_on_string = g_strdup (buf); - } - - cert->priv->serial_number = CERT_Hexify (&cert->priv->cert->serialNumber, TRUE); - - memset(fingerprint, 0, sizeof fingerprint); - PK11_HashBuf(SEC_OID_SHA1, fingerprint, - cert->priv->cert->derCert.data, - cert->priv->cert->derCert.len); - fpItem.data = fingerprint; - fpItem.len = SHA1_LENGTH; - cert->priv->sha1_fingerprint = CERT_Hexify (&fpItem, TRUE); - - memset(fingerprint, 0, sizeof fingerprint); - PK11_HashBuf(SEC_OID_MD5, fingerprint, - cert->priv->cert->derCert.data, - cert->priv->cert->derCert.len); - fpItem.data = fingerprint; - fpItem.len = MD5_LENGTH; - cert->priv->md5_fingerprint = CERT_Hexify (&fpItem, TRUE); -} - -ECert* -e_cert_new (CERTCertificate *cert) -{ - ECert *ecert = E_CERT (g_object_new (E_TYPE_CERT, NULL)); - - ecert->priv->cert = cert; - - e_cert_populate (ecert); - - return ecert; -} - -ECert* -e_cert_new_from_der (char *data, guint32 len) -{ - CERTCertificate *cert = CERT_DecodeCertFromPackage (data, len); - - if (!cert) - return NULL; - - if (cert->dbhandle == NULL) - cert->dbhandle = CERT_GetDefaultCertDB(); - - return e_cert_new (cert); -} - - - - -CERTCertificate* -e_cert_get_internal_cert (ECert *cert) -{ - /* XXX should this refcnt it? */ - return cert->priv->cert; -} - -gboolean -e_cert_get_raw_der (ECert *cert, char **data, guint32 *len) -{ - /* XXX do we really need to check if cert->priv->cert is NULL - here? it should always be non-null if we have the - ECert.. */ - if (cert->priv->cert) { - *data = (char*)cert->priv->cert->derCert.data; - *len = (guint32)cert->priv->cert->derCert.len; - return TRUE; - } - - *len = 0; - return FALSE; - -} - -const char* -e_cert_get_window_title (ECert *cert) -{ - if (cert->priv->cert->nickname) - return cert->priv->cert->nickname; - else if (cert->priv->cn) - return cert->priv->cn; - else - return cert->priv->cert->subjectName; -} - -const char* -e_cert_get_nickname (ECert *cert) -{ - return cert->priv->cert->nickname; -} - -const char* -e_cert_get_email (ECert *cert) -{ - return cert->priv->cert->emailAddr; -} - -const char* -e_cert_get_org (ECert *cert) -{ - return cert->priv->org_name; -} - -const char* -e_cert_get_org_unit (ECert *cert) -{ - return cert->priv->org_unit_name; -} - -const char* -e_cert_get_cn (ECert *cert) -{ - return cert->priv->cn; -} - -const char* -e_cert_get_issuer_name (ECert *cert) -{ - return cert->priv->cert->issuerName; -} - -const char* -e_cert_get_issuer_cn (ECert *cert) -{ - return cert->priv->issuer_cn; -} - -const char* -e_cert_get_issuer_org (ECert *cert) -{ - return cert->priv->issuer_org_name; -} - -const char* -e_cert_get_issuer_org_unit (ECert *cert) -{ - return cert->priv->issuer_org_unit_name; -} - -const char* -e_cert_get_subject_name (ECert *cert) -{ - return cert->priv->cert->subjectName; -} - -PRTime -e_cert_get_issued_on_time (ECert *cert) -{ - return cert->priv->issued_on; -} - -const char* -e_cert_get_issued_on (ECert *cert) -{ - return cert->priv->issued_on_string; -} - -PRTime -e_cert_get_expires_on_time (ECert *cert) -{ - return cert->priv->expires_on; -} - -const char* -e_cert_get_expires_on (ECert *cert) -{ - return cert->priv->expires_on_string; -} - -const char* -e_cert_get_serial_number (ECert *cert) -{ - return cert->priv->serial_number; -} - -const char* -e_cert_get_sha1_fingerprint (ECert *cert) -{ - return cert->priv->sha1_fingerprint; -} - -const char* -e_cert_get_md5_fingerprint (ECert *cert) -{ - return cert->priv->md5_fingerprint; -} - -GList* -e_cert_get_chain (ECert *ecert) -{ - GList *l = NULL; - - g_object_ref (ecert); - - while (ecert) { - CERTCertificate *cert = e_cert_get_internal_cert (ecert); - CERTCertificate *next_cert; - - l = g_list_append (l, ecert); - - if (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject) == SECEqual) - break; - - next_cert = CERT_FindCertIssuer (cert, PR_Now(), certUsageSSLClient); - if (!next_cert) - break; - ecert = e_cert_new (next_cert); - } - - return l; -} - -static gboolean -get_int_value (SECItem *versionItem, - unsigned long *version) -{ - SECStatus srv; - srv = SEC_ASN1DecodeInteger(versionItem,version); - if (srv != SECSuccess) { - g_warning ("could not decode version of cert"); - return FALSE; - } - return TRUE; -} - -static gboolean -process_version (SECItem *versionItem, - EASN1Object **retItem) -{ - EASN1Object *item = e_asn1_object_new (); - unsigned long version; - - e_asn1_object_set_display_name (item, _("Version")); - - /* Now to figure out what version this certificate is. */ - - if (versionItem->data) { - if (!get_int_value (versionItem, &version)) - return FALSE; - } else { - /* If there is no version present in the cert, then rfc2459 - says we default to v1 (0) */ - version = 0; - } - - switch (version){ - case 0: - e_asn1_object_set_display_value (item, _("Version 1")); - break; - case 1: - e_asn1_object_set_display_value (item, _("Version 2")); - break; - case 2: - e_asn1_object_set_display_value (item, _("Version 3")); - break; - default: - g_warning ("Bad value for cert version"); - return FALSE; - } - - *retItem = item; - return TRUE; -} - -static gboolean -process_serial_number_der (SECItem *serialItem, - EASN1Object **retItem) -{ - char *serialNumber; - EASN1Object *item = e_asn1_object_new (); - - e_asn1_object_set_display_name (item, _("Serial Number")); - - serialNumber = CERT_Hexify(serialItem, 1); - - e_asn1_object_set_display_value (item, serialNumber); - PORT_Free (serialNumber); /* XXX the right free to use? */ - - *retItem = item; - return TRUE; -} - -static gboolean -get_default_oid_format (SECItem *oid, - char **text) -{ - char buf[300]; - unsigned int len; - int written; - - unsigned long val = oid->data[0]; - unsigned int i = val % 40; - val /= 40; - written = PR_snprintf(buf, 300, "%lu %u ", val, i); - if (written < 0) - return FALSE; - len = written; - - val = 0; - for (i = 1; i < oid->len; ++i) { - /* In this loop, we have to parse a DER formatted - If the first bit is a 1, then the integer is - represented by more than one byte. If the - first bit is set then we continue on and add - the values of the later bytes until we get - a byte without the first bit set. - */ - unsigned long j; - - j = oid->data[i]; - val = (val << 7) | (j & 0x7f); - if (j & 0x80) - continue; - written = PR_snprintf(&buf[len], sizeof(buf)-len, "%lu ", val); - if (written < 0) - return FALSE; - - len += written; - if (len >= sizeof (buf)) - g_warning ("OID data to big to display in 300 chars."); - val = 0; - } - - *text = g_strdup (buf); - return TRUE; -} - -static gboolean -get_oid_text (SECItem *oid, char **text) -{ - SECOidTag oidTag = SECOID_FindOIDTag(oid); - char *temp; - - switch (oidTag) { - case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: - *text = g_strdup (_("PKCS #1 MD2 With RSA Encryption")); - break; - case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: - *text = g_strdup (_("PKCS #1 MD5 With RSA Encryption")); - break; - case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: - *text = g_strdup (_("PKCS #1 SHA-1 With RSA Encryption")); - break; - case SEC_OID_AVA_COUNTRY_NAME: - *text = g_strdup (_("C")); - break; - case SEC_OID_AVA_COMMON_NAME: - *text = g_strdup (_("CN")); - break; - case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME: - *text = g_strdup (_("OU")); - break; - case SEC_OID_AVA_ORGANIZATION_NAME: - *text = g_strdup (_("O")); - break; - case SEC_OID_AVA_LOCALITY: - *text = g_strdup (_("L")); - break; - case SEC_OID_AVA_DN_QUALIFIER: - *text = g_strdup (_("DN")); - break; - case SEC_OID_AVA_DC: - *text = g_strdup (_("DC")); - break; - case SEC_OID_AVA_STATE_OR_PROVINCE: - *text = g_strdup (_("ST")); - break; - case SEC_OID_PKCS1_RSA_ENCRYPTION: - *text = g_strdup (_("PKCS #1 RSA Encryption")); - break; - case SEC_OID_X509_KEY_USAGE: - *text = g_strdup (_("Certificate Key Usage")); - break; - case SEC_OID_NS_CERT_EXT_CERT_TYPE: - *text = g_strdup (_("Netscape Certificate Type")); - break; - case SEC_OID_X509_AUTH_KEY_ID: - *text = g_strdup (_("Certificate Authority Key Identifier")); - break; - case SEC_OID_RFC1274_UID: - *text = g_strdup (_("UID")); - break; - case SEC_OID_PKCS9_EMAIL_ADDRESS: - *text = g_strdup (_("E")); - break; - default: - if (!get_default_oid_format (oid, &temp)) - return FALSE; - - *text = g_strdup_printf (_("Object Identifier (%s)"), temp); - g_free (temp); - - break; - } - return TRUE; -} - - -static gboolean -process_raw_bytes (SECItem *data, char **text) -{ - /* This function is used to display some DER bytes - that we have not added support for decoding. - It prints the value of the byte out into a - string that can later be displayed as a byte - string. We place a new line after 24 bytes - to break up extermaly long sequence of bytes. - */ - GString *str = g_string_new (""); - PRUint32 i; - char buffer[5]; - for (i=0; ilen; i++) { - PR_snprintf(buffer, 5, "%02x ", data->data[i]); - g_string_append (str, buffer); - if ((i+1)%16 == 0) { - g_string_append (str, "\n"); - } - } - *text = g_string_free (str, FALSE); - return TRUE; -} - -static gboolean -process_sec_algorithm_id (SECAlgorithmID *algID, - EASN1Object **retSequence) -{ - EASN1Object *sequence = e_asn1_object_new (); - char *text; - - *retSequence = NULL; - - get_oid_text (&algID->algorithm, &text); - - if (!algID->parameters.len || algID->parameters.data[0] == E_ASN1_OBJECT_TYPE_NULL) { - e_asn1_object_set_display_value (sequence, text); - e_asn1_object_set_valid_container (sequence, FALSE); - } else { - EASN1Object *subitem; - - subitem = e_asn1_object_new (); - e_asn1_object_set_display_name (subitem, _("Algorithm Identifier")); - e_asn1_object_set_display_value (subitem, text); - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - - g_free (text); - - subitem = e_asn1_object_new (); - e_asn1_object_set_display_name (subitem, _("Algorithm Parameters")); - process_raw_bytes (&algID->parameters, &text); - e_asn1_object_set_display_value (subitem, text); - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - } - - g_free (text); - *retSequence = sequence; - return TRUE; -} - -static gboolean -process_subject_public_key_info (CERTSubjectPublicKeyInfo *spki, - EASN1Object *parentSequence) -{ - EASN1Object *spkiSequence = e_asn1_object_new(); - EASN1Object *sequenceItem; - EASN1Object *printableItem; - SECItem data; - char *text; - - e_asn1_object_set_display_name (spkiSequence, _("Subject Public Key Info")); - - if (!process_sec_algorithm_id (&spki->algorithm, &sequenceItem)) - return FALSE; - - e_asn1_object_set_display_name (sequenceItem, _("Subject Public Key Algorithm")); - - e_asn1_object_append_child (spkiSequence, sequenceItem); - - /* The subjectPublicKey field is encoded as a bit string. - ProcessRawBytes expects the lenght to be in bytes, so - let's convert the lenght into a temporary SECItem. - */ - data.data = spki->subjectPublicKey.data; - data.len = spki->subjectPublicKey.len / 8; - - process_raw_bytes (&data, &text); - printableItem = e_asn1_object_new (); - - e_asn1_object_set_display_value (printableItem, text); - e_asn1_object_set_display_name (printableItem, _("Subject's Public Key")); - e_asn1_object_append_child (spkiSequence, printableItem); - g_object_unref (printableItem); - - e_asn1_object_append_child (parentSequence, spkiSequence); - g_object_unref (spkiSequence); - - return TRUE; -} - -static gboolean -process_ns_cert_type_extensions (SECItem *extData, - GString *text) -{ - SECItem decoded; - unsigned char nsCertType; - - decoded.data = NULL; - decoded.len = 0; - if (SECSuccess != SEC_ASN1DecodeItem(NULL, &decoded, - SEC_ASN1_GET(SEC_BitStringTemplate), extData)) { - g_string_append (text, _("Error: Unable to process extension")); - return TRUE; - } - - nsCertType = decoded.data[0]; - - PORT_Free (decoded.data); /* XXX right free? */ - - if (nsCertType & NS_CERT_TYPE_SSL_CLIENT) { - g_string_append (text, _("SSL Client Certificate")); - g_string_append (text, "\n"); - } - if (nsCertType & NS_CERT_TYPE_SSL_SERVER) { - g_string_append (text, _("SSL Server Certificate")); - g_string_append (text, "\n"); - } - if (nsCertType & NS_CERT_TYPE_EMAIL) { - g_string_append (text, _("Email")); - g_string_append (text, "\n"); - } - if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING) { - g_string_append (text, _("Object Signer")); - g_string_append (text, "\n"); - } - if (nsCertType & NS_CERT_TYPE_SSL_CA) { - g_string_append (text, _("SSL Certificate Authority")); - g_string_append (text, "\n"); - } - if (nsCertType & NS_CERT_TYPE_EMAIL_CA) { - g_string_append (text, _("Email Certificate Authority")); - g_string_append (text, "\n"); - } - if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING_CA) { - g_string_append (text, _("Object Signer")); - g_string_append (text, "\n"); - } - return TRUE; -} - -static gboolean -process_key_usage_extensions (SECItem *extData, GString *text) -{ - SECItem decoded; - unsigned char keyUsage; - - decoded.data = NULL; - decoded.len = 0; - if (SECSuccess != SEC_ASN1DecodeItem(NULL, &decoded, - SEC_ASN1_GET(SEC_BitStringTemplate), extData)) { - g_string_append (text, _("Error: Unable to process extension")); - return TRUE; - } - - keyUsage = decoded.data[0]; - PORT_Free (decoded.data); /* XXX right free? */ - - if (keyUsage & KU_DIGITAL_SIGNATURE) { - g_string_append (text, _("Signing")); - g_string_append (text, "\n"); - } - if (keyUsage & KU_NON_REPUDIATION) { - g_string_append (text, _("Non-repudiation")); - g_string_append (text, "\n"); - } - if (keyUsage & KU_KEY_ENCIPHERMENT) { - g_string_append (text, _("Key Encipherment")); - g_string_append (text, "\n"); - } - if (keyUsage & KU_DATA_ENCIPHERMENT) { - g_string_append (text, _("Data Encipherment")); - g_string_append (text, "\n"); - } - if (keyUsage & KU_KEY_AGREEMENT) { - g_string_append (text, _("Key Agreement")); - g_string_append (text, "\n"); - } - if (keyUsage & KU_KEY_CERT_SIGN) { - g_string_append (text, _("Certificate Signer")); - g_string_append (text, "\n"); - } - if (keyUsage & KU_CRL_SIGN) { - g_string_append (text, _("CRL Signer")); - g_string_append (text, "\n"); - } - - return TRUE; -} - -static gboolean -process_extension_data (SECOidTag oidTag, SECItem *extData, - GString *str) -{ - gboolean rv; - switch (oidTag) { - case SEC_OID_NS_CERT_EXT_CERT_TYPE: - rv = process_ns_cert_type_extensions (extData, str); - break; - case SEC_OID_X509_KEY_USAGE: - rv = process_key_usage_extensions (extData, str); - break; - default: { - char *text; - rv = process_raw_bytes (extData, &text); - g_string_append (str, text); - g_free (text); - break; - } - } - return rv; -} - -static gboolean -process_single_extension (CERTCertExtension *extension, - EASN1Object **retExtension) -{ - GString *str = g_string_new (""); - char *text; - EASN1Object *extensionItem; - SECOidTag oidTag = SECOID_FindOIDTag(&extension->id); - - get_oid_text (&extension->id, &text); - - extensionItem = e_asn1_object_new (); - - e_asn1_object_set_display_name (extensionItem, text); - g_free (text); - - if (extension->critical.data != NULL) { - if (extension->critical.data[0]) { - g_string_append (str, _("Critical")); - } else { - g_string_append (str, _("Not Critical")); - } - } else { - g_string_append (str, _("Not Critical")); - } - g_string_append (str, "\n"); - if (!process_extension_data (oidTag, &extension->value, str)) { - g_string_free (str, TRUE); - return FALSE; - } - - e_asn1_object_set_display_value (extensionItem, str->str); - g_string_free (str, TRUE); - *retExtension = extensionItem; - return TRUE; -} - -static gboolean -process_extensions (CERTCertExtension **extensions, - EASN1Object *parentSequence) -{ - EASN1Object *extensionSequence = e_asn1_object_new (); - PRInt32 i; - - e_asn1_object_set_display_name (extensionSequence, _("Extensions")); - - for (i=0; extensions[i] != NULL; i++) { - EASN1Object *newExtension; - - if (!process_single_extension (extensions[i], - &newExtension)) - return FALSE; - - e_asn1_object_append_child (extensionSequence, newExtension); - } - e_asn1_object_append_child (parentSequence, extensionSequence); - return TRUE; -} - -static gboolean -process_name (CERTName *name, char **value) -{ - CERTRDN** rdns; - CERTRDN** rdn; - CERTAVA** avas; - CERTAVA* ava; - SECItem *decodeItem = NULL; - GString *final_string = g_string_new (""); - - char *type; - GString *avavalue; - char *temp; - CERTRDN **lastRdn; - - rdns = name->rdns; - - lastRdn = rdns; - - /* find last RDN */ - lastRdn = rdns; - while (*lastRdn) lastRdn++; - - /* The above whille loop will put us at the last member - * of the array which is a NULL pointer. So let's back - * up one spot so that we have the last non-NULL entry in - * the array in preparation for traversing the - * RDN's (Relative Distinguished Name) in reverse order. - */ - lastRdn--; - - /* - * Loop over name contents in _reverse_ RDN order appending to string - * When building the Ascii string, NSS loops over these entries in - * reverse order, so I will as well. The difference is that NSS - * will always place them in a one line string separated by commas, - * where I want each entry on a single line. I can't just use a comma - * as my delimitter because it is a valid character to have in the - * value portion of the AVA and could cause trouble when parsing. - */ - for (rdn = lastRdn; rdn >= rdns; rdn--) { - avas = (*rdn)->avas; - while ((ava = *avas++) != 0) { - if (!get_oid_text (&ava->type, &type)) - return FALSE; - - /* This function returns a string in UTF8 format. */ - decodeItem = CERT_DecodeAVAValue(&ava->value); - if(!decodeItem) { - return FALSE; - } - - avavalue = g_string_new_len ((char*)decodeItem->data, decodeItem->len); - - SECITEM_FreeItem(decodeItem, PR_TRUE); - - temp = g_strdup_printf (_("%s = %s"), type, avavalue->str); - - g_string_append (final_string, temp); - g_string_append (final_string, "\n"); - g_string_free (avavalue, TRUE); - g_free (temp); - } - } - *value = g_string_free (final_string, FALSE); - return TRUE; -} - -static gboolean -create_tbs_certificate_asn1_struct (ECert *cert, EASN1Object **seq) -{ - /* - ** TBSCertificate ::= SEQUENCE { - ** version [0] EXPLICIT Version DEFAULT v1, - ** serialNumber CertificateSerialNumber, - ** signature AlgorithmIdentifier, - ** issuer Name, - ** validity Validity, - ** subject Name, - ** subjectPublicKeyInfo SubjectPublicKeyInfo, - ** issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - ** -- If present, version shall be v2 or v3 - ** subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - ** -- If present, version shall be v2 or v3 - ** extensions [3] EXPLICIT Extensions OPTIONAL - ** -- If present, version shall be v3 - ** } - ** - ** This is the ASN1 structure we should be dealing with at this point. - ** The code in this method will assert this is the structure we're dealing - ** and then add more user friendly text for that field. - */ - EASN1Object *sequence = e_asn1_object_new (); - char *text; - EASN1Object *subitem; - SECItem data; - - e_asn1_object_set_display_name (sequence, _("Certificate")); - - if (!process_version (&cert->priv->cert->version, &subitem)) - return FALSE; - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - - if (!process_serial_number_der (&cert->priv->cert->serialNumber, &subitem)) - return FALSE; - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - - - if (!process_sec_algorithm_id (&cert->priv->cert->signature, &subitem)) - return FALSE; - e_asn1_object_set_display_name (subitem, _("Certificate Signature Algorithm")); - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - - process_name (&cert->priv->cert->issuer, &text); - subitem = e_asn1_object_new (); - e_asn1_object_set_display_value (subitem, text); - g_free (text); - - e_asn1_object_set_display_name (subitem, _("Issuer")); - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - -#if notyet - nsCOMPtr validitySequence = new nsNSSASN1Sequence(); - nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpValidity").get(), - text); - validitySequence->SetDisplayName(text); - asn1Objects->AppendElement(validitySequence, PR_FALSE); - nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpNotBefore").get(), - text); - nsCOMPtr validityData; - GetValidity(getter_AddRefs(validityData)); - PRTime notBefore, notAfter; - - validityData->GetNotBefore(¬Before); - validityData->GetNotAfter(¬After); - validityData = 0; - rv = ProcessTime(notBefore, text.get(), validitySequence); - if (NS_FAILED(rv)) - return rv; - - nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpNotAfter").get(), - text); - rv = ProcessTime(notAfter, text.get(), validitySequence); - if (NS_FAILED(rv)) - return rv; -#endif - - subitem = e_asn1_object_new (); - e_asn1_object_set_display_name (subitem, _("Subject")); - - process_name (&cert->priv->cert->subject, &text); - e_asn1_object_set_display_value (subitem, text); - g_free (text); - e_asn1_object_append_child (sequence, subitem); - g_object_unref (subitem); - - if (!process_subject_public_key_info (&cert->priv->cert->subjectPublicKeyInfo, sequence)) - return FALSE; - - /* Is there an issuerUniqueID? */ - if (cert->priv->cert->issuerID.data) { - /* The issuerID is encoded as a bit string. - The function ProcessRawBytes expects the - length to be in bytes, so let's convert the - length in a temporary SECItem - */ - data.data = cert->priv->cert->issuerID.data; - data.len = cert->priv->cert->issuerID.len / 8; - - subitem = e_asn1_object_new (); - - e_asn1_object_set_display_name (subitem, _("Issuer Unique ID")); - process_raw_bytes (&data, &text); - e_asn1_object_set_display_value (subitem, text); - g_free (text); - - e_asn1_object_append_child (sequence, subitem); - } - - if (cert->priv->cert->subjectID.data) { - /* The subjectID is encoded as a bit string. - The function ProcessRawBytes expects the - length to be in bytes, so let's convert the - length in a temporary SECItem - */ - data.data = cert->priv->cert->issuerID.data; - data.len = cert->priv->cert->issuerID.len / 8; - - subitem = e_asn1_object_new (); - - e_asn1_object_set_display_name (subitem, _("Subject Unique ID")); - process_raw_bytes (&data, &text); - e_asn1_object_set_display_value (subitem, text); - g_free (text); - - e_asn1_object_append_child (sequence, subitem); - } - if (cert->priv->cert->extensions) { - if (!process_extensions (cert->priv->cert->extensions, sequence)) - return FALSE; - } - - *seq = sequence; - - return TRUE; -} - -static gboolean -create_asn1_struct (ECert *cert) -{ - EASN1Object *sequence; - SECItem temp; - char *text; - - cert->priv->asn1 = e_asn1_object_new (); - - e_asn1_object_set_display_name (cert->priv->asn1, e_cert_get_window_title (cert)); - - /* This sequence will be contain the tbsCertificate, signatureAlgorithm, - and signatureValue. */ - - if (!create_tbs_certificate_asn1_struct (cert, &sequence)) - return FALSE; - e_asn1_object_append_child (cert->priv->asn1, sequence); - g_object_unref (sequence); - - if (!process_sec_algorithm_id (&cert->priv->cert->signatureWrap.signatureAlgorithm, &sequence)) - return FALSE; - e_asn1_object_set_display_name (sequence, _("Certificate Signature Algorithm")); - e_asn1_object_append_child (cert->priv->asn1, sequence); - g_object_unref (sequence); - - sequence = e_asn1_object_new (); - e_asn1_object_set_display_name (sequence, _("Certificate Signature Value")); - - /* The signatureWrap is encoded as a bit string. - The function ProcessRawBytes expects the - length to be in bytes, so let's convert the - length in a temporary SECItem */ - temp.data = cert->priv->cert->signatureWrap.signature.data; - temp.len = cert->priv->cert->signatureWrap.signature.len / 8; - process_raw_bytes (&temp, &text); - e_asn1_object_set_display_value (sequence, text); - e_asn1_object_append_child (cert->priv->asn1, sequence); - g_free (text); - - return TRUE; -} - -EASN1Object* -e_cert_get_asn1_struct (ECert *cert) -{ - if (!cert->priv->asn1) - create_asn1_struct (cert); - - return g_object_ref (cert->priv->asn1); -} - -gboolean -e_cert_mark_for_deletion (ECert *cert) -{ - // nsNSSShutDownPreventionLock locker; - -#if 0 - // make sure user is logged in to the token - nsCOMPtr ctx = new PipUIContext(); -#endif - - if (PK11_NeedLogin(cert->priv->cert->slot) - && !PK11_NeedUserInit(cert->priv->cert->slot) - && !PK11_IsInternal(cert->priv->cert->slot)) { - if (SECSuccess != PK11_Authenticate(cert->priv->cert->slot, PR_TRUE, NULL)) { - return FALSE; - } - } - - cert->priv->delete = TRUE; - - return TRUE; -} - -ECertType -e_cert_get_cert_type (ECert *ecert) -{ - const char *nick = e_cert_get_nickname (ecert); - const char *email = e_cert_get_email (ecert); - CERTCertificate *cert = ecert->priv->cert; - - if (nick) { - if (e_cert_trust_has_any_user (cert->trust)) - return E_CERT_USER; - if (e_cert_trust_has_any_ca (cert->trust) - || CERT_IsCACert(cert,NULL)) - return E_CERT_CA; - if (e_cert_trust_has_peer (cert->trust, PR_TRUE, PR_FALSE, PR_FALSE)) - return E_CERT_SITE; - } - if (email && e_cert_trust_has_peer (cert->trust, PR_FALSE, PR_TRUE, PR_FALSE)) - return E_CERT_CONTACT; - - return E_CERT_UNKNOWN; -} diff --git a/smime/lib/e-cert.h b/smime/lib/e-cert.h deleted file mode 100644 index 243ce1539b..0000000000 --- a/smime/lib/e-cert.h +++ /dev/null @@ -1,103 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok - * - * Copyright (C) 2003 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _E_CERT_H_ -#define _E_CERT_H_ - -#include -#include -#include "e-asn1-object.h" - -#define E_TYPE_CERT (e_cert_get_type ()) -#define E_CERT(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_CERT, ECert)) -#define E_CERT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_CERT, ECertClass)) -#define E_IS_CERT(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_CERT)) -#define E_IS_CERT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_CERT)) -#define E_CERT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_CERT, ECertClass)) - -typedef struct _ECert ECert; -typedef struct _ECertClass ECertClass; -typedef struct _ECertPrivate ECertPrivate; - -typedef enum { - E_CERT_CA, - E_CERT_CONTACT, - E_CERT_SITE, - E_CERT_USER, - E_CERT_UNKNOWN -} ECertType; - -struct _ECert { - GObject parent; - - ECertPrivate *priv; -}; - -struct _ECertClass { - GObjectClass parent_class; - - /* Padding for future expansion */ - void (*_ecert_reserved0) (void); - void (*_ecert_reserved1) (void); - void (*_ecert_reserved2) (void); - void (*_ecert_reserved3) (void); - void (*_ecert_reserved4) (void); -}; - -GType e_cert_get_type (void); - -ECert* e_cert_new (CERTCertificate *cert); -ECert* e_cert_new_from_der (char *data, guint32 len); - -CERTCertificate* e_cert_get_internal_cert (ECert *cert); - -gboolean e_cert_get_raw_der (ECert *cert, char **data, guint32 *len); -const char* e_cert_get_window_title (ECert *cert); -const char* e_cert_get_nickname (ECert *cert); -const char* e_cert_get_email (ECert *cert); -const char* e_cert_get_org (ECert *cert); -const char* e_cert_get_org_unit (ECert *cert); -const char* e_cert_get_cn (ECert *cert); -const char* e_cert_get_subject_name (ECert *cert); - -const char* e_cert_get_issuer_name (ECert *cert); -const char* e_cert_get_issuer_cn (ECert *cert); -const char* e_cert_get_issuer_org (ECert *cert); -const char* e_cert_get_issuer_org_unit (ECert *cert); - -PRTime e_cert_get_issued_on_time (ECert *cert); -const char* e_cert_get_issued_on (ECert *cert); -PRTime e_cert_get_expires_on_time (ECert *cert); -const char* e_cert_get_expires_on (ECert *cert); - -const char* e_cert_get_serial_number (ECert *cert); -const char* e_cert_get_sha1_fingerprint (ECert *cert); -const char* e_cert_get_md5_fingerprint (ECert *cert); - -GList* e_cert_get_chain (ECert *cert); -EASN1Object* e_cert_get_asn1_struct (ECert *cert); - -gboolean e_cert_mark_for_deletion (ECert *cert); - -ECertType e_cert_get_cert_type (ECert *cert); - -#endif /* _E_CERT_H_ */ diff --git a/smime/lib/e-pkcs12.c b/smime/lib/e-pkcs12.c deleted file mode 100644 index 3092944196..0000000000 --- a/smime/lib/e-pkcs12.c +++ /dev/null @@ -1,452 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* e-pkcs12.c - * - * Copyright (C) 2003 Ximian, Inc. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: Chris Toshok (toshok@ximian.com) - */ - -/* The following is the mozilla license blurb, as the bodies some of - these functions were derived from the mozilla source. */ - -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - */ - -#include -#include - -#include -#include -#include - -#include "e-util/e-passwords.h" -#include "e-pkcs12.h" - -#include "prmem.h" -#include "nss.h" -#include "pkcs12.h" -#include "p12plcy.h" -#include "pk11func.h" -#include "secerr.h" - -struct _EPKCS12Private { - int tmp_fd; - char *tmp_path; -}; - -#define PARENT_TYPE G_TYPE_OBJECT -static GObjectClass *parent_class; - -// static callback functions for the NSS PKCS#12 library -static SECItem * PR_CALLBACK nickname_collision(SECItem *, PRBool *, void *); -static void PR_CALLBACK write_export_file(void *arg, const char *buf, unsigned long len); - -static gboolean handle_error(int myerr); - -#define PKCS12_TMPFILENAME ".p12tmp" -#define PKCS12_BUFFER_SIZE 2048 -#define PKCS12_RESTORE_OK 1 -#define PKCS12_BACKUP_OK 2 -#define PKCS12_USER_CANCELED 3 -#define PKCS12_NOSMARTCARD_EXPORT 4 -#define PKCS12_RESTORE_FAILED 5 -#define PKCS12_BACKUP_FAILED 6 -#define PKCS12_NSS_ERROR 7 - -static void -e_pkcs12_dispose (GObject *object) -{ - EPKCS12 *pk = E_PKCS12 (object); - - if (!pk->priv) - return; - - /* XXX free instance private foo */ - - g_free (pk->priv); - pk->priv = NULL; - - if (G_OBJECT_CLASS (parent_class)->dispose) - G_OBJECT_CLASS (parent_class)->dispose (object); -} - -static void -e_pkcs12_class_init (EPKCS12Class *klass) -{ - GObjectClass *object_class; - - object_class = G_OBJECT_CLASS(klass); - - parent_class = g_type_class_ref (PARENT_TYPE); - - object_class->dispose = e_pkcs12_dispose; -} - -static void -e_pkcs12_init (EPKCS12 *ec) -{ - ec->priv = g_new0 (EPKCS12Private, 1); -} - -GType -e_pkcs12_get_type (void) -{ - static GType pkcs12_type = 0; - - if (!pkcs12_type) { - static const GTypeInfo pkcs12_info = { - sizeof (EPKCS12Class), - NULL, /* base_init */ - NULL, /* base_finalize */ - (GClassInitFunc) e_pkcs12_class_init, - NULL, /* class_finalize */ - NULL, /* class_data */ - sizeof (EPKCS12), - 0, /* n_preallocs */ - (GInstanceInitFunc) e_pkcs12_init, - }; - - pkcs12_type = g_type_register_static (PARENT_TYPE, "EPKCS12", &pkcs12_info, 0); - } - - return pkcs12_type; -} - - - -EPKCS12* -e_pkcs12_new (void) -{ - EPKCS12 *pk = E_PKCS12 (g_object_new (E_TYPE_PKCS12, NULL)); - - return pk; -} - -static gboolean -input_to_decoder (SEC_PKCS12DecoderContext *dcx, const char *path, GError **error) -{ - /* nsNSSShutDownPreventionLock locker; */ - SECStatus srv; - int amount; - char buf[PKCS12_BUFFER_SIZE]; - FILE *fp; - - /* open path */ - fp = fopen (path, "r"); - if (!fp) { - /* XXX gerror */ - printf ("couldn't open `%s'\n", path); - return FALSE; - } - - while (TRUE) { - amount = fread (buf, 1, sizeof (buf), fp); - if (amount < 0) { - printf ("got -1 fread\n"); - fclose (fp); - return FALSE; - } - /* feed the file data into the decoder */ - srv = SEC_PKCS12DecoderUpdate(dcx, - (unsigned char*) buf, - amount); - if (srv) { - /* don't allow the close call to overwrite our precious error code */ - /* XXX g_error */ - int pr_err = PORT_GetError(); - PORT_SetError(pr_err); - printf ("SEC_PKCS12DecoderUpdate returned %d\n", srv); - fclose (fp); - return FALSE; - } - if (amount < PKCS12_BUFFER_SIZE) - break; - } - fclose (fp); - return TRUE; -} - -static gboolean -prompt_for_password (char *title, char *prompt, SECItem *pwd) -{ - char *passwd; - - passwd = e_passwords_ask_password (title, NULL, NULL, prompt, TRUE, - E_PASSWORDS_DO_NOT_REMEMBER, NULL, - NULL); - - if (passwd) { - SECITEM_AllocItem(NULL, pwd, PL_strlen (passwd)); - memcpy (pwd->data, passwd, strlen (passwd)); - g_free (passwd); - } - - return TRUE; -} - -static gboolean -import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry, GError **error) -{ - /*nsNSSShutDownPreventionLock locker; */ - gboolean rv = TRUE; - SECStatus srv = SECSuccess; - SEC_PKCS12DecoderContext *dcx = NULL; - SECItem passwd; - GError *err = NULL; - PK11SlotInfo *slot = PK11_GetInternalKeySlot (); /* XXX toshok - we - hardcode this - here */ - *aWantRetry = FALSE; - - - passwd.data = NULL; - rv = prompt_for_password (_("PKCS12 File Password"), _("Enter password for PKCS12 file:"), &passwd); - if (!rv) goto finish; - if (passwd.data == NULL) { - handle_error (PKCS12_USER_CANCELED); - return TRUE; - } - -#if notyet - /* XXX we don't need this block as long as we hardcode the - slot above */ - nsXPIDLString tokenName; - nsXPIDLCString tokenNameCString; - const char *tokNameRef; - - - mToken->GetTokenName (getter_Copies(tokenName)); - tokenNameCString.Adopt (ToNewUTF8String(tokenName)); - tokNameRef = tokenNameCString; /* I do this here so that the - NS_CONST_CAST below doesn't - break the build on Win32 */ - - slot = PK11_FindSlotByName (NS_CONST_CAST(char*,tokNameRef)); - if (!slot) { - srv = SECFailure; - goto finish; - } -#endif - - /* initialize the decoder */ - dcx = SEC_PKCS12DecoderStart (&passwd, slot, NULL, - NULL, NULL, - NULL, NULL, - pkcs12); - if (!dcx) { - srv = SECFailure; - goto finish; - } - /* read input file and feed it to the decoder */ - rv = input_to_decoder (dcx, path, &err); - if (!rv) { -#if notyet - /* XXX we need this to check the gerror */ - if (NS_ERROR_ABORT == rv) { - // inputToDecoder indicated a NSS error - srv = SECFailure; - } -#endif - goto finish; - } - - /* verify the blob */ - srv = SEC_PKCS12DecoderVerify (dcx); - if (srv) { printf ("decoderverify failed\n"); goto finish; } - /* validate bags */ - srv = SEC_PKCS12DecoderValidateBags (dcx, nickname_collision); - if (srv) { printf ("decodervalidatebags failed\n"); goto finish; } - /* import cert and key */ - srv = SEC_PKCS12DecoderImportBags (dcx); - if (srv) { printf ("decoderimportbags failed\n"); goto finish; } - /* Later - check to see if this should become default email cert */ - handle_error (PKCS12_RESTORE_OK); - finish: - /* If srv != SECSuccess, NSS probably set a specific error code. - We should use that error code instead of inventing a new one - for every error possible. */ - if (srv != SECSuccess) { - printf ("srv != SECSuccess\n"); - if (SEC_ERROR_BAD_PASSWORD == PORT_GetError()) { - printf ("BAD PASSWORD\n"); - *aWantRetry = TRUE; - } - handle_error(PKCS12_NSS_ERROR); - } else if (!rv) { - handle_error(PKCS12_RESTORE_FAILED); - } - if (slot) - PK11_FreeSlot(slot); - // finish the decoder - if (dcx) - SEC_PKCS12DecoderFinish(dcx); - return TRUE; -} - -gboolean -e_pkcs12_import_from_file (EPKCS12 *pkcs12, const char *path, GError **error) -{ - /*nsNSSShutDownPreventionLock locker;*/ - gboolean rv = TRUE; - gboolean wantRetry; - - -#if 0 - /* XXX we don't use tokens yet */ - if (!mToken) { - if (!mTokenSet) { - rv = SetToken(NULL); // Ask the user to pick a slot - if (NS_FAILED(rv)) { - handle_error(PKCS12_USER_CANCELED); - return rv; - } - } - } - - if (!mToken) { - handle_error(PKCS12_RESTORE_FAILED); - return NS_ERROR_NOT_AVAILABLE; - } - - /* init slot */ - rv = mToken->Login(PR_TRUE); - if (NS_FAILED(rv)) return rv; -#endif - - do { - rv = import_from_file_helper (pkcs12, path, &wantRetry, error); - } while (rv && wantRetry); - - return rv; -} - -gboolean -e_pkcs12_export_to_file (EPKCS12 *pkcs12, const char *path, GList *certs, GError **error) -{ -} - -/* what to do when the nickname collides with one already in the db. - TODO: not handled, throw a dialog allowing the nick to be changed? */ -static SECItem * PR_CALLBACK -nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx) -{ - /* nsNSSShutDownPreventionLock locker; */ - int count = 1; - char *nickname = NULL; - char *default_nickname = _("Imported Certificate"); - SECItem *new_nick; - - *cancel = PR_FALSE; - printf ("nickname_collision\n"); - - /* The user is trying to import a PKCS#12 file that doesn't have the - attribute we use to set the nickname. So in order to reduce the - number of interactions we require with the user, we'll build a nickname - for the user. The nickname isn't prominently displayed in the UI, - so it's OK if we generate one on our own here. - XXX If the NSS API were smarter and actually passed a pointer to - the CERTCertificate* we're importing we could actually just - call default_nickname (which is what the issuance code path - does) and come up with a reasonable nickname. Alas, the NSS - API limits our ability to produce a useful nickname without - bugging the user. :( - */ - while (1) { - CERTCertificate *cert; - - /* If we've gotten this far, that means there isn't a certificate - in the database that has the same subject name as the cert we're - trying to import. So we need to come up with a "nickname" to - satisfy the NSS requirement or fail in trying to import. - Basically we use a default nickname from a properties file and - see if a certificate exists with that nickname. If there isn't, then - create update the count by one and append the string '#1' Or - whatever the count currently is, and look for a cert with - that nickname. Keep updating the count until we find a nickname - without a corresponding cert. - XXX If a user imports *many* certs without the 'friendly name' - attribute, then this may take a long time. :( - */ - if (count > 1) { - g_free (nickname); - nickname = g_strdup_printf ("%s #%d", default_nickname, count); - } else { - g_free (nickname); - nickname = g_strdup (default_nickname); - } - cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), - nickname); - if (!cert) { - break; - } - CERT_DestroyCertificate(cert); - count++; - } - - new_nick = PR_Malloc (sizeof (SECItem)); - new_nick->type = siAsciiString; - new_nick->data = nickname; - new_nick->len = strlen((char*)new_nick->data); - return new_nick; -} - -/* write bytes to the exported PKCS#12 file */ -static void PR_CALLBACK -write_export_file(void *arg, const char *buf, unsigned long len) -{ - EPKCS12 *pkcs12 = E_PKCS12 (arg); - EPKCS12Private *priv = pkcs12->priv; - - printf ("write_export_file\n"); - - write (priv->tmp_fd, buf, len); -} - -static gboolean -handle_error(int myerr) -{ - printf ("handle_error (%d)\n", myerr); -} diff --git a/smime/lib/e-pkcs12.h b/smime/lib/e-pkcs12.h deleted file mode 100644 index e6616aa85c..0000000000 --- a/smime/lib/e-pkcs12.h +++ /dev/null @@ -1,71 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Chris Toshok - * - * Copyright (C) 2003 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _E_PKCS12_H_ -#define _E_PKCS12_H_ - -#include - -#define E_TYPE_PKCS12 (e_pkcs12_get_type ()) -#define E_PKCS12(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), E_TYPE_PKCS12, EPKCS12)) -#define E_PKCS12_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), E_TYPE_PKCS12, EPKCS12Class)) -#define E_IS_PKCS12(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), E_TYPE_PKCS12)) -#define E_IS_PKCS12_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), E_TYPE_PKCS12)) -#define E_PKCS12_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), E_TYPE_PKCS12, EPKCS12Class)) - -typedef struct _EPKCS12 EPKCS12; -typedef struct _EPKCS12Class EPKCS12Class; -typedef struct _EPKCS12Private EPKCS12Private; - -struct _EPKCS12 { - GObject parent; - - EPKCS12Private *priv; -}; - -struct _EPKCS12Class { - GObjectClass parent_class; - - /* Padding for future expansion */ - void (*_epkcs12_reserved0) (void); - void (*_epkcs12_reserved1) (void); - void (*_epkcs12_reserved2) (void); - void (*_epkcs12_reserved3) (void); - void (*_epkcs12_reserved4) (void); -}; - -GType e_pkcs12_get_type (void); - -EPKCS12* e_pkcs12_new (void); - - -#if 0 -/* XXX we're not going to support additional slots in the initial ssl - stuff, so we just always default to the internal token (and thus - don't need this function yet. */ -gboolean e_pkcs12_set_token (void); -#endif - -gboolean e_pkcs12_import_from_file (EPKCS12 *pkcs12, const char *path, GError **error); -gboolean e_pkcs12_export_to_file (EPKCS12 *pkcs12, const char *path, GList *certs, GError **error); - -#endif /* _E_CERT_H_ */ diff --git a/smime/tests/.cvsignore b/smime/tests/.cvsignore deleted file mode 100644 index db5ae49ffb..0000000000 --- a/smime/tests/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -Makefile -Makefile.in -import-cert diff --git a/smime/tests/Makefile.am b/smime/tests/Makefile.am deleted file mode 100644 index 2c0c54a88e..0000000000 --- a/smime/tests/Makefile.am +++ /dev/null @@ -1,17 +0,0 @@ - -noinst_PROGRAMS=import-cert - -INCLUDES= \ - -I$(top_srcdir)/smime/lib \ - $(EVOLUTION_ADDRESSBOOK_CFLAGS) \ - $(CERT_UI_CFLAGS) - -TEST_LIBS= \ - $(top_builddir)/smime/lib/libessmime.la \ - -L/home/toshok/src/mozilla/mozilla/dist/lib \ - $(CERT_UI_LIBS) \ - $(top_builddir)/e-util/libeutil.la \ - $(GNOME_FULL_LIBS) - - -import_cert_LDADD=$(TEST_LIBS) \ No newline at end of file diff --git a/smime/tests/import-cert.c b/smime/tests/import-cert.c deleted file mode 100644 index e30b085317..0000000000 --- a/smime/tests/import-cert.c +++ /dev/null @@ -1,38 +0,0 @@ - -#include -#include - -#include "e-cert-db.h" -#include "e-pkcs12.h" - -int -main (int argc, char **argv) -{ - ECertDB *db; - EPKCS12 *pkcs12; - - gnome_program_init("import-cert-test", "0.0", LIBGNOMEUI_MODULE, argc, argv, NULL); - - db = e_cert_db_peek (); - - if (!e_cert_db_import_certs_from_file (db, "ca.crt", E_CERT_CA, NULL /* XXX */)) { - g_warning ("CA cert import failed"); - } - - if (!e_cert_db_import_certs_from_file (db, "", E_CERT_CONTACT, NULL /* XXX */)) { - g_warning ("contact cert import failed"); - } - - if (!e_cert_db_import_certs_from_file (db, "", E_CERT_SITE, NULL /* XXX */)) { - g_warning ("server cert import failed"); - } - - pkcs12 = e_pkcs12_new (); - if (!e_pkcs12_import_from_file (pkcs12, "newcert.p12", NULL /* XXX */)) { - g_warning ("PKCS12 import failed"); - } - - e_cert_db_shutdown (); - - return 0; -} -- cgit