|
|
9ccdfb |
--- ./esc/src/lib/NssHttpClient/engine.h.fix6 2009-06-19 16:07:39.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/lib/NssHttpClient/engine.h 2009-06-19 16:07:44.000000000 -0700
|
|
|
9ccdfb |
@@ -22,9 +22,17 @@
|
|
|
9ccdfb |
#include "response.h"
|
|
|
9ccdfb |
#include "request.h"
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+struct BadCertData {
|
|
|
9ccdfb |
+ PRErrorCode error;
|
|
|
9ccdfb |
+ PRInt32 port;
|
|
|
9ccdfb |
+};
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+typedef struct BadCertData BadCertData;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
class __EXPORT Engine {
|
|
|
9ccdfb |
public:
|
|
|
9ccdfb |
- Engine() {};
|
|
|
9ccdfb |
+ Engine() { _certData = NULL; _sock=NULL;};
|
|
|
9ccdfb |
~Engine() {};
|
|
|
9ccdfb |
|
|
|
9ccdfb |
PRFileDesc *_doConnect(PRNetAddr *addr, PRBool SSLOn = PR_FALSE,
|
|
|
9ccdfb |
@@ -37,7 +45,8 @@
|
|
|
9ccdfb |
static PRIntervalTime globaltimeout;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
PRFileDesc *_sock;
|
|
|
9ccdfb |
-
|
|
|
9ccdfb |
+ BadCertData *_certData;
|
|
|
9ccdfb |
+ BadCertData *getBadCertData() { return _certData;}
|
|
|
9ccdfb |
PRFileDesc *getSocket() { return _sock;}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
bool connectionClosed ;
|
|
|
9ccdfb |
--- ./esc/src/lib/NssHttpClient/engine.cpp.fix6 2009-06-19 16:07:12.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/lib/NssHttpClient/engine.cpp 2009-06-19 16:07:29.000000000 -0700
|
|
|
9ccdfb |
@@ -16,6 +16,8 @@
|
|
|
9ccdfb |
* All rights reserved.
|
|
|
9ccdfb |
* END COPYRIGHT BLOCK **/
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+#define FORCE_PR_LOG 1
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
#include <nspr.h>
|
|
|
9ccdfb |
#include "sslproto.h"
|
|
|
9ccdfb |
#include <prerror.h>
|
|
|
9ccdfb |
@@ -27,7 +29,7 @@
|
|
|
9ccdfb |
#include "certt.h"
|
|
|
9ccdfb |
#include "sslerr.h"
|
|
|
9ccdfb |
#include "secerr.h"
|
|
|
9ccdfb |
-
|
|
|
9ccdfb |
+#include "CoolKey.h"
|
|
|
9ccdfb |
#include "engine.h"
|
|
|
9ccdfb |
#include "http.h"
|
|
|
9ccdfb |
|
|
|
9ccdfb |
@@ -39,6 +41,9 @@
|
|
|
9ccdfb |
int cipherCount = 0;
|
|
|
9ccdfb |
int _doVerifyServerCert = 1;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+PRLogModuleInfo *httpEngineLog = PR_NewLogModule("coolKeyHttpEngine");
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
PRIntervalTime Engine::globaltimeout = PR_TicksPerSecond()*30;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
/**
|
|
|
9ccdfb |
@@ -56,13 +61,26 @@
|
|
|
9ccdfb |
SECStatus secStatus = SECFailure;
|
|
|
9ccdfb |
PRErrorCode err;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+ char tBuff[56];
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PR_LOG(httpEngineLog, PR_LOG_DEBUG,
|
|
|
9ccdfb |
+ ("%s myBadCertHandler enter. \n",GetTStamp(tBuff,56)));
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
/* log invalid cert here */
|
|
|
9ccdfb |
|
|
|
9ccdfb |
if ( !arg ) {
|
|
|
9ccdfb |
return secStatus;
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
- *(PRErrorCode *)arg = err = PORT_GetError();
|
|
|
9ccdfb |
+ err = PORT_GetError();
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ BadCertData *data = (BadCertData *) arg;
|
|
|
9ccdfb |
+ if(data) {
|
|
|
9ccdfb |
+ data->error = err;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PR_LOG(httpEngineLog, PR_LOG_DEBUG,
|
|
|
9ccdfb |
+ ("%s myBadCertHandler err: %d . \n",GetTStamp(tBuff,56),err));
|
|
|
9ccdfb |
|
|
|
9ccdfb |
/* If any of the cases in the switch are met, then we will proceed */
|
|
|
9ccdfb |
/* with the processing of the request anyway. Otherwise, the default */
|
|
|
9ccdfb |
@@ -91,6 +109,10 @@
|
|
|
9ccdfb |
break;
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+ PR_LOG(httpEngineLog, PR_LOG_DEBUG,
|
|
|
9ccdfb |
+ ("%s myBadCertHandler status: %d . \n",GetTStamp(tBuff,56),secStatus));
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
return secStatus;
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
@@ -416,7 +438,6 @@
|
|
|
9ccdfb |
return;
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
-
|
|
|
9ccdfb |
void Engine::CloseConnection()
|
|
|
9ccdfb |
{
|
|
|
9ccdfb |
connectionClosed = true;
|
|
|
9ccdfb |
@@ -426,7 +447,14 @@
|
|
|
9ccdfb |
PR_Close(_sock);
|
|
|
9ccdfb |
_sock = NULL;
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(_certData)
|
|
|
9ccdfb |
+ {
|
|
|
9ccdfb |
+ delete _certData;
|
|
|
9ccdfb |
+ _certData = NULL;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
/**
|
|
|
9ccdfb |
* Returns a file descriptor for I/O if the HTTP connection is successful
|
|
|
9ccdfb |
* @param addr PRnetAddr structure which points to the server to connect to
|
|
|
9ccdfb |
@@ -442,21 +470,19 @@
|
|
|
9ccdfb |
PRFileDesc *tcpsock = NULL;
|
|
|
9ccdfb |
PRFileDesc *sock = NULL;
|
|
|
9ccdfb |
connectionClosed = false;
|
|
|
9ccdfb |
+ _certData = new BadCertData();
|
|
|
9ccdfb |
|
|
|
9ccdfb |
tcpsock = PR_OpenTCPSocket(addr->raw.family);
|
|
|
9ccdfb |
-
|
|
|
9ccdfb |
|
|
|
9ccdfb |
if (!tcpsock) {
|
|
|
9ccdfb |
-
|
|
|
9ccdfb |
return NULL;
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
nodelay(tcpsock);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
if (PR_TRUE == SSLOn) {
|
|
|
9ccdfb |
- sock=SSL_ImportFD(NULL, tcpsock);
|
|
|
9ccdfb |
-
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+ sock=SSL_ImportFD(NULL, tcpsock);
|
|
|
9ccdfb |
if (!sock) {
|
|
|
9ccdfb |
//xxx log
|
|
|
9ccdfb |
if( tcpsock != NULL ) {
|
|
|
9ccdfb |
@@ -516,9 +542,23 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
PRErrorCode errCode = 0;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
- rv = SSL_BadCertHook( sock,
|
|
|
9ccdfb |
+ if(_certData) {
|
|
|
9ccdfb |
+ _certData->error = errCode;
|
|
|
9ccdfb |
+ _certData->port = PR_ntohs(PR_NetAddrInetPort(addr));
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ CoolKeyBadCertHandler overriddenHandler = CoolKeyGetBadCertHandler();
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(overriddenHandler) {
|
|
|
9ccdfb |
+ rv = SSL_BadCertHook( sock,
|
|
|
9ccdfb |
+ (SSLBadCertHandler)overriddenHandler,
|
|
|
9ccdfb |
+ (void *)_certData);
|
|
|
9ccdfb |
+ } else {
|
|
|
9ccdfb |
+ rv = SSL_BadCertHook( sock,
|
|
|
9ccdfb |
(SSLBadCertHandler)myBadCertHandler,
|
|
|
9ccdfb |
- &errCode );
|
|
|
9ccdfb |
+ (void *)_certData);
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
rv = SSL_SetURL( sock, serverName );
|
|
|
9ccdfb |
|
|
|
9ccdfb |
if (rv != SECSuccess ) {
|
|
|
9ccdfb |
@@ -536,8 +576,6 @@
|
|
|
9ccdfb |
sock = tcpsock;
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
-
|
|
|
9ccdfb |
-
|
|
|
9ccdfb |
if ( PR_Connect(sock, addr, timeout) == PR_FAILURE ) {
|
|
|
9ccdfb |
|
|
|
9ccdfb |
if( sock != NULL ) {
|
|
|
9ccdfb |
@@ -563,11 +601,17 @@
|
|
|
9ccdfb |
const PSHttpServer& server,
|
|
|
9ccdfb |
int timeout, PRBool expectChunked ,PRBool processStreamed) {
|
|
|
9ccdfb |
PRNetAddr addr;
|
|
|
9ccdfb |
- PRFileDesc *sock = NULL;
|
|
|
9ccdfb |
PSHttpResponse *resp = NULL;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
PRBool response_code = 0;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+ char tBuff[56];
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PR_LOG(httpEngineLog, PR_LOG_DEBUG,
|
|
|
9ccdfb |
+ ("%s HttpEngine::makeRequest enter. \n",GetTStamp(tBuff,56)));
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
server.getAddr(&addr);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
char *nickName = request.getCertNickName();
|
|
|
9ccdfb |
@@ -575,8 +619,17 @@
|
|
|
9ccdfb |
char *serverName = (char *)server.getAddr();
|
|
|
9ccdfb |
_sock = _doConnect( &addr, request.isSSL(), 0, 0,nickName, 0, serverName );
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+ PR_LOG(httpEngineLog, PR_LOG_DEBUG,
|
|
|
9ccdfb |
+ ("%s HttpEngine::makeRequest past doConnect sock: %p. \n",
|
|
|
9ccdfb |
+ GetTStamp(tBuff,56),_sock));
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
if ( _sock != NULL) {
|
|
|
9ccdfb |
PRBool status = request.send( _sock );
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PR_LOG(httpEngineLog, PR_LOG_DEBUG,
|
|
|
9ccdfb |
+ ("%s HttpEngine::makeRequest past request.send status: %d. \n",
|
|
|
9ccdfb |
+ GetTStamp(tBuff,56),status));
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
if ( status ) {
|
|
|
9ccdfb |
resp = new PSHttpResponse( _sock, &request, timeout, expectChunked ,this);
|
|
|
9ccdfb |
response_code = resp->processResponse(processStreamed);
|
|
|
9ccdfb |
--- ./esc/src/lib/NssHttpClient/manifest.mn.fix6 2009-06-19 16:08:05.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/lib/NssHttpClient/manifest.mn 2009-06-19 16:08:13.000000000 -0700
|
|
|
9ccdfb |
@@ -24,7 +24,7 @@
|
|
|
9ccdfb |
MODULE = httpchunked
|
|
|
9ccdfb |
LIBRARY_NAME = $(MODULE)
|
|
|
9ccdfb |
SHARED_NAME = $(MODULE)
|
|
|
9ccdfb |
-REQUIRES = nss nspr
|
|
|
9ccdfb |
+REQUIRES = nss nspr ckymanager
|
|
|
9ccdfb |
ifndef MOZ_OFFSET
|
|
|
9ccdfb |
MOZ_OFFSET = mozilla-1.7.13
|
|
|
9ccdfb |
endif
|
|
|
9ccdfb |
--- ./esc/src/lib/coolkey/NSSManager.h.fix6 2009-06-19 16:06:41.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/lib/coolkey/NSSManager.h 2009-06-19 16:06:47.000000000 -0700
|
|
|
9ccdfb |
@@ -70,6 +70,8 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
static HRESULT GetKeyCertNicknames( const CoolKey *aKey, vector<string> & aStrings );
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+ static HRESULT GetKeyUID(const CoolKey *aKey, char *aBuf, int aBufLength);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
static HRESULT GetKeyIssuedTo(const CoolKey *aKey, char *aBuf, int aBufLength);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
static HRESULT GetKeyIssuer(const CoolKey *aKey, char *aBuf, int aBufLength);
|
|
|
9ccdfb |
--- ./esc/src/lib/coolkey/CoolKey.cpp.fix6 2009-06-19 16:02:43.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/lib/coolkey/CoolKey.cpp 2009-06-19 16:03:03.000000000 -0700
|
|
|
9ccdfb |
@@ -259,12 +259,14 @@
|
|
|
9ccdfb |
static CoolKeyRelease g_Release = NULL;
|
|
|
9ccdfb |
static CoolKeyGetConfigValue g_GetConfigValue = NULL;
|
|
|
9ccdfb |
static CoolKeySetConfigValue g_SetConfigValue = NULL;
|
|
|
9ccdfb |
+static CoolKeyBadCertHandler g_BadCertHandler = NULL;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
char* CoolKeyVerifyPassword(PK11SlotInfo *,PRBool,void *);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
COOLKEY_API HRESULT CoolKeySetCallbacks(CoolKeyDispatch dispatch,
|
|
|
9ccdfb |
CoolKeyReference reference, CoolKeyRelease release,
|
|
|
9ccdfb |
- CoolKeyGetConfigValue getconfigvalue,CoolKeySetConfigValue setconfigvalue)
|
|
|
9ccdfb |
+ CoolKeyGetConfigValue getconfigvalue,CoolKeySetConfigValue setconfigvalue,
|
|
|
9ccdfb |
+ CoolKeyBadCertHandler badcerthandler)
|
|
|
9ccdfb |
{
|
|
|
9ccdfb |
char tBuff[56];
|
|
|
9ccdfb |
g_Dispatch = dispatch;
|
|
|
9ccdfb |
@@ -272,6 +274,7 @@
|
|
|
9ccdfb |
g_Release = release;
|
|
|
9ccdfb |
g_GetConfigValue = getconfigvalue;
|
|
|
9ccdfb |
g_SetConfigValue = setconfigvalue;
|
|
|
9ccdfb |
+ g_BadCertHandler = badcerthandler;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
char * suppressPINPrompt =(char*) CoolKeyGetConfig("esc.security.url");
|
|
|
9ccdfb |
|
|
|
9ccdfb |
@@ -997,6 +1000,16 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
return NSSManager::GetKeyPolicy(aKey, aBuf, aBufLen);
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+HRESULT
|
|
|
9ccdfb |
+CoolKeyGetUID(const CoolKey *aKey, char *aBuf, int aBufLength)
|
|
|
9ccdfb |
+{
|
|
|
9ccdfb |
+ if (!aKey || !aKey->mKeyID || !aBuf || aBufLength < 1)
|
|
|
9ccdfb |
+ return E_FAIL;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ return NSSManager::GetKeyUID(aKey,aBuf,aBufLength);
|
|
|
9ccdfb |
+}
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
HRESULT
|
|
|
9ccdfb |
CoolKeyGetIssuedTo(const CoolKey *aKey, char *aBuf, int aBufLength)
|
|
|
9ccdfb |
{
|
|
|
9ccdfb |
@@ -1290,6 +1303,13 @@
|
|
|
9ccdfb |
return aCUID;
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+CoolKeyBadCertHandler CoolKeyGetBadCertHandler()
|
|
|
9ccdfb |
+{
|
|
|
9ccdfb |
+ if(g_BadCertHandler)
|
|
|
9ccdfb |
+ return g_BadCertHandler;
|
|
|
9ccdfb |
+ return NULL;
|
|
|
9ccdfb |
+}
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
const char *CoolKeyGetConfig(const char *aValue)
|
|
|
9ccdfb |
{
|
|
|
9ccdfb |
if(!g_GetConfigValue || ! aValue)
|
|
|
9ccdfb |
--- ./esc/src/lib/coolkey/manifest.mn.fix6 2009-06-19 16:05:45.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/lib/coolkey/manifest.mn 2009-06-19 16:05:54.000000000 -0700
|
|
|
9ccdfb |
@@ -19,7 +19,6 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
XULRUNNER_BASE=$(CORE_DEPTH)/dist/$(OBJDIR)//xulrunner_build
|
|
|
9ccdfb |
|
|
|
9ccdfb |
-
|
|
|
9ccdfb |
SYS_INC = /usr/include
|
|
|
9ccdfb |
MODULE = ckymanager
|
|
|
9ccdfb |
LIBRARY_NAME = $(MODULE)
|
|
|
9ccdfb |
@@ -41,7 +40,7 @@
|
|
|
9ccdfb |
SmartCardMonitoringThread.cpp \
|
|
|
9ccdfb |
$(NULL)
|
|
|
9ccdfb |
|
|
|
9ccdfb |
-EXPORTS = \
|
|
|
9ccdfb |
+EXPORTS = \
|
|
|
9ccdfb |
CoolKey.h \
|
|
|
9ccdfb |
$(NULL)
|
|
|
9ccdfb |
|
|
|
9ccdfb |
--- ./esc/src/lib/coolkey/NSSManager.cpp.fix6 2009-06-19 16:06:19.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/lib/coolkey/NSSManager.cpp 2009-06-19 16:06:28.000000000 -0700
|
|
|
9ccdfb |
@@ -369,7 +369,7 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
aBuf[0]=0;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyIssuedTo \n",GetTStamp(tBuff,56)));
|
|
|
9ccdfb |
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyIssuer \n",GetTStamp(tBuff,56)));
|
|
|
9ccdfb |
|
|
|
9ccdfb |
if(!aKey )
|
|
|
9ccdfb |
return E_FAIL;
|
|
|
9ccdfb |
@@ -409,7 +409,7 @@
|
|
|
9ccdfb |
continue;
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
orgID = CERT_GetOrgName(&cert->subject);
|
|
|
9ccdfb |
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyIssuedTo ourSlot %p curSlot %p org %s \n",GetTStamp(tBuff,56),slot,cert->slot,orgID));
|
|
|
9ccdfb |
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyIssuer ourSlot %p curSlot %p org %s \n",GetTStamp(tBuff,56),slot,cert->slot,orgID));
|
|
|
9ccdfb |
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
@@ -437,6 +437,85 @@
|
|
|
9ccdfb |
return S_OK;
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+HRESULT NSSManager::GetKeyUID(const CoolKey *aKey, char *aBuf, int aBufLength)
|
|
|
9ccdfb |
+{
|
|
|
9ccdfb |
+ char tBuff[56];
|
|
|
9ccdfb |
+ if(!aBuf)
|
|
|
9ccdfb |
+ return E_FAIL;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ aBuf[0]=0;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyUID \n",GetTStamp(tBuff,56)));
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(!aKey )
|
|
|
9ccdfb |
+ return E_FAIL;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PK11SlotInfo *slot = GetSlotForKeyID(aKey);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if (!slot)
|
|
|
9ccdfb |
+ return E_FAIL;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ CERTCertList *certs = PK11_ListCerts(PK11CertListAll,NULL);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if (!certs)
|
|
|
9ccdfb |
+ {
|
|
|
9ccdfb |
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%sNSSManager::GetKeyUID no certs found! \n",GetTStamp(tBuff,56)));
|
|
|
9ccdfb |
+ PK11_FreeSlot(slot);
|
|
|
9ccdfb |
+ return E_FAIL;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ CERTCertListNode *node= NULL;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ char *certID = NULL;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ for( node = CERT_LIST_HEAD(certs);
|
|
|
9ccdfb |
+ ! CERT_LIST_END(node, certs);
|
|
|
9ccdfb |
+ node = CERT_LIST_NEXT(node))
|
|
|
9ccdfb |
+ {
|
|
|
9ccdfb |
+ if(node->cert)
|
|
|
9ccdfb |
+ {
|
|
|
9ccdfb |
+ CERTCertificate *cert = node->cert;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(cert)
|
|
|
9ccdfb |
+ {
|
|
|
9ccdfb |
+ if(cert->slot == slot)
|
|
|
9ccdfb |
+ {
|
|
|
9ccdfb |
+ if(IsCACert(cert))
|
|
|
9ccdfb |
+ {
|
|
|
9ccdfb |
+ continue;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ certID = CERT_GetCertUid(&cert->subject);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyUID ourSlot %p curSlot %p certID %s \n",GetTStamp(tBuff,56),slot,cert->slot,certID));
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(certID)
|
|
|
9ccdfb |
+ break;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(certID && ((int)strlen(certID) < aBufLength))
|
|
|
9ccdfb |
+ {
|
|
|
9ccdfb |
+ strcpy(aBuf,certID);
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(certs)
|
|
|
9ccdfb |
+ CERT_DestroyCertList(certs);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(slot)
|
|
|
9ccdfb |
+ PK11_FreeSlot(slot);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(certID)
|
|
|
9ccdfb |
+ PORT_Free(certID);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ return S_OK;
|
|
|
9ccdfb |
+}
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
HRESULT NSSManager::GetKeyIssuedTo(const CoolKey *aKey, char *aBuf, int aBufLength)
|
|
|
9ccdfb |
{
|
|
|
9ccdfb |
char tBuff[56];
|
|
|
9ccdfb |
@@ -487,6 +566,10 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
certID = CERT_GetCommonName(&cert->subject);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+ if(!certID) {
|
|
|
9ccdfb |
+ certID = CERT_GetCertUid(&cert->subject);
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyIssuedTo ourSlot %p curSlot %p certID %s \n",GetTStamp(tBuff,56),slot,cert->slot,certID));
|
|
|
9ccdfb |
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
--- ./esc/src/lib/coolkey/CoolKey.h.fix6 2009-06-19 16:04:59.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/lib/coolkey/CoolKey.h 2009-06-19 16:05:05.000000000 -0700
|
|
|
9ccdfb |
@@ -26,6 +26,7 @@
|
|
|
9ccdfb |
// platforms (coreconf will do the appropriate processing.
|
|
|
9ccdfb |
#define COOLKEY_API
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+#include "ssl.h"
|
|
|
9ccdfb |
#include <string.h>
|
|
|
9ccdfb |
#include <stdlib.h>
|
|
|
9ccdfb |
#include <vector>
|
|
|
9ccdfb |
@@ -100,7 +101,7 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
typedef HRESULT (*CoolKeySetConfigValue)(const char *name,const char *value);
|
|
|
9ccdfb |
typedef const char * (*CoolKeyGetConfigValue)(const char *name);
|
|
|
9ccdfb |
-
|
|
|
9ccdfb |
+typedef SECStatus (*CoolKeyBadCertHandler)(void *arg, PRFileDesc *fd);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
|
|
|
9ccdfb |
extern "C" {
|
|
|
9ccdfb |
@@ -112,7 +113,8 @@
|
|
|
9ccdfb |
COOLKEY_API HRESULT CoolKeyUnregisterListener(CoolKeyListener* aListener);
|
|
|
9ccdfb |
COOLKEY_API HRESULT CoolKeySetCallbacks(CoolKeyDispatch dispatch,
|
|
|
9ccdfb |
CoolKeyReference reference, CoolKeyRelease release,
|
|
|
9ccdfb |
- CoolKeyGetConfigValue getconfigvalue,CoolKeySetConfigValue setconfigvalue);
|
|
|
9ccdfb |
+ CoolKeyGetConfigValue getconfigvalue,CoolKeySetConfigValue setconfigvalue,
|
|
|
9ccdfb |
+ CoolKeyBadCertHandler badcerthandler=NULL);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
COOLKEY_API bool CoolKeyRequiresAuthentication(const CoolKey *aKey);
|
|
|
9ccdfb |
COOLKEY_API bool CoolKeyHasApplet(const CoolKey *aKey);
|
|
|
9ccdfb |
@@ -133,6 +135,8 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
COOLKEY_API HRESULT CoolKeyGetCertInfo(const CoolKey *aKey, char *aCertNickname, std::string & aCertInfo);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+COOLKEY_API HRESULT CoolKeyGetUID(const CoolKey *aKey, char *aBuf, int aBufLength);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
COOLKEY_API HRESULT CoolKeyGetIssuedTo(const CoolKey *aKey, char *aBuf, int aBufLength);
|
|
|
9ccdfb |
COOLKEY_API HRESULT CoolKeyGetIssuer(const CoolKey *aKey, char *aBuf, int aBufLength);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
@@ -257,6 +261,9 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
const char *CoolKeyGetConfig(const char *aName);
|
|
|
9ccdfb |
HRESULT CoolKeySetConfig(const char *aName,const char *aValue);
|
|
|
9ccdfb |
+CoolKeyBadCertHandler CoolKeyGetBadCertHandler();
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
--- ./esc/src/lib/coolkey/Makefile.fix6 2009-06-19 16:05:24.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/lib/coolkey/Makefile 2009-06-19 16:05:32.000000000 -0700
|
|
|
9ccdfb |
@@ -35,6 +35,9 @@
|
|
|
9ccdfb |
echo "Build Linux or Windows."
|
|
|
9ccdfb |
make -f common.mk
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+export::
|
|
|
9ccdfb |
+ make -f common.mk export
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
endif
|
|
|
9ccdfb |
|
|
|
9ccdfb |
ifeq ($(OS_ARCH),Darwin)
|
|
|
9ccdfb |
--- ./esc/src/app/xul/esc/chrome/content/esc/certManager.xul.fix6 2009-06-19 16:01:21.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/app/xul/esc/chrome/content/esc/certManager.xul 2009-06-19 16:01:43.000000000 -0700
|
|
|
9ccdfb |
@@ -65,7 +65,7 @@
|
|
|
9ccdfb |
<tabs id="certMgrTabbox" onselect="CertsTabsSelected();">
|
|
|
9ccdfb |
<tab id="mine_tab" label="&certmgr.tab.mine;" selected="true"/>
|
|
|
9ccdfb |
<tab id="others_tab" hidden="true" label="&certmgr.tab.others2;"/>
|
|
|
9ccdfb |
- <tab id="websites_tab" hidden="true" label="&certmgr.tab.websites3;"/>
|
|
|
9ccdfb |
+ <tab id="websites_tab" hidden="false" label="&certmgr.tab.websites3;"/>
|
|
|
9ccdfb |
<tab id="ca_tab" hidden="false" label="&certmgr.tab.ca;"/>
|
|
|
9ccdfb |
<tab id="orphan_tab" hidden="true" label="&certmgr.tab.orphan2;"/>
|
|
|
9ccdfb |
|
|
|
9ccdfb |
--- ./esc/src/app/xpcom/rhCoolKey.cpp.fix6 2009-06-19 15:56:20.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/app/xpcom/rhCoolKey.cpp 2009-06-19 15:57:48.000000000 -0700
|
|
|
9ccdfb |
@@ -30,7 +30,7 @@
|
|
|
9ccdfb |
#else
|
|
|
9ccdfb |
#include "nsServiceManagerUtils.h"
|
|
|
9ccdfb |
#endif
|
|
|
9ccdfb |
-
|
|
|
9ccdfb |
+#include "pipnss/nsICertOverrideService.h"
|
|
|
9ccdfb |
#include "nsIPrefBranch.h"
|
|
|
9ccdfb |
#include "nsIPrefService.h"
|
|
|
9ccdfb |
#include "nsCOMPtr.h"
|
|
|
9ccdfb |
@@ -69,6 +69,7 @@
|
|
|
9ccdfb |
#endif
|
|
|
9ccdfb |
|
|
|
9ccdfb |
#define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1"
|
|
|
9ccdfb |
+#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1"
|
|
|
9ccdfb |
|
|
|
9ccdfb |
static const nsIID kIModuleIID = NS_IMODULE_IID;
|
|
|
9ccdfb |
static const nsIID kIFactoryIID = NS_IFACTORY_IID;
|
|
|
9ccdfb |
@@ -89,6 +90,7 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
std::list< nsCOMPtr <rhIKeyNotify> > rhCoolKey::gNotifyListeners;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+PRLock* rhCoolKey::certCBLock=NULL;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
PRBool rhCoolKey::gAutoEnrollBlankTokens = PR_FALSE;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
@@ -190,6 +192,13 @@
|
|
|
9ccdfb |
mCSPListener = nsnull;
|
|
|
9ccdfb |
#endif
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+ certCBLock = PR_NewLock();
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(!certCBLock) {
|
|
|
9ccdfb |
+ PR_LOG( coolKeyLog, PR_LOG_ERROR, ("%s Failed to create lock exiting! \n",GetTStamp(tBuff,56)));
|
|
|
9ccdfb |
+ exit(1);
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
PRBool res = InitInstance();
|
|
|
9ccdfb |
|
|
|
9ccdfb |
if(res == PR_FALSE)
|
|
|
9ccdfb |
@@ -207,6 +216,10 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
char tBuff[56];
|
|
|
9ccdfb |
PR_LOG( coolKeyLog, PR_LOG_DEBUG, ("%s rhCoolKey::~rhCoolKey: %p \n",GetTStamp(tBuff,56),this));
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(certCBLock) {
|
|
|
9ccdfb |
+ PR_DestroyLock(certCBLock);
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
void rhCoolKey::ShutDownInstance()
|
|
|
9ccdfb |
@@ -255,6 +268,212 @@
|
|
|
9ccdfb |
return S_OK;
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+struct BadCertData {
|
|
|
9ccdfb |
+ PRErrorCode error;
|
|
|
9ccdfb |
+ PRInt32 port;
|
|
|
9ccdfb |
+};
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+typedef struct BadCertData BadCertData;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+SECStatus rhCoolKey::badCertHandler(void *arg, PRFileDesc *fd)
|
|
|
9ccdfb |
+{
|
|
|
9ccdfb |
+ SECStatus secStatus = SECFailure;
|
|
|
9ccdfb |
+ PRErrorCode err;
|
|
|
9ccdfb |
+ char *host = NULL;
|
|
|
9ccdfb |
+ PRInt32 port = 0;
|
|
|
9ccdfb |
+ CERTCertificate *serverCert = NULL;
|
|
|
9ccdfb |
+ PRUint32 errorBits = 0;
|
|
|
9ccdfb |
+ char tBuff[56];
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PR_Lock(certCBLock);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if (!arg || !fd) {
|
|
|
9ccdfb |
+ PR_Unlock(certCBLock);
|
|
|
9ccdfb |
+ return secStatus;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ // Retrieve callback data from NssHttpClient
|
|
|
9ccdfb |
+ // Caller cleans up this data
|
|
|
9ccdfb |
+ BadCertData *data = (BadCertData *) arg;
|
|
|
9ccdfb |
+ data->error = err = PORT_GetError();
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ /* If any of the cases in the switch are met, then we will proceed */
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ switch (err) {
|
|
|
9ccdfb |
+ case SEC_ERROR_INVALID_AVA:
|
|
|
9ccdfb |
+ case SEC_ERROR_INVALID_TIME:
|
|
|
9ccdfb |
+ case SEC_ERROR_BAD_SIGNATURE:
|
|
|
9ccdfb |
+ case SEC_ERROR_EXPIRED_CERTIFICATE:
|
|
|
9ccdfb |
+ case SEC_ERROR_UNKNOWN_ISSUER:
|
|
|
9ccdfb |
+ case SEC_ERROR_UNTRUSTED_CERT:
|
|
|
9ccdfb |
+ case SEC_ERROR_CERT_VALID:
|
|
|
9ccdfb |
+ case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
|
|
|
9ccdfb |
+ case SEC_ERROR_CRL_EXPIRED:
|
|
|
9ccdfb |
+ case SEC_ERROR_CRL_BAD_SIGNATURE:
|
|
|
9ccdfb |
+ case SEC_ERROR_EXTENSION_VALUE_INVALID:
|
|
|
9ccdfb |
+ case SEC_ERROR_CA_CERT_INVALID:
|
|
|
9ccdfb |
+ case SEC_ERROR_CERT_USAGES_INVALID:
|
|
|
9ccdfb |
+ case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
|
|
|
9ccdfb |
+ case SEC_ERROR_EXTENSION_NOT_FOUND: // Added by Rob 5/21/2002
|
|
|
9ccdfb |
+ secStatus = SECSuccess;
|
|
|
9ccdfb |
+ break;
|
|
|
9ccdfb |
+ default:
|
|
|
9ccdfb |
+ secStatus = SECFailure;
|
|
|
9ccdfb |
+ break;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(secStatus == SECSuccess) {
|
|
|
9ccdfb |
+ PR_Unlock(certCBLock);
|
|
|
9ccdfb |
+ return secStatus;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ // Collect errors to compare with override service output
|
|
|
9ccdfb |
+ switch(err) {
|
|
|
9ccdfb |
+ case SEC_ERROR_UNTRUSTED_ISSUER:
|
|
|
9ccdfb |
+ errorBits |= nsICertOverrideService::ERROR_UNTRUSTED;
|
|
|
9ccdfb |
+ break;
|
|
|
9ccdfb |
+ case SSL_ERROR_BAD_CERT_DOMAIN:
|
|
|
9ccdfb |
+ errorBits |= nsICertOverrideService::ERROR_MISMATCH;
|
|
|
9ccdfb |
+ break;
|
|
|
9ccdfb |
+ case SEC_ERROR_EXPIRED_CERTIFICATE:
|
|
|
9ccdfb |
+ errorBits |= nsICertOverrideService::ERROR_TIME;
|
|
|
9ccdfb |
+ default:
|
|
|
9ccdfb |
+ break;
|
|
|
9ccdfb |
+ };
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ // Now proceed to see if we have an exception.
|
|
|
9ccdfb |
+ // Get the server certificate that was rejected.
|
|
|
9ccdfb |
+ serverCert = SSL_PeerCertificate(fd);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(!serverCert) {
|
|
|
9ccdfb |
+ PR_Unlock(certCBLock);
|
|
|
9ccdfb |
+ return secStatus;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ port = data->port;
|
|
|
9ccdfb |
+ host = SSL_RevealURL(fd);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(!host || port <= 0) {
|
|
|
9ccdfb |
+ PR_Unlock(certCBLock);
|
|
|
9ccdfb |
+ return secStatus;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PR_LOG(coolKeyLog, PR_LOG_DEBUG,
|
|
|
9ccdfb |
+ ("%s rhCoolKey::badCertHandler enter: error: %d url: %s port: %d \n",
|
|
|
9ccdfb |
+ GetTStamp(tBuff,56),err,host,port)
|
|
|
9ccdfb |
+ );
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PRBool isTemporaryOverride = PR_FALSE;
|
|
|
9ccdfb |
+ PRUint32 overrideBits = 0;
|
|
|
9ccdfb |
+ PRBool overrideResult = PR_FALSE;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ // Use the nsICertOverrideService to see if we have
|
|
|
9ccdfb |
+ // previously trusted this certificate.
|
|
|
9ccdfb |
+ nsCOMPtr<nsICertOverrideService> overrideService =
|
|
|
9ccdfb |
+ do_GetService(NS_CERTOVERRIDE_CONTRACTID);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ const nsEmbedCString nsHost(host);
|
|
|
9ccdfb |
+ nsEmbedCString hashAlg,fingerPrint;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ nsresult nsrv;
|
|
|
9ccdfb |
+ unsigned char* fingerprint=NULL;
|
|
|
9ccdfb |
+ if(overrideService) {
|
|
|
9ccdfb |
+ nsrv = overrideService->GetValidityOverride((const nsACString &)nsHost,
|
|
|
9ccdfb |
+ port,(nsACString &)hashAlg,
|
|
|
9ccdfb |
+ (nsACString&)fingerPrint,&overrideBits,
|
|
|
9ccdfb |
+ &isTemporaryOverride,&overrideResult
|
|
|
9ccdfb |
+ );
|
|
|
9ccdfb |
+ if(nsrv == NS_OK) {
|
|
|
9ccdfb |
+ PR_LOG(coolKeyLog, PR_LOG_DEBUG,
|
|
|
9ccdfb |
+ ("%s rhCoolKey::badCertHandler res %d print %s len %d bits %u temp %d alg: %s \n",
|
|
|
9ccdfb |
+ GetTStamp(tBuff,56),overrideResult,fingerPrint.get(),
|
|
|
9ccdfb |
+ fingerPrint.Length(),overrideBits, isTemporaryOverride,hashAlg.get())
|
|
|
9ccdfb |
+ );
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PRBool certMatches = PR_FALSE;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if( (nsrv == NS_OK) && overrideResult) {
|
|
|
9ccdfb |
+ SECItem oid;
|
|
|
9ccdfb |
+ oid.data = nsnull;
|
|
|
9ccdfb |
+ oid.len = 0;
|
|
|
9ccdfb |
+ SECStatus srv = SEC_StringToOID(nsnull, &oid,
|
|
|
9ccdfb |
+ hashAlg.get(), hashAlg.Length());
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if (srv != SECSuccess) {
|
|
|
9ccdfb |
+ PR_Free(host);
|
|
|
9ccdfb |
+ host=NULL;
|
|
|
9ccdfb |
+ CERT_DestroyCertificate(serverCert);
|
|
|
9ccdfb |
+ serverCert=NULL;
|
|
|
9ccdfb |
+ PR_Unlock(certCBLock);
|
|
|
9ccdfb |
+ return secStatus;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ SECOidTag oid_tag = SECOID_FindOIDTag(&oid;;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ unsigned int hash_len = HASH_ResultLenByOidTag(oid_tag);
|
|
|
9ccdfb |
+ fingerprint = new unsigned char[hash_len];
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(!fingerprint) {
|
|
|
9ccdfb |
+ CERT_DestroyCertificate(serverCert);
|
|
|
9ccdfb |
+ serverCert=NULL;
|
|
|
9ccdfb |
+ PR_Unlock(certCBLock);
|
|
|
9ccdfb |
+ return secStatus;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ SECItem computedPrint;
|
|
|
9ccdfb |
+ memset(fingerprint, 0, sizeof fingerprint);
|
|
|
9ccdfb |
+ PK11_HashBuf(oid_tag, fingerprint,
|
|
|
9ccdfb |
+ serverCert->derCert.data, serverCert->derCert.len);
|
|
|
9ccdfb |
+ CERT_DestroyCertificate(serverCert);
|
|
|
9ccdfb |
+ serverCert=NULL;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ computedPrint.data=fingerprint;
|
|
|
9ccdfb |
+ computedPrint.len=hash_len;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ char *formattedPrint = CERT_Hexify(&computedPrint,1);
|
|
|
9ccdfb |
+ char *inputPrint = (char *)fingerPrint.get();
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ //Compare fingerprints.
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(formattedPrint && inputPrint) {
|
|
|
9ccdfb |
+ if(!PL_strcmp(formattedPrint, inputPrint))
|
|
|
9ccdfb |
+ certMatches = PR_TRUE;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+ PR_LOG( coolKeyLog, PR_LOG_DEBUG, ("%s certMatches: %d \n",
|
|
|
9ccdfb |
+ GetTStamp(tBuff,56),certMatches)
|
|
|
9ccdfb |
+ );
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(formattedPrint) {
|
|
|
9ccdfb |
+ PORT_Free(formattedPrint);
|
|
|
9ccdfb |
+ formattedPrint = NULL;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+ } else {
|
|
|
9ccdfb |
+ PR_LOG( coolKeyLog, PR_LOG_DEBUG, ("%s override test failed. \n",
|
|
|
9ccdfb |
+ GetTStamp(tBuff,56))
|
|
|
9ccdfb |
+ );
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if( certMatches ) {
|
|
|
9ccdfb |
+ if(overrideBits | errorBits)
|
|
|
9ccdfb |
+ secStatus = SECSuccess;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PR_Free(host);
|
|
|
9ccdfb |
+ host = NULL;
|
|
|
9ccdfb |
+ if(fingerprint) {
|
|
|
9ccdfb |
+ delete [] fingerprint;
|
|
|
9ccdfb |
+ fingerprint = NULL;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PR_Unlock(certCBLock);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ return secStatus;
|
|
|
9ccdfb |
+}
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
HRESULT rhCoolKey::doSetCoolKeyConfigValue(const char *aName, const char *aValue)
|
|
|
9ccdfb |
{
|
|
|
9ccdfb |
|
|
|
9ccdfb |
@@ -340,7 +559,7 @@
|
|
|
9ccdfb |
nssComponent
|
|
|
9ccdfb |
= do_GetService(PSM_COMPONENT_CONTRACTID);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
- CoolKeySetCallbacks(Dispatch,Reference, Release,doGetCoolKeyConfigValue ,doSetCoolKeyConfigValue);
|
|
|
9ccdfb |
+ CoolKeySetCallbacks(Dispatch,Reference, Release,doGetCoolKeyConfigValue ,doSetCoolKeyConfigValue,badCertHandler);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
mProxy = CreateProxyObject();
|
|
|
9ccdfb |
|
|
|
9ccdfb |
@@ -1262,6 +1481,38 @@
|
|
|
9ccdfb |
}
|
|
|
9ccdfb |
|
|
|
9ccdfb |
/* string GetCoolKeyIssuedTo (in unsigned long aKeyType, in string aKeyID); */
|
|
|
9ccdfb |
+NS_IMETHODIMP rhCoolKey::GetCoolKeyUID(PRUint32 aKeyType, const char *aKeyID, char **uid)
|
|
|
9ccdfb |
+{
|
|
|
9ccdfb |
+ char tBuff[56];
|
|
|
9ccdfb |
+ if (!aKeyID) {
|
|
|
9ccdfb |
+ return NS_ERROR_FAILURE;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ AutoCoolKey key(aKeyType, ( char *)aKeyID);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ char buff[512];
|
|
|
9ccdfb |
+ int bufLength = 512;
|
|
|
9ccdfb |
+ buff[0] = 0;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ CoolKeyGetUID(&key, (char *) buff, bufLength);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ if(!buff[0])
|
|
|
9ccdfb |
+ {
|
|
|
9ccdfb |
+ return NS_OK;
|
|
|
9ccdfb |
+ }
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ PR_LOG(coolKeyLog,PR_LOG_DEBUG,("%s rhCoolKey::RhGetCoolKeyGetUID %s \n",GetTStamp(tBuff,56),(char *) buff));
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ char *temp = (char *) nsMemory::Clone(buff,sizeof(char) * strlen(buff) + 1);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ *uid = temp;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+ return NS_OK;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+}
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
+/* string GetCoolKeyIssuedTo (in unsigned long aKeyType, in string aKeyID); */
|
|
|
9ccdfb |
NS_IMETHODIMP rhCoolKey::GetCoolKeyIssuedTo(PRUint32 aKeyType, const char *aKeyID, char **issuedTo)
|
|
|
9ccdfb |
{
|
|
|
9ccdfb |
char tBuff[56];
|
|
|
9ccdfb |
--- ./esc/src/app/xpcom/rhICoolKey.idl.fix6 2009-06-19 16:00:20.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/app/xpcom/rhICoolKey.idl 2009-06-19 16:00:32.000000000 -0700
|
|
|
9ccdfb |
@@ -66,6 +66,8 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
string GetCoolKeyCertInfo(in unsigned long aKeyType, in string aKeyID, in string aCertNickname);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+ string GetCoolKeyUID(in unsigned long aKeyType, in string aKeyID);
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
string GetCoolKeyIssuedTo(in unsigned long aKeyType, in string aKeyID);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
string GetCoolKeyIssuer(in unsigned long aKeyType, in string aKeyID);
|
|
|
9ccdfb |
--- ./esc/src/app/xpcom/Makefile.sdk.fix6 2009-06-19 15:54:52.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/app/xpcom/Makefile.sdk 2009-06-19 15:55:43.000000000 -0700
|
|
|
9ccdfb |
@@ -109,7 +109,7 @@
|
|
|
9ccdfb |
CPPFLAGS += -fno-rtti \
|
|
|
9ccdfb |
-fno-exceptions \
|
|
|
9ccdfb |
-fshort-wchar -fPIC
|
|
|
9ccdfb |
-GECKO_LD_LIBS=-L$(GECKO_SDK_PATH)/lib $(GECKO_SDK_PATH)/lib/libxpcomglue.a -lnss3 -lcrmf -lssl3 -lsmime3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl
|
|
|
9ccdfb |
+GECKO_LD_LIBS=-L$(GECKO_SDK_PATH)/lib $(GECKO_SDK_PATH)/lib/libxpcomglue.a -lnssutil3 -lnss3 -lcrmf -lssl3 -lsmime3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl
|
|
|
9ccdfb |
endif
|
|
|
9ccdfb |
|
|
|
9ccdfb |
ifeq ($(OS_ARCH),WINNT)
|
|
|
9ccdfb |
@@ -145,7 +145,7 @@
|
|
|
9ccdfb |
GECKO_INCLUDES += -I $(GECKO_SDK_PATH)/sdk/include
|
|
|
9ccdfb |
OBJECT = rhCoolKey.obj
|
|
|
9ccdfb |
OBJECTCSP = CoolKeyCSP.obj
|
|
|
9ccdfb |
-COOL_LDFLAGS = -IMPLIB:fake-import /LIBPATH:$(CORE_DIST)/lib ckymanager.lib httpchunked.lib $(GECKO_LD_LIBS) nss3.lib ssl3.lib smime3.lib softokn3.lib /LIBPATH:$(CKY_LIB_LDD) libckyapplet.lib crypt32.lib kernel32.lib user32.lib gdi32.lib winmm.lib wsock32.lib advapi32.lib /NODEFAULTLIB:libc.lib
|
|
|
9ccdfb |
+COOL_LDFLAGS = -IMPLIB:fake-import /LIBPATH:$(CORE_DIST)/lib ckymanager.lib httpchunked.lib $(GECKO_LD_LIBS) nssutil3.lib nss3.lib ssl3.lib smime3.lib softokn3.lib /LIBPATH:$(CKY_LIB_LDD) libckyapplet.lib crypt32.lib kernel32.lib user32.lib gdi32.lib winmm.lib wsock32.lib advapi32.lib /NODEFAULTLIB:libc.lib
|
|
|
9ccdfb |
endif
|
|
|
9ccdfb |
|
|
|
9ccdfb |
ifeq ($(OS_ARCH),Darwin)
|
|
|
9ccdfb |
--- ./esc/src/app/xpcom/rhCoolKey.h.fix6 2009-06-19 15:58:21.000000000 -0700
|
|
|
9ccdfb |
+++ ./esc/src/app/xpcom/rhCoolKey.h 2009-06-19 15:58:28.000000000 -0700
|
|
|
9ccdfb |
@@ -22,6 +22,15 @@
|
|
|
9ccdfb |
#include "nsIGenericFactory.h"
|
|
|
9ccdfb |
#include "nsEmbedString.h"
|
|
|
9ccdfb |
#include <list>
|
|
|
9ccdfb |
+#include "nspr.h"
|
|
|
9ccdfb |
+#include "prio.h"
|
|
|
9ccdfb |
+#include "ssl.h"
|
|
|
9ccdfb |
+#include "pk11func.h"
|
|
|
9ccdfb |
+#include "cert.h"
|
|
|
9ccdfb |
+#include "sslerr.h"
|
|
|
9ccdfb |
+#include "secerr.h"
|
|
|
9ccdfb |
+#include "sechash.h"
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
#include "CoolKey.h"
|
|
|
9ccdfb |
#include "nsCOMPtr.h"
|
|
|
9ccdfb |
#include "nsIObserver.h"
|
|
|
9ccdfb |
@@ -92,6 +101,7 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
static HRESULT doSetCoolKeyConfigValue(const char *aName, const char *aValue);
|
|
|
9ccdfb |
static const char *doGetCoolKeyConfigValue(const char *aName );
|
|
|
9ccdfb |
+ static SECStatus badCertHandler(void *arg, PRFileDesc *fd);
|
|
|
9ccdfb |
|
|
|
9ccdfb |
protected:
|
|
|
9ccdfb |
/* additional members */
|
|
|
9ccdfb |
@@ -107,6 +117,8 @@
|
|
|
9ccdfb |
|
|
|
9ccdfb |
static std::list< nsCOMPtr <rhIKeyNotify> > gNotifyListeners;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
+ static PRLock* certCBLock;
|
|
|
9ccdfb |
+
|
|
|
9ccdfb |
rhICoolKey* mProxy;
|
|
|
9ccdfb |
|
|
|
9ccdfb |
static PRBool gAutoEnrollBlankTokens;
|