processmsg.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 2,164 行 · 第 1/5 页

  case SSM_HTML_INFO:
    rv = SSMControlConnection_ProcessHTMLCertInfoRequest(ctrl, msg);
    break;
  default:
     SSM_DEBUG("Unknown cert request (%lx).\n",
                                              (msg->type & SSM_SUBTYPE_MASK));
     goto loser;
  }
  goto done;
   loser:
    SSM_DEBUG("ProcessCertRequest: loser hit, rv = %ld.\n",
                          rv);
    if (msg->data)
    {
        PR_Free(msg->data);
        msg->data = NULL;
        msg->len = 0;
    }
    if (rv == PR_SUCCESS) rv = PR_FAILURE;
 done:
    return rv;
}

PRStatus
SSMControlConnection_ProcessKeygenTag(SSMControlConnection * ctrl, 
                                        SECItem * msg)
{
  SSMStatus rv = PR_SUCCESS;
  
  SSM_DEBUG("Got a KEYGEN form tag processing request.\n");
  switch (msg->type & SSM_SUBTYPE_MASK) {
  case SSM_GET_KEY_CHOICE:
    rv = SSMControlConnection_ProcessGetKeyChoiceList(ctrl, msg);
    break;
  case SSM_KEYGEN_TOKEN:
      rv = SSMControlConnection_ProcessGenKeyOldStyleToken(ctrl, msg);
      break;
  case SSM_KEYGEN_PASSWORD:
      rv = SSMControlConnection_ProcessGenKeyPassword(ctrl, msg);
      break;
  case SSM_KEYGEN_START:
      /* We might need to do another message exchange before 
       * we complete this request, to get slot password.
       * Therefore, generate keys on a separate thread, 
       * and let this thread service other messages. -jp
       */
      {
          genKeyArg * arg = (genKeyArg *) PR_Malloc(sizeof(genKeyArg));
          if (!arg) 
              SSM_DEBUG("Memory allocation error!\n");
          arg->ctrl = ctrl;
          arg->msg  = SECITEM_DupItem(msg);
          
          if (SSM_CreateAndRegisterThread(PR_USER_THREAD,
                              SSMControlConnection_ProcessGenKeyOldStyle,
                              (void *)arg,
                              PR_PRIORITY_NORMAL,
                              PR_LOCAL_THREAD,
                              PR_UNJOINABLE_THREAD, 0)== NULL) {
              SSM_DEBUG("Can't start a new thread for old-style keygen!\n");
              rv = SSM_FAILURE;
          }
          else rv = SSM_ERR_DEFER_RESPONSE;
      }
  break;
  default:
      SSM_DEBUG("Unknown KEYGEN request (%lx).\n",
                (msg->type & SSM_SUBTYPE_MASK));
      goto loser;
  }
  goto done;
loser:
  SSM_DEBUG("ProcessKeygenTag: loser hit, rv = %ld.\n",
            rv);
  if (msg->data)
      {
          PR_Free(msg->data);
          msg->data = NULL;
          msg->len = 0;
      }
  if (rv == PR_SUCCESS) rv = PR_FAILURE;
done:
  return (PRStatus) rv;
}

  
SSMStatus 
SSMControlConnection_ProcessVerifyCertRequest(SSMControlConnection * ctrl, 
                                              SECItem * msg)
{
  SSMResource *obj;
  SSMStatus rv;
  VerifyCertRequest request;
  SingleNumMessage reply;

    SSM_DEBUG("Got a Cert Verify request.\n");
    /* Decode message and get resource/field ID */
    if (CMT_DecodeMessage(VerifyCertRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) {
        goto loser;
    }
    msg->data = NULL;
    SSM_DEBUG("Rsrc ID %ld, certUsage %d.\n", request.resID, request.certUsage);
 
    rv = SSMControlConnection_GetResource(ctrl, request.resID, &obj);
    if (rv != PR_SUCCESS) goto loser;
    PR_ASSERT(obj != NULL);
 
    /* getting this far means success, send the result of verification */
    rv = SSM_VerifyCert((SSMResourceCert *)obj, (SECCertUsage) request.certUsage);
    msg->data = NULL;
    msg->len = 0;
    msg->type = (SECItemType) (SSM_CERT_ACTION | SSM_VERIFY_CERT | SSM_REPLY_OK_MESSAGE);
 
    reply.value = rv;
    if (CMT_EncodeMessage(SingleNumMessageTemplate, (CMTItem*)msg, &reply) != CMTSuccess) {
        goto loser;
    }
    if (msg->data == NULL || msg->len == 0) goto loser;
    return PR_SUCCESS;
 
    /* something went wrong, could not perform cert verification */
loser:
    return PR_FAILURE;
}

SSMStatus
SSMControlConnection_ProcessDecodeCertRequest(SSMControlConnection * ctrl, 
					      SECItem * msg)
{
  SSMStatus rv;
  CERTCertificate * cert;
  SSMResourceID certID;
  SSMResource * certRes;
  SingleItemMessage request;
  SingleNumMessage reply;

  SSM_DEBUG("Got an DecodeCert request.\n");
  /* Decode message */
  if (CMT_DecodeMessage(SingleItemMessageTemplate, &request, (CMTItem*)msg) != CMTSuccess) {
      goto loser;
  }

  msg->data = NULL;
  msg->len = 0; 

  /* decode the cert */
  cert = CERT_DecodeCertFromPackage((char *) request.item.data, (int) request.item.len);
  if (!cert) {
    SSM_DEBUG("Can't decode a cert from the buffer!\n");
    goto loser; 
  }

  /* create cert resource for this new cert */
  rv = SSM_CreateResource(SSM_RESTYPE_CERTIFICATE, cert, ctrl, &certID, &certRes);
  if (rv != PR_SUCCESS) {
    SSM_DEBUG("In decode cert: can't create certificate resource.\n"); 
    goto loser;
  }
  SSM_ClientGetResourceReference(certRes, NULL);
  msg->type = (SECItemType) (SSM_REPLY_OK_MESSAGE | SSM_CERT_ACTION | SSM_DECODE_CERT);
  reply.value = certID;
  if (CMT_EncodeMessage(SingleNumMessageTemplate, (CMTItem*)msg, &reply) != CMTSuccess) {
      goto loser;
  }
  if (!msg->data || msg->len == 0)
    goto loser;  

  return PR_SUCCESS;

loser:
  /* compose error reply */
  msg->type = (SECItemType) (SSM_REPLY_ERR_MESSAGE |  SSM_CERT_ACTION | SSM_DECODE_CERT);
  if (msg->data)
    PR_Free(msg->data);
  msg->data = NULL;
  msg->len = 0;
  return PR_FAILURE;
}

char *
SSMControlConnection_GenerateKeyOldStyle(SSMControlConnection * ctrl, 
					 char * choiceString, char * challenge,
					 char * typeString, char * pqgString);

void 
SSMControlConnection_ProcessGenKeyOldStyle(void * arg) 
{
  char * keydata      = NULL;
  GenKeyOldStyleRequest request;
  SingleStringMessage reply;
  genKeyArg * myarg = (genKeyArg *)arg;
  CMTItem * msg = (CMTItem*)myarg->msg;
  SSMControlConnection * ctrl = myarg->ctrl;
  SSMStatus rv = SSM_FAILURE;

  if (CMT_DecodeMessage(GenKeyOldStyleRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) {
      goto loser;
  }
  
  reply.string = SSMControlConnection_GenerateKeyOldStyle(ctrl, 
                                                          request.choiceString,
                                                          request.challenge, 
                                                          request.typeString, 
                                                          request.pqgString);
  if (!reply.string) 
    goto loser;
  
  /* create reply message */
  msg->type = SSM_REPLY_OK_MESSAGE | SSM_KEYGEN_TAG | SSM_KEYGEN_DONE;
  if (CMT_EncodeMessage(SingleStringMessageTemplate, (CMTItem*)msg, &reply) != CMTSuccess) {
      goto loser;
  }
  if (!msg->len || !msg->data)
    goto loser;
  rv = SSM_SendQMessage(ctrl->m_controlOutQ, SSM_PRIORITY_NORMAL, 
		   msg->type, msg->len, (char *)msg->data, PR_TRUE);

loser:
  /* clean up */
  if (reply.string) 
    PR_Free(reply.string);
  if (request.choiceString) 
    PR_Free(request.choiceString);
  if (request.challenge)
    PR_Free(request.challenge);
  if (request.pqgString)
    PR_Free(request.pqgString);
  if (request.typeString)
    PR_Free(request.typeString);
  if (keydata)
    PR_Free(keydata);
  SSMControlConnection_RecycleItem((SECItem*)msg);
  msg = NULL;
  PR_Free(myarg);
  if (rv != SSM_SUCCESS) {
      SingleNumMessage err_reply;
      msg = (CMTItem *) PORT_ZAlloc(sizeof(CMTItem));
      SSM_DEBUG("Problems generating keys old style!\n");
      msg->type = SSM_REPLY_ERR_MESSAGE;
      err_reply.value = rv;
      CMT_EncodeMessage(SingleNumMessageTemplate, (CMTItem*)msg, &err_reply);
      SSM_SendQMessage(ctrl->m_controlOutQ, SSM_PRIORITY_NORMAL,
                       msg->type, msg->len, (char *)msg->data, PR_TRUE);
      SSMControlConnection_RecycleItem((SECItem*)msg);
  }
  
  return;
}
  
  
char ** SSM_GetKeyChoiceList(char * type, char *pqgString, int *nchoices);
  
SSMStatus 
SSMControlConnection_ProcessGetKeyChoiceList(SSMControlConnection * ctrl,
					     SECItem * msg)
{
  char ** choices;
  PRInt32 i=0, nchoices = 0;
  GetKeyChoiceListRequest request;
  GetKeyChoiceListReply   reply;

  if (CMT_DecodeMessage(GetKeyChoiceListRequestTemplate, &request, 
                        (CMTItem*)msg) != CMTSuccess) {
      goto loser;
  }

  choices = SSM_GetKeyChoiceList(request.type, request.pqgString, &nchoices);
  if (!choices)
    goto loser;

  msg->type = (SECItemType)(SSM_REPLY_OK_MESSAGE | SSM_KEYGEN_TAG | SSM_GET_KEY_CHOICE);

  reply.nchoices = nchoices;
  reply.choices = choices;
  if (CMT_EncodeMessage(GetKeyChoiceListReplyTemplate, (CMTItem*)msg, &reply) != CMTSuccess) {
      goto loser;
  }

  /* free the result array */
  while (choices[i]) 
    PR_Free(choices[i++]);
  PR_Free(choices);
 
  return PR_SUCCESS;

loser:
  /* compose error reply */
  msg->type = (SECItemType) (SSM_REPLY_ERR_MESSAGE |  SSM_KEYGEN_TAG | SSM_GET_KEY_CHOICE);

  msg->data = NULL;
  msg->len  = 0;
  if (choices) {
    /* free the result array */
    while (choices[i])
      PR_Free(choices[i++]);
    PR_Free(choices);
  }
  return PR_FAILURE;
}

  
SSMStatus
SSMControlConnection_ProcessImportCertRequest(SSMControlConnection * ctrl,
                                              SECItem * msg)
{
  SSMResource *obj;
  SSMStatus rv;
  SingleItemMessage request;
  ImportCertReply reply;
  
  SSM_DEBUG("Got an ImportCert request.\n");
  /* Decode message */
  if (CMT_DecodeMessage(SingleItemMessageTemplate, &request, (CMTItem*)msg) != CMTSuccess) {
      goto loser;
  }
  msg->data = NULL;
  msg->len  = 0;

  /* Unpickle cert and create a resource */
  rv = SSM_UnpickleResource(&obj, SSM_RESTYPE_CERTIFICATE, ctrl, 
                            request.item.len, request.item.data);
  if (rv != PR_SUCCESS)
    goto loser;
  SSM_DEBUG("Imported cert rsrc ID %ld.\n", obj->m_id);
    /* getting this far means success, send the resource ID */
  msg->data = NULL;
  msg->len = 0;
  msg->type = (SECItemType) (SSM_CERT_ACTION | SSM_IMPORT_CERT | SSM_REPLY_OK_MESSAGE);
  reply.result = rv;
  reply.resID = obj->m_id;
  if (CMT_EncodeMessage(ImportCertReplyTemplate, (CMTItem*)msg, &reply) != CMTSuccess) {
      goto loser;
  }
  
  if (msg->data == NULL || msg->len == 0) 
	goto loser;
  PR_Free(request.item.data);
  return PR_SUCCESS;
  
  /* something went wrong, could not import cert */
loser:
  if (request.item.data) 
    PR_Free(request.item.data);
  return PR_FAILURE;

}

SSMStatus
SSMControlConnection_ProcessFindCertByNickname(SSMControlConnection *ctrl, SECItem *msg)
{
    SSMStatus rv;
    CERTCertificate *cert = NULL;
    SSMResourceID certID;
    SSMResourceCert * certRes = NULL;
    SingleStringMessage request;
    SingleNumMessage reply;

    SSM_DEBUG("Get a Find Cert By Nickname request\n");

    /* Decode the request */
    if (CMT_DecodeMessage(SingleStringMessageTemplate, &request, (CMTItem*)msg) != CMTSuccess) {
        goto loser;
    }

    /* Look for the cert in out db */
    cert = CERT_FindCertByNickname(ctrl->m_certdb, request.string); 

    /* Create a resource for this cert and get an id */
    if (cert) {
        rv = SSM_CreateResource(SSM_RESTYPE_CERTIFICATE,
                                cert,
                                ctrl,
                                &certID,
                                (SSMResource**)&certRes);
        if (rv != PR_SUCCESS) {
            goto loser;
        }
        rv = SSM_ClientGetResourceReference(&certRes->super, &certID);
        SSM_FreeResource(&certRes->super);
        if (rv != PR_SUCCESS) {
            goto loser;
        }
    } else {
        /* Not found. Return res id 0 */
        certID = 0;
    }

    /* Pack the reply */
    msg->data = NULL;
    msg->len = 0;
    msg->type = (SECItemType) (SSM_CERT_ACTION | SSM_FIND_BY_NICKNAME | SSM_REPLY_OK_MESSAGE);
    reply.value = certID;

    if (CMT_EncodeMessage(SingleNumMessageTemplate, (CMTItem*)msg, &reply) != CMTSuccess) {
        goto loser;
    }
    if (msg->data == NULL || msg->len == 0)  {
	    goto loser;
    }

    PR_Free(request.string);
    return PR_SUCCESS;
  
    /* something went wrong */
loser:
    if (request.string) {
        PR_Free(request.string);
    }
    return PR_FAILURE;
}

SSMStatus
SSMControlConnection_ProcessFindCertByKey(SSMControlConnection *ctrl, SECItem *msg)
{
    SSMStatus rv;
    CERTCertificate *cert = NULL;
    SSMResourceID certID;
    SSMResourceCert * certRes = NULL;
    SingleItemMessage request;
    SingleNumMessage reply;

    SSM_DEBUG("Get a Find Cert By Key request\n");

    /* Decode the request */
    if (CMT_DecodeMessage(SingleItemMessageTemplate, &request, 
                          (CMTItem*)msg) != CMTSuccess) {
        goto loser;
    }

    /* Look for the cert in out db */
    cert = CERT_FindCertByKey(ctrl->m_certdb, (SECItem*)&request.item); 

    /* Create a resource for this cert and get an id */