cmtcert.c

安全开发库。含客户端建立ssl连接、签名、证书验证、证书发布和撤销等。编译用到nss

    if (CMT_SendMessage(control, &message) == CMTFailure) {
        goto loser;
    }

    /* Validate the message reply type */
    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CERT_ACTION | SSM_FIND_BY_NICKNAME)) {
        goto loser;
    }

    /* Decode the reply */
    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
        goto loser;
    }

    *resID = reply.value;
    return CMTSuccess;
loser:
    *resID = 0;
    return CMTFailure;
}

CMTStatus CMT_FindCertificateByKey(PCMT_CONTROL control, CMTItem *key, CMUint32 *resID)
{
    CMTItem message;
    SingleItemMessage request;
    SingleNumMessage reply;

    /* Do some basic parameter checking */
    if (!control || !key || !resID) {
        goto loser;
    }

    /* Set up the request */
    request.item = *key;

    /* Encode the request */
    if (CMT_EncodeMessage(SingleItemMessageTemplate, &message, &request) != CMTSuccess) {
        goto loser;
    }

    /* Set the message request type */
    message.type = SSM_REQUEST_MESSAGE | SSM_CERT_ACTION | SSM_FIND_BY_KEY;

    /* Send the message and get the response */
    if (CMT_SendMessage(control, &message) == CMTFailure) {
        goto loser;
    }

    /* Validate the message reply type */
    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CERT_ACTION | SSM_FIND_BY_KEY)) {
        goto loser;
    }

    /* Decode the reply */
    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
        goto loser;
    }
    *resID = reply.value;
    return CMTSuccess;
loser:
    *resID = 0;
    return CMTFailure;
}

CMTStatus CMT_FindCertificateByEmailAddr(PCMT_CONTROL control, char * emailAddr, CMUint32 *resID)
{
    CMTItem message;
    SingleStringMessage request;
    SingleNumMessage reply;

    /* Do some basic parameter checking */
    if (!control || !emailAddr) {
        goto loser;
    }

    /* Set up the request */
    request.string = emailAddr;

    /* Encode the message */
    if (CMT_EncodeMessage(SingleStringMessageTemplate, &message, &request) != CMTSuccess) {
        goto loser;
    }

    /* Set the message request type */
    message.type = SSM_REQUEST_MESSAGE | SSM_CERT_ACTION | SSM_FIND_BY_EMAILADDR;

    /* Send the message and get the response */
    if (CMT_SendMessage(control, &message) == CMTFailure) {
        goto loser;
    }

    /* Validate the message reply type */
    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CERT_ACTION | SSM_FIND_BY_EMAILADDR)) {
        goto loser;
    }

    /* Decode the reply */
    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
        goto loser;
    }

    *resID = reply.value;
    return CMTSuccess;

loser:
    *resID = 0;
    return CMTFailure;
}

CMTStatus CMT_AddCertificateToDB(PCMT_CONTROL control, CMUint32 resID, char *nickname, CMInt32 ssl, CMInt32 email, CMInt32 objectSigning)
{
    CMTItem message;
    AddTempCertToDBRequest request;

    /* Do some basic parameter checking */
    if (!control || !nickname) {
        goto loser;
    }

    /* Set up the request */
    request.resID = resID;
    request.nickname = nickname;
    request.sslFlags = ssl;
    request.emailFlags = email;
    request.objSignFlags = objectSigning;

    /* Encode the request */
    if (CMT_EncodeMessage(AddTempCertToDBRequestTemplate, &message, &request) != CMTSuccess) {
        goto loser;
    }

    /* Set the message request type */
    message.type = SSM_REQUEST_MESSAGE | SSM_CERT_ACTION | SSM_ADD_TO_DB;

    /* Send the message and get the response */
    if (CMT_SendMessage(control, &message) == CMTFailure) {
        goto loser;
    }

    /* Validate the message reply type */
    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CERT_ACTION | SSM_ADD_TO_DB)) {
        goto loser;
    }
    return CMTSuccess;
loser:
    return CMTFailure;
}

CMT_CERT_LIST *CMT_MatchUserCert(PCMT_CONTROL control, CMInt32 certUsage, CMInt32 numCANames, char **caNames)
{
    CMTItem message;
    CMT_CERT_LIST *certList;
    int i;
    MatchUserCertRequest request;
    MatchUserCertReply reply;

    /* Set up the request */
    request.certType = certUsage;
    request.numCANames = numCANames;
    request.caNames = caNames;

    /* Encode the request */
    if (CMT_EncodeMessage(MatchUserCertRequestTemplate, &message, &request) != CMTSuccess) {
        goto loser;
    }

    /* Set the message request type */
    message.type = SSM_REQUEST_MESSAGE | SSM_CERT_ACTION | SSM_MATCH_USER_CERT;

    /* Send the message and get the response */
    if (CMT_SendMessage(control, &message) == CMTFailure) {
        goto loser;
    }

    /* Validate the message reply type */
    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CERT_ACTION | SSM_MATCH_USER_CERT)) {
        goto loser;
    }

    /* Decode the reply */
    if (CMT_DecodeMessage(MatchUserCertReplyTemplate, &reply, &message) != CMTSuccess) {
        goto loser;
    }

    /* Return a list of cert ids to the client */
    certList = (CMT_CERT_LIST*)malloc(sizeof(CMT_CERT_LIST));
    if (!certList) {
        goto loser;
    }

    CMT_INIT_CLIST(&certList->certs);
    certList->count = reply.numCerts;
    for (i=0; i<reply.numCerts; i++) {
        CMT_CERT_LIST_ELEMENT *cert;
        cert = (CMT_CERT_LIST_ELEMENT*)malloc(sizeof(CMT_CERT_LIST_ELEMENT));
        if (!cert) {
            goto loser;
        }
        CMT_INIT_CLIST(&cert->links);
        cert->certResID = reply.certs[i];
        CMT_APPEND_LINK(&cert->links, &certList->certs);
    }

    /* Clean up */
    return certList;
loser:
    CMT_DestroyCertList(certList);
    return NULL;
}

void CMT_DestroyCertList(CMT_CERT_LIST *certList)
{
    /* XXX */
    return;
}


CMTStatus CMT_CompareForRedirect(PCMT_CONTROL control, CMTItem *status1, 
                                 CMTItem *status2, CMUint32 *res)
{
    RedirectCompareRequest request;
    CMTItem message = { 0 };
    SingleNumMessage reply;

    if (status1 == NULL || status2 == NULL || res == NULL) {
        return CMTFailure;
    }

    request.socketStatus1Data.len  = status1->len;
    request.socketStatus1Data.data = status1->data;
    request.socketStatus2Data.len  = status2->len;
    request.socketStatus2Data.data = status2->data;
    
    if (CMT_EncodeMessage(RedirectCompareRequestTemplate, &message, &request)
        != CMTSuccess) {
        goto loser;
    }
    message.type = SSM_REQUEST_MESSAGE | SSM_CERT_ACTION | 
                   SSM_REDIRECT_COMPARE;
    if (CMT_SendMessage(control, &message) != CMTSuccess) {
        goto loser;
    }
    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message)
        != CMTSuccess) {
        goto loser;
    }
    *res = reply.value;
    free (message.data);
    return CMTSuccess;
 loser:
    *res = 0;
    if (message.data != NULL) {
        free (message.data);
    }
    return CMTFailure;
}

CMTStatus
CMT_DecodeAndAddCRL(PCMT_CONTROL control, unsigned char *derCrl,
		    CMUint32 len, char *url, int type, 
                    char **errMess)
{
    DecodeAndAddCRLRequest request;
    SingleNumMessage reply;
    CMTItem message = { 0 };

    if (*errMess) *errMess = NULL;
    request.derCrl.data = derCrl;
    request.derCrl.len  = len;
    request.type        = type;
    request.url         = url;
    if (CMT_EncodeMessage(DecodeAndAddCRLRequestTemplate, &message, &request)
	!= CMTSuccess) {
        goto loser;
    }
    message.type = SSM_REQUEST_MESSAGE | SSM_CERT_ACTION |
                   SSM_DECODE_CRL;

    if (CMT_SendMessage(control, &message) != CMTSuccess) {
        goto loser;
    }
    
    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) 
	!= CMTSuccess) {
        goto loser;
    }
    if (reply.value == 0) {
        return CMTSuccess;
    }
    if (*errMess) {
        if (CMT_GetLocalizedString(control, (SSMLocalizedString) reply.value, errMess) 
	    != CMTSuccess) {
	    *errMess = NULL;
	} 
    }
 loser:
    return CMTFailure;
}


/* These functions are used by requests related with javascript
 * "SecurityConfig".
 */
/* adds base64 encoded cert to the temp db and gets a lookup key */
CMTItem* CMT_SCAddCertToTempDB(PCMT_CONTROL control, char* certStr,
                               CMUint32 certLen)
{
    SingleItemMessage request;
    SingleItemMessage reply;
    CMTItem message;
    CMTItem* certKey = NULL;

    if ((certStr == NULL) || (certLen == 0)) {
        goto loser;
    }

    /* pack the request */
    request.item.len = certLen;
    request.item.data = (unsigned char *) certStr;

    /* encode the request */
    if (CMT_EncodeMessage(SingleItemMessageTemplate, &message, &request) !=
        CMTSuccess) {
        goto loser;
    }

    /* set the message type */
    message.type = SSM_REQUEST_MESSAGE | SSM_SEC_CFG_ACTION |
        SSM_ADD_CERT_TO_TEMP_DB;

    /* send the message and get the response */
    if (CMT_SendMessage(control, &message) == CMTFailure) {
        goto loser;
    }

    /* decode the reply */
    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_SEC_CFG_ACTION |
        SSM_ADD_CERT_TO_TEMP_DB)) {
        goto loser;
    }

    if (CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message) !=
        CMTSuccess) {
        goto loser;
    }

    certKey = (CMTItem*)malloc(sizeof(CMTItem));
    if (certKey == NULL) {
        goto loser;
    }
    certKey->len = reply.item.len;
    certKey->data = reply.item.data;

 loser:
    return certKey;
}

/* adds a cert keyed by certKey to the perm DB w/ trustStr info */
CMTStatus CMT_SCAddTempCertToPermDB(PCMT_CONTROL control, CMTItem* certKey,
                                    char* trustStr, char* nickname)
{
    SCAddTempCertToPermDBRequest request;
    CMTItem message = {0};
    SingleNumMessage reply;

    if ((certKey == NULL) || (trustStr == NULL)) {
        return CMTFailure;
    }

    request.certKey.len = certKey->len;
    request.certKey.data = certKey->data;
    request.trustStr = trustStr;
    request.nickname = nickname;

    if (CMT_EncodeMessage(SCAddTempCertToPermDBRequestTemplate, &message,
                          &request) != CMTSuccess) {
        goto loser;
    }
    message.type = SSM_REQUEST_MESSAGE | SSM_SEC_CFG_ACTION |
        SSM_ADD_TEMP_CERT_TO_DB;
    if (CMT_SendMessage(control, &message) != CMTSuccess) {
        goto loser;
    }

    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
        CMTSuccess) {
        goto loser;
    }

    if (reply.value == 0) {
        return CMTSuccess;
    }
loser:
    return CMTFailure;
}

/* deletes a cert (or certs) keyed by certKey from the database */
CMTStatus CMT_SCDeletePermCerts(PCMT_CONTROL control, CMTItem* certKey,
                                CMBool deleteAll)
{
    SCDeletePermCertsRequest request;
    CMTItem message = {0};
    SingleNumMessage reply;

    if (certKey == NULL) {
        return CMTFailure;
    }

    request.certKey.len = certKey->len;
    request.certKey.data = certKey->data;
    request.deleteAll = deleteAll;

    if (CMT_EncodeMessage(SCDeletePermCertsRequestTemplate, &message,
                          &request) != CMTSuccess) {
        goto loser;
    }
    message.type = SSM_REQUEST_MESSAGE | SSM_SEC_CFG_ACTION |
        SSM_DELETE_PERM_CERTS;
    if (CMT_SendMessage(control, &message) != CMTSuccess) {
        goto loser;
    }

    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
        CMTSuccess) {
        goto loser;
    }

    if (reply.value == 0) {
        return CMTSuccess;
    }
loser:
    return CMTFailure;
}

static CMTItem* CMT_SCFindCertKey(PCMT_CONTROL control, 
                                  SSMSecCfgFindByType subtype, char* name)
{
    CMTItem* certKey = NULL;
    SingleStringMessage request;
    CMTItem message;
    SingleItemMessage reply;

    /* pack the request */
    request.string = name;

    /* encode the request */
    if (CMT_EncodeMessage(SingleStringMessageTemplate, &message, &request) !=
        CMTSuccess) {
        goto loser;
    }

    /* set the message request type */
    message.type = SSM_REQUEST_MESSAGE | SSM_SEC_CFG_ACTION | 
        SSM_FIND_CERT_KEY | subtype;