advisor.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 2,020 行 · 第 1/5 页

            if (PL_strcmp(req->paramNames[i], "baseRef") == 0) {
                memcpy (req->paramValues[i], crlCloseKey, 
                        PL_strlen(crlCloseKey)+1);
                break;
            }
        }
    }

    if (SSM_HTTPDefaultCommandHandler(req) != SSM_SUCCESS) {
        goto loser;
    }
    PR_FREEIF(crlNames.values);
    return SSM_SUCCESS;
 loser:
    PR_FREEIF(crlNames.values);
    return SSM_FAILURE;
}

SSMStatus SSMSecurityAdvisorContext_Process_cert_mine_form(
                                                SSMSecurityAdvisorContext *res,
                                                HTTPRequest *req)
{
    SSMStatus  rv= SSM_FAILURE;
    char      *button;
    
    /* Figure out which one of the buttons on the form was pressed. */
    if (SSM_HTTPParamValue(req, "backup", &button) == SSM_SUCCESS) {
      if (button != NULL) {
        rv = SSMSecurityAdvisorContext_DoPKCS12Backup(res, req);
      }
    } else if (SSM_HTTPParamValue(req, "restore", &button) == SSM_SUCCESS) {
      if (button != NULL) {
        rv = SSMSecurityAdvisorContext_DoPKCS12Restore(res, req);
      }
    } else if (SSM_HTTPParamValue(req, "delete", &button) == SSM_SUCCESS) {
        if (button != NULL) {
            rv = SSM_ProcessCertDeleteButton(req);
        }
    } else if (SSM_HTTPParamValue(req, "password", &button) == SSM_SUCCESS) {
        if (button != NULL) {
            rv = SSM_ProcessPasswordWindow(req);
        }
    } else if (SSM_HTTPParamValue(req, "ldap", &button) == SSM_SUCCESS) {
        if (button != NULL) {
            rv = SSM_ProcessLDAPWindow(req);
        }
    } else if (SSM_HTTPParamValue(req, "backup_all", &button) == SSM_SUCCESS) {
        if (button != NULL) {
            rv = SSMSecurityAdvisorContext_BackupAllMineCerts(res, req);
        }
    } else if (SSM_HTTPParamValue(req, "crlButton", &button) == SSM_SUCCESS) {
        if (button != NULL) {
	    rv = SSM_HTTPReportError(req, HTTP_NO_CONTENT);
	}
    }
    return rv;
}

static SSMStatus
SSMSecurityAdvisorContext_SetConfigOCSP(SSMSecurityAdvisorContext *cx, 
                                        HTTPRequest               *req)
{
    char *responderURL = NULL, *caNickname = NULL;
    char *enableOCSP = NULL;
    CERTCertDBHandle  *db;
    SSMStatus rv;
    SECStatus srv;

    db = cx->super.m_connection->m_certdb;
    rv = SSM_HTTPParamValue(req, "enableOCSP", &enableOCSP);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    if (!strcmp(enableOCSP,"noOCSP")) {
        CERT_DisableOCSPChecking(db);
        SSMControlConnection_SaveBoolPref(req->ctrlconn, 
                                          "security.OCSP.enabled", 
                                          PR_FALSE);
        SSMControlConnection_SaveBoolPref(req->ctrlconn, 
                                          "security.OCSP.useDefaultResponder", 
                                          PR_FALSE);
        CERT_DisableOCSPChecking(db);
        CERT_DisableOCSPDefaultResponder(db);
    } else if (!strcmp(enableOCSP,"noDefaultResponder")) {
        srv = CERT_EnableOCSPChecking(db);
        SSMControlConnection_SaveBoolPref(req->ctrlconn, 
                                          "security.OCSP.enabled", 
                                          PR_TRUE);
        SSMControlConnection_SaveBoolPref(req->ctrlconn, 
                                          "security.OCSP.useDefaultResponder", 
                                          PR_FALSE);
        if (srv != SECSuccess) {
            goto loser;
        }
        CERT_DisableOCSPDefaultResponder(db);
    } else if (!strcmp(enableOCSP,"useDefaultResponder")) {
        srv = CERT_EnableOCSPChecking(db);
        SSMControlConnection_SaveBoolPref(req->ctrlconn, 
                                          "security.OCSP.enabled", 
                                          PR_TRUE);
        SSMControlConnection_SaveBoolPref(req->ctrlconn, 
                                          "security.OCSP.useDefaultResponder", 
                                          PR_TRUE);
        if (srv != SECSuccess) {
            goto loser;
        }
        rv = SSM_HTTPParamValue(req, "ocspURL", &responderURL);
        if (rv != SSM_SUCCESS) {
            goto loser;
        }
        SSMControlConnection_SaveStringPref(req->ctrlconn, 
                                            "security.OCSP.URL", 
                                            responderURL);
        rv = SSM_HTTPParamValue(req, "selectCert", &caNickname);
        if (rv != SSM_SUCCESS) {
            goto loser;
        }
        SSMControlConnection_SaveStringPref(req->ctrlconn, 
                                            "security.OCSP.signingCA", 
                                            caNickname);
        srv = CERT_SetOCSPDefaultResponder(db, responderURL, caNickname);
        if (srv != SECSuccess) {
            goto loser;
        }
        srv = CERT_EnableOCSPDefaultResponder(db);
        if (srv != SECSuccess) {
            goto loser;
        }
    } else {
        goto loser;
    }
    return SSM_SUCCESS;

 loser:
    return SSM_FAILURE;
}

static SSMStatus
SSMSecurityAdvisorContext_ProcessOCSPForm(SSMSecurityAdvisorContext *cx, 
                                          HTTPRequest               *req)
{
    SSMStatus rv = SSM_SUCCESS;
    /*
     * First, if the Cancel button was pressed, then don't 
     * process the form.
     */
    if (cx->super.m_buttonType == SSM_BUTTON_OK) {
        rv = SSMSecurityAdvisorContext_SetConfigOCSP(cx, req);
    }
    SSM_HTTPDefaultCommandHandler(req);
    return rv;
}

SSMStatus SSMSecurityAdvisorContext_FormSubmitHandler(SSMResource *res,
                                                      HTTPRequest *req)
{
    SSMStatus  rv;
    char      *formName;

    if (!SSM_IsAKindOf(res, SSM_RESTYPE_SECADVISOR_CONTEXT)) {
        return SSM_FAILURE;
    }

    /* First figure out which form we're processing. */
    rv = SSM_HTTPParamValue(req, "formName", &formName);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }

    if (PL_strcmp(formName, "prefs_submit_form") == 0) {
        /* save pref changes and close the Security Advisor */
        rv = SSMSecurityAdvisorContext_SavePrefs
            ((SSMSecurityAdvisorContext*)res, req);
    }
    else if (!strcmp(formName, "cert_mine_form") ||
             !strcmp(formName, "cert_others_form") ||
             !strcmp(formName, "cert_websites_form") ||
             !strcmp(formName, "cert_authorities_form")) {
      rv = SSMSecurityAdvisorContext_Process_cert_mine_form
        ((SSMSecurityAdvisorContext*)res, req);
    } else if (!strcmp(formName, "choose_cert_by_usage")) {
      rv = SSM_ChooseCertUsageHandler(req);
    } else if (!strcmp(formName, "set_db_password")) {
      rv = SSM_SetDBPasswordHandler(req);
    } else if (!strcmp(formName, "configureOCSPForm")){
      rv = SSMSecurityAdvisorContext_ProcessOCSPForm
                                       ((SSMSecurityAdvisorContext*)res, req);
    } else if (!strcmp(formName, "crlDialog")){
        rv = SSMSecurityAdvisorContext_ProcessCRLDialog(req);
    }else {
      rv = SSM_ERR_BAD_REQUEST; 
      SSM_HTTPReportSpecificError(req, "Do not know how to process form %s",
                                  formName);
    }
  loser:
    return rv;
}

SSMStatus
SSMSecurityAdvisorContext_Print(SSMResource *res,
                                char *fmt, PRIntn numParam,
                                char **value, char **resultStr)
{
    SSMSecurityAdvisorContext *cx = (SSMSecurityAdvisorContext*)res;
    SSMStatus rv;

    PR_ASSERT(fmt != NULL && resultStr != NULL);
    if (!SSM_IsAKindOf(res, SSM_RESTYPE_SECADVISOR_CONTEXT)) {
        return PR_FAILURE;
    }
    /* We don't use the extra parameters */
    if (cx->m_nickname != NULL) {
        *resultStr = PR_smprintf(fmt, res->m_id, "backup", cx->m_nickname, *value);
        rv = (*resultStr == NULL) ? PR_FAILURE : PR_SUCCESS;
    } else {
        rv = SSMResource_Print(res, fmt, numParam, value, resultStr);
    }
    return rv;
}

SSMStatus SSM_SetSelectedItemInfo(SSMSecurityAdvisorContext* cx)
{
	SSMStatus rv = SSM_SUCCESS;

    switch (cx->infoContext)
    {
        case SSM_NOINFO:
            cx->selectedItemPage = SSM_NO_INFO;
            break;
        case SSM_COMPOSE:
            break;
		case SSM_SNEWS_MESSAGE:
		case SSM_NEWS_MESSAGE:
        case SSM_MAIL_MESSAGE:
            cx->selectedItemPage = SSM_MESSAGE;
			if (cx->encryptedP7CInfo) {
			    /* Get the P7 Content info resource */
				rv = SSMControlConnection_GetResource(SSMRESOURCE(cx)->m_connection, (SSMResourceID)cx->encryptedP7CInfo,
					  (SSMResource**)&cx->encryptedP7CInfoRes);
				if ((rv != PR_SUCCESS) || (cx->encryptedP7CInfoRes == NULL)) {
					goto loser;
				}
			}
			if (cx->signedP7CInfo) {
			    /* Get the P7 Content info resource */
				rv = SSMControlConnection_GetResource(SSMRESOURCE(cx)->m_connection, (SSMResourceID)cx->signedP7CInfo,
					  (SSMResource**)&cx->signedP7CInfoRes);
				if ((rv != PR_SUCCESS) || (cx->signedP7CInfoRes == NULL)) {
					goto loser;
				}
			}

			if (!cx->encryptedP7CInfo &&
				!cx->signedP7CInfo &&
				cx->verifyError &&
				!cx->decodeError) {
				/* Somehow we have the error code backwards */
				cx->decodeError = cx->verifyError;
				cx->verifyError = 0;
			}

			cx->encrypted_b = (cx->decodeError ||
								(cx->encryptedP7CInfo &&
								SEC_PKCS7ContentIsEncrypted(cx->encryptedP7CInfoRes->m_cinfo)) ||
								(cx->signedP7CInfo &&
								SEC_PKCS7ContentIsEncrypted(cx->signedP7CInfoRes->m_cinfo)));
			cx->signed_b = (cx->verifyError ||
								(cx->encryptedP7CInfo &&
								SEC_PKCS7ContentIsSigned(cx->encryptedP7CInfoRes->m_cinfo)) ||
								(cx->signedP7CInfo &&
								SEC_PKCS7ContentIsSigned(cx->signedP7CInfoRes->m_cinfo)));
            break;
        case SSM_BROWSER:
            if (cx->resID == 0) {
                cx->selectedItemPage = SSM_NAVIGATOR_NO_SEC;
            } else {
                cx->selectedItemPage = SSM_NAVIGATOR_SSL;
            }
            break;
        default:
            cx->selectedItemPage = SSM_NO_INFO;
            break;
    }
	return rv;

loser:
	return SSM_FAILURE;
}

SSMStatus sa_noinfo(SSMTextGenContext *cx)
{
    SSMStatus rv = SSM_SUCCESS;
    SSMResource *target = NULL;
    SSMSecurityAdvisorContext* res = NULL;
	char *fmt = NULL;

    /* get the connection object */
    target = SSMTextGen_GetTargetObject(cx);
    PR_ASSERT(target != NULL);
    res = (SSMSecurityAdvisorContext*)target;

	rv = SSM_GetAndExpandTextKeyedByString(cx, "sa_noinfo", &fmt);
	if (rv != SSM_SUCCESS) {
		goto loser;
	}
        PR_FREEIF(cx->m_result);
	cx->m_result = fmt;

	return SSM_SUCCESS;
loser:
	return SSM_FAILURE;
}

SSMStatus sa_navigator(SSMTextGenContext *cx)
{
    SSMStatus rv = SSM_SUCCESS;
    SSMResource *target = NULL;
    SSMSecurityAdvisorContext* res = NULL;
	char *fmt = NULL;
	SSMSSLSocketStatus *socketStatusRes = NULL;
	char * encryption_level = NULL;
	char * serverCN = NULL;
	char * issuerName = NULL;
	CERTCertificate *issuerCert = NULL;
	SSMResourceCert *serverCertRes = NULL, *issuerCertRes = NULL;
	int serverCertResID, issuerCertResID;

    /* get the connection object */
    target = SSMTextGen_GetTargetObject(cx);
    PR_ASSERT(target != NULL);
    res = (SSMSecurityAdvisorContext*)target;

	if (res->resID == 0) {
		rv = SSM_GetAndExpandTextKeyedByString(cx, "sa_navigator_no_sec", &fmt);
		if (rv != SSM_SUCCESS) {
			goto loser;
		}
                PR_FREEIF(cx->m_result);
		cx->m_result = PR_smprintf(fmt, res->hostname, res->hostname);
		PR_Free(fmt);
		return SSM_SUCCESS;
	} else {
	    /* Get the socket status resource */
		rv = SSMControlConnection_GetResource(SSMRESOURCE(res)->m_connection, (SSMResourceID)res->resID,
						  (SSMResource**)&socketStatusRes);
		if ((rv != PR_SUCCESS) || (socketStatusRes == NULL)) {
			goto loser;
		}
        /*
         * We inherit the client's reference here.
         */
        res->socketStatus = socketStatusRes;
		/* Do we have an error */
		if (!socketStatusRes->m_error) {
			rv = SSM_GetAndExpandTextKeyedByString(cx, "sa_navigator_ssl", &fmt);
			if (rv != SSM_SUCCESS) {
				goto loser;
			}
#if 0
			/* Create a resource for this cert */
			rv = SSM_CreateResource(SSM_RESTYPE_CERTIFICATE,
									socketStatusRes->m_cert,
									SSMRESOURCE(res)->m_connection,
									(long *) &serverCertResID,
									(SSMResource**)&serverCertRes);
			if (rv != PR_SUCCESS) {
				goto loser;
			}
#else
            serverCertResID = socketStatusRes->m_cert->super.m_id;
            serverCertRes = socketStatusRes->m_cert;
#endif
			issuerName = CERT_NameToAscii(&socketStatusRes->m_cert->cert->issuer);

			if (socketStatusRes->m_level == SSL_SECURITY_STATUS_ON_HIGH) {
				SSM_GetUTF8Text(cx, "high_grade_encryption", &encryption_level);
			} else {
				SSM_GetUTF8Text(cx, "low_grade_encryption", &encryption_level);
			}
            PR_FREEIF(cx->m_result);
			cx->m_result = PR_smprintf(fmt, res->hostname, issuerName, target->m_id, serverCertResID,
										encryption_level, socketStatusRes->m_cipherName,
										socketStatusRes->m_secretKeySize);
			PR_Free(issuerName);
			PR_Free(encryption_level);
			PR_Free(fmt);
            SSM_FreeResource(&socketStatusRes->super);
			return SSM_SUCCESS;
		} else {
			if (socketStatusRes->m_error == SEC_ERROR_UNKNOWN_ISSUER ||
				socketStatusRes->m_error == SEC_ERROR_CA_CERT_INVALID ) {
				rv = SSM_GetAndExpandTextKeyedByString(cx, "sa_navigator_ssl_unknown_issuer", &fmt);
				if (rv != SSM_SUCCESS) {
					goto loser;
				}

				/* Get the common name of the issuer */
				issuerName = CERT_NameToAscii(&socketStatusRes->m_cert->cert->issuer);
				if (!issuerName) {
					goto loser;
				}

				/* Get the common name of the server cert */
				serverCN = CERT_GetCommonName(&socketStatusRes->m_cert->cert->subject);