advisor.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 2,020 行 · 第 1/5 页

    rv = (SSMStatus) SSM_CreateResource(SSM_RESTYPE_PKCS12_CONTEXT, 
                                        (void*)&p12Create,
                                        SSMRESOURCE(res)->m_connection,
                                        &rid, (SSMResource **)(&p12Cxt));
    if (rv != PR_SUCCESS) {
        goto done;
    }

    /* pass along Advisor's client context for window management */
      /* pass along Advisor's client context for window management */
    SSM_CopyCMTItem(&((SSMResource *)p12Cxt)->m_clientContext,
                    &((SSMResource *)res)->m_clientContext);
    
    rv = SSMPKCS12Context_RestoreCertFromPKCS12File(p12Cxt);
    if (rv == SSM_ERR_NEW_DEF_MAIL_CERT) {
        SSM_ChangeCertSecAdvisorList(req, NULL, certHashAdd);
        rv = SSMSecurityAdvisorContext_DoNewDefMailReponse(p12Cxt,req);
    } else {
        if (p12Cxt->super.m_buttonType == SSM_BUTTON_CANCEL){
            rv = SSM_SUCCESS;
            SSM_HTTPReportError(req, HTTP_NO_CONTENT);
        } else if (rv != SSM_SUCCESS) {
            responseKey = SSMUI_GetPKCS12Error(rv, PR_FALSE);
        } else {
            responseKey = "pkcs12_restore_success";
            SSM_ChangeCertSecAdvisorList(req, NULL, certHashAdd);
        }
        rv = SSMSecurityAdvisorContext_DoPKCS12Response(res, req, responseKey);
    }
 done:
    if (p12Cxt != NULL) {
        SSM_FreeResource(SSMRESOURCE(p12Cxt));
    }
    return rv;
}

static CERTCertificate*
SSMSecurityAdvisorContext_FindCertByNickname(SSMSecurityAdvisorContext *cx, 
                                             HTTPRequest *req,
                                             char *certNickname)
{
    CERTCertList      *certList     = NULL;
    CERTCertificate   *cert         = NULL;
    CERTCertListNode  *certListNode = NULL;
    PRInt32            numcerts     = 0;
    SSMTextGenContext *textGenCx    = NULL;
    SSMStatus          rv;
    char              *htmlTemplate = NULL;

    certList = CERT_NewCertList();
    certList = CERT_CreateNicknameCertList(certList, 
                                           cx->super.m_connection->m_certdb,
                                           certNickname, PR_Now(), PR_FALSE);

    if (certList == NULL) {
        certList = PK11_FindCertsFromNickname(certNickname, &cx->super);
        if (certList == NULL) {
            SSM_DEBUG("Could not find a certificate with nick '%s' "
                      "in cert database\n", certNickname);
            goto loser;
        }
    }
    certListNode = CERT_LIST_HEAD(certList);
    while (!CERT_LIST_END(certListNode, certList)) {
        numcerts++;
        certListNode = CERT_LIST_NEXT(certListNode);
    }
    if (numcerts > 1) {
        char * formName = NULL, *params = NULL;
        rv = SSM_HTTPParamValue(req, "formName", &formName);
        if (rv != SSM_SUCCESS || !formName)
            SSM_DEBUG("AdvisorContext_FindCertByNickname:Can't get original form\n");
        params = PR_smprintf("origin=%s",formName);

        cx->m_nickname = PL_strdup(certNickname);
        rv = SSMControlConnection_SendUIEvent(cx->super.m_connection,
                                              "get", 
                                              "choose_cert", 
                                              &cx->super,
                                              params,
                                              &cx->super.m_clientContext,
                                              PR_TRUE);
        /* Now wait until we are notified by the handler that the user 
         * has selected a cert.
         */
        SSM_LockUIEvent(&cx->super);
        SSM_WaitUIEvent(&cx->super, PR_INTERVAL_NO_TIMEOUT);
        cert = (CERTCertificate*)cx->super.m_connection->super.super.m_uiData;

        if (cx->super.m_buttonType != SSM_BUTTON_CANCEL) {
            /* 
             * If we don't sleep for a bit here, we cause Communicator to crash
             * because it tries to re-use a Window that gets killed.  Guess
             * we're just too fast for Communicator.
             */
            PR_Sleep(PR_TicksPerSecond()*1);
        }
        PR_FREEIF(cx->m_nickname);
        cx->m_nickname = NULL;
        PR_FREEIF(params);
    } else {
        cert = CERT_FindCertByNickname(cx->super.m_connection->m_certdb,
                                       certNickname);
        cx->super.m_buttonType = SSM_BUTTON_OK;
    }
    CERT_DestroyCertList(certList);
    return cert;
 loser:
    PR_FREEIF(htmlTemplate);
    if (certList != NULL) {
        CERT_DestroyCertList(certList);
    }
    if (cert != NULL) {
        CERT_DestroyCertificate(cert);
    }
    if (textGenCx != NULL) {
        SSMTextGen_DestroyContext(textGenCx);
    }
    return NULL;
}

typedef struct SSMFindMineArgStr {
    CERTCertList *certList;
    SSMControlConnection *ctrl;
} SSMFindMineArg;

static SSMStatus
ssm_find_all_mine(PRIntn index, void *arg, void *key, void *itemdata)
{
    ssmCertData * data = (ssmCertData*)itemdata;
    SSMFindMineArg *findArg = (SSMFindMineArg*) arg;
    char *nick = (char*)key;
    SSMStatus rv = SSM_FAILURE;

    if (data->usage == clAllMine) {
        CERTCertList *tmpList;

        tmpList = CERT_CreateNicknameCertList(findArg->certList,
                                              findArg->ctrl->m_certdb,
                                              nick, PR_Now(), PR_FALSE);

        if (tmpList != NULL) {
            rv = SSM_SUCCESS;
        }
    }
    return rv;
}

SSMStatus
SSMSecurityAdvisorContext_BackupAllMineCerts(SSMSecurityAdvisorContext *cx, 
                                             HTTPRequest               *req)
{
    SSMFindMineArg arg;
    CERTCertList *certList=NULL;
    SSMPKCS12Context *p12Cxt=NULL;
    SSMPKCS12CreateArg p12Create;
    SSMResourceID rid;
    SSMStatus rv;
    CERTCertificate **certArr = NULL;
    int numCerts,i, finalCerts, currIndex;
    CERTCertListNode *node;
    PRIntn numNicks;
    const char *responseKey;

    certList = CERT_NewCertList();
    if (certList == NULL) {
        goto loser;
    }
    arg.certList = certList;
    arg.ctrl     = req->ctrlconn;
    numNicks = SSMSortedList_Enumerate(cx->m_certhash, ssm_find_all_mine, 
                                       &arg);
    if (numNicks <= 0){
        /* No certs to backup */
        SSM_HTTPReportError(req, HTTP_NO_CONTENT);
        goto loser;
    }
    certList = arg.certList;
    p12Create.isExportContext = PR_TRUE;
    rv = (SSMStatus) SSM_CreateResource(SSM_RESTYPE_PKCS12_CONTEXT,
                                        (void*)&p12Create, req->ctrlconn,
                                        &rid, (SSMResource**)(&p12Cxt));
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    SSM_CopyCMTItem(&p12Cxt->super.m_clientContext, 
                    &cx->super.m_clientContext);
    
    numCerts = SSM_CertListCount(certList);
    certArr = SSM_NEW_ARRAY(CERTCertificate*,numCerts);
    if (certArr == NULL) {
        goto loser;
    }
    node = CERT_LIST_HEAD(certList);
    for (i=0, currIndex=0, finalCerts=numCerts; i<numCerts; i++) {
        if (node->cert->slot == NULL ||
            PK11_IsInternal(node->cert->slot)) {
            certArr[currIndex] = node->cert;
            currIndex++;
        } else {
            finalCerts--;
        }
        node = CERT_LIST_NEXT(node);
    }
    rv = SSMPKCS12Context_CreatePKCS12FileForMultipleCerts(p12Cxt,
                                                           PR_TRUE,
                                                           certArr,
                                                           finalCerts);
    PR_Free(certArr);
    certArr = NULL;
    CERT_DestroyCertList(certList);
    certList = NULL;
    if (rv == SSM_SUCCESS) {
        responseKey = (finalCerts > 1) ? "pkcs12_backup_multiple_success" :
                                         "pkcs12_backup_success";
    } else {
        if (p12Cxt->super.m_buttonType == SSM_BUTTON_CANCEL) {
            goto loser;
        } else {
            responseKey = SSMUI_GetPKCS12Error(rv, PR_TRUE);
        }
    }
    SSM_FreeResource(&p12Cxt->super);
    p12Cxt = NULL;
    if (SSMSecurityAdvisorContext_DoPKCS12Response(cx, req, responseKey)
        != SSM_SUCCESS) {
        goto loser;
    }
    return SSM_SUCCESS;
 loser:
    PR_FREEIF(certArr);
    if (certList != NULL) {
        CERT_DestroyCertList(certList);
    }
    if (p12Cxt != NULL) {
        SSM_FreeResource(&p12Cxt->super);
    }
    SSM_HTTPReportError(req, HTTP_NO_CONTENT);
    return SSM_FAILURE;
}
SSMStatus SSMSecurityAdvisorContext_DoPKCS12Backup(
                                              SSMSecurityAdvisorContext *cx,
                                              HTTPRequest               *req)
{
    SSMStatus rv;
    char *certNickname;
    const char *responseKey;
    SSMPKCS12CreateArg p12Create;
    SSMResourceID rid;
    SSMPKCS12Context *p12Cxt;

    p12Create.isExportContext = PR_TRUE;
    rv = (SSMStatus) SSM_CreateResource(SSM_RESTYPE_PKCS12_CONTEXT, 
                                        (void*)&p12Create,
                                        SSMRESOURCE(cx)->m_connection,
                                        &rid, (SSMResource **)(&p12Cxt));
    if (rv != PR_SUCCESS) {
        goto loser;
    }
    /* pass along Advisor's client context for window management */
    SSM_CopyCMTItem(&((SSMResource *)p12Cxt)->m_clientContext,
                    &((SSMResource *)cx)->m_clientContext);

    rv = SSM_HTTPParamValue(req, "selectCert", &certNickname);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    
    p12Cxt->m_cert = 
        SSMSecurityAdvisorContext_FindCertByNickname(cx, req, certNickname);

    if (cx->super.m_buttonType == SSM_BUTTON_CANCEL) {
        goto loser;
    }
    if (p12Cxt->m_cert == NULL) {
        goto loser;
    }

    /* p12Cxt->super.m_clientContext = cx->super.m_clientContext; */
    rv = SSMPKCS12Context_CreatePKCS12File(p12Cxt, PR_TRUE);
    if (rv == SSM_SUCCESS) {
        responseKey = "pkcs12_backup_success";
    } else {
        if (p12Cxt->super.m_buttonType == SSM_BUTTON_CANCEL) {
            goto loser;
        } else {
            responseKey = SSMUI_GetPKCS12Error(rv, PR_TRUE);
        }
    }
    if (SSMSecurityAdvisorContext_DoPKCS12Response(cx, req, responseKey)
        != SSM_SUCCESS) {
        goto loser;
    }
    SSM_FreeResource(&p12Cxt->super);
    return SSM_SUCCESS;
 loser:
    if (p12Cxt != NULL) {
        SSM_FreeResource(&p12Cxt->super);
    }
    SSM_HTTPReportError(req, HTTP_NO_CONTENT);
    return SSM_FAILURE;
}

char *
ssm_packb64_name(char *b64Name)
{
    char *htmlString = NULL;
    int numPercentSigns = 0;
    char *cursor, *retString;
    int i, newLen, origHTMLStrLen; 

    htmlString = SSM_ConvertStringToHTMLString(b64Name);
    /*
     * Now let's see if there are any '%' characters that need
     * to be escaped so that printf statements succeed.
     */
    cursor = htmlString;
    while ((cursor = PL_strchr(cursor, '%')) != NULL) {
        numPercentSigns++;
        cursor++;
    }
    if (numPercentSigns == 0) {
        htmlString;
    }
    origHTMLStrLen = PL_strlen(htmlString);
    newLen = origHTMLStrLen + numPercentSigns + 1;
    retString = SSM_NEW_ARRAY(char, newLen);
    for (i=0,cursor=retString; i<origHTMLStrLen+1; i++,cursor++) {
        if (htmlString[i] == '%') {
            char *dollarSign, *placeHolder;
            /*
             * Let's see if this a urlencoded escape or a printf parameter.
             */
            placeHolder = &htmlString[i];
            dollarSign = PL_strchr(placeHolder, '$');
            if (dollarSign && ((dollarSign - placeHolder) < 2)) {
                /*
                 * OK, this is a numbered parameter for printf
                 */
                *cursor = htmlString[i];
            } else {
                /*
                 * This is an escape for url encoding.  Escape it so printf
                 * doesn't blow up.
                 */
                *cursor = '%';
                cursor++;
                *cursor = '%';
            }
        } else {
            *cursor = htmlString[i];
        }
    }
    PR_Free(htmlString);
    return retString;
}

SSMStatus
SSMSecurityAdvisorContext_ProcessCRLDialog (HTTPRequest *req)
{
    SSMHTTPParamMultValues crlNames={NULL, NULL, 0};
    CERTSignedCrl *realCrl;
    SECItem crlDERName;
    PRBool flushSSLCache = PR_FALSE;
    SSMStatus rv;
    SECStatus srv;
    int i, type;

    rv = SSM_HTTPParamValueMultiple(req, "crlNames", &crlNames);
    if (rv != SSM_SUCCESS || crlNames.numValues == 0) {
        goto loser;
    }
    memset (&crlDERName, 0, sizeof(SECItem));
    for (i=0; i<crlNames.numValues; i++) {
        /*
         * The first character in the value string represents the type,
         * either 1 (SEC_CRL_TYPE) or 0 (SEC_KRL_TYPE)
         */
        srv = ATOB_ConvertAsciiToItem(&crlDERName, crlNames.values[i]+1);
        if (srv != SECSuccess) {
            goto loser;
        }
        type = (crlNames.values[i][0] == '1') ? SEC_CRL_TYPE : SEC_KRL_TYPE;
        realCrl = SEC_FindCrlByName(req->ctrlconn->m_certdb, 
                                    &crlDERName, type);
        SECITEM_FreeItem(&crlDERName, PR_FALSE);
        if (realCrl) {
            SEC_DeletePermCRL(realCrl);
            SEC_DestroyCrl(realCrl);
            flushSSLCache = PR_TRUE;            
        }
    }
    if (flushSSLCache) {
        SSL_ClearSessionCache();
    }
    if (!SSM_IsCRLPresent(req->ctrlconn)) {
        /*
         * In this case, there are no more CRLs in the database,
         * so we'll replace the baseRef with one that will cause
         * the security advisor to refresh itself and elminate the
         * "Delete CRLs" button.
         */
        for (i=0; i<req->numParams; i++) {
            char *crlCloseKey = "crlclose_doclose_js";