ctrlconn.c

安全开发库。含客户端建立ssl连接、签名、证书验证、证书发布和撤销等。编译用到nss

    if (rv != PR_SUCCESS)
        goto loser;
    
    PR_ASSERT(obj != NULL);
    rv = SSM_ClientGetResourceReference(obj, &objID);
    if (rv != PR_SUCCESS)
        goto loser;

    SSM_DEBUG("DuplicateResource: result %ld, new rsrc ID %ld.\n",
              (long) rv, (long)obj->m_id);
    goto done;
 loser:
    /* Got an error while getting the reference. This is recoverable, 
       because we just report the error back to the client. */
    if (rv == PR_SUCCESS) rv = PR_FAILURE;
 done:
    msg->data = NULL;
    msg->len = 0;

    /* compose reply message */
    SSM_DEBUG("Composing reply.\n");
    msg->type = (SECItemType) (SSM_RESOURCE_ACTION | SSM_DUPLICATE_RESOURCE
        | ((rv == SSM_SUCCESS) ? SSM_REPLY_OK_MESSAGE : SSM_REPLY_ERR_MESSAGE));
    reply.result = rv;
    reply.resID = (obj ? obj->m_id : 0);
    if (CMT_EncodeMessage(DupResourceReplyTemplate, (CMTItem*)msg, &reply) != CMTSuccess) {
        goto loser;
    }
    rv = PR_SUCCESS;
    if ((msg->data == NULL) || (msg->len == 0)) rv = PR_FAILURE;
    if (obj != NULL)
        SSM_FreeResource(obj);

    return rv;
}

SSMStatus
SSMControlConnection_ProcessDestroyRequest(SSMControlConnection * ctrl, 
                                          SECItem * msg)
{
    SSMStatus rv = PR_SUCCESS;
    DestroyResourceRequest request;
    SingleNumMessage reply;

    SSM_DEBUG("Got a Destroy Resource request.\n");
    /* parse message and get resource/field ID */
    if (CMT_DecodeMessage(DestroyResourceRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) {
        goto loser;
    }
    msg->data = NULL;
    
    SSM_DEBUG("RID %ld, expected type %ld.\n", request.resID, request.resType);
    
    rv = SSM_ClientDestroyResource(ctrl, request.resID, (SSMResourceType) request.resType);
    goto done;
 loser:
    /* Got an error while getting the reference. This is recoverable, 
       because we just report the error back to the client. */
    if (rv == PR_SUCCESS) rv = PR_FAILURE;
 done:
    msg->data = NULL;
    msg->len = 0;

    /* compose reply message */
    SSM_DEBUG("Composing reply.\n");
    msg->type = (SECItemType) (SSM_RESOURCE_ACTION
        | SSM_DESTROY_RESOURCE
        | ((rv == SSM_SUCCESS) ? SSM_REPLY_OK_MESSAGE : SSM_REPLY_ERR_MESSAGE));
    reply.value = rv;
    CMT_EncodeMessage(SingleNumMessageTemplate, (CMTItem*)msg, &reply);
    rv = PR_SUCCESS;
    if ((msg->data == NULL) || (msg->len == 0)) rv = PR_FAILURE;

    return rv;
}

static SSMStatus
ssmcontrolconnection_encodegetattr_reply(SECItem *msg, SSMStatus rv, 
                                         SSMAttributeValue *value, 
                                         SSMResourceAttrType attrType)
{
    GetAttribReply reply;

    msg->data = NULL;
    msg->len = 0;

    /* compose reply message */
    SSM_DEBUG("Composing reply.\n");
    msg->type = (SECItemType) (SSM_RESOURCE_ACTION
        | SSM_GET_ATTRIBUTE
        | SSM_REPLY_OK_MESSAGE 
        | attrType);

    reply.result = rv;
    reply.value = *value;
    CMT_EncodeMessage(GetAttribReplyTemplate, (CMTItem*)msg, &reply);
    SSM_DestroyAttrValue(value, PR_FALSE);
    rv = SSM_SUCCESS;
    if ((msg->data == NULL) || (msg->len == 0))
        rv = SSM_FAILURE;

    return rv;
}

SSMStatus
SSMControlConnection_ProcessGetAttrRequest(SSMControlConnection * ctrl, 
                                            SECItem * msg)
{
    SSMResource *obj = NULL;
    SSMResourceAttrType mAttrType;
    SSMStatus rv;
    SSMAttributeValue value = {SSM_NO_ATTRIBUTE};
    GetAttribRequest request;


    SSM_DEBUG("Got a Get Attribute request.\n");
    /* parse message and get resource/field ID */

    if (CMT_DecodeMessage(GetAttribRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) {
        goto loser;
    }

    msg->data = NULL;
 
    SSM_DEBUG("Rsrc ID %ld, attr ID %ld.\n", request.resID, request.fieldID);
    
    if (request.resID == SSM_SESSION_RESOURCE) {
        SSM_GetResourceReference(&ctrl->super.super);
        obj = (SSMResource *)ctrl;
    } else {
        rv = SSMControlConnection_GetResource(ctrl, request.resID, &obj);
        if (rv != PR_SUCCESS)
            goto loser;
    }
    
    PR_ASSERT(obj != NULL);
    mAttrType = (SSMResourceAttrType) (msg->type & SSM_SPECIFIC_MASK);
    rv = SSM_GetResAttribute(obj, (SSMAttributeID) request.fieldID, mAttrType,
                             &value);
    SSM_DEBUG("GetResAttribute: result %ld, type %lx.\n",
                          (long) rv, (long) value.type);
    if (rv == SSM_ERR_DEFER_RESPONSE)
        goto defer;
    if (rv != PR_SUCCESS)
        goto loser;
    
    /* Make sure the type returned matches what was asked. */
    if (mAttrType != value.type) {
        rv = SSM_ERR_ATTRIBUTE_TYPE_MISMATCH;
        /* pick default values for resource result that work
           for all three resource replies*/
        SSM_DestroyAttrValue(&value, PR_FALSE);
        value.type = SSM_NUMERIC_ATTRIBUTE;
        value.u.numeric = 0;
    }

    goto done;
 loser:
    /* Got an error while getting resource and/or attributes. This
       is recoverable, because we just report the error back to the
       client. */
    if (rv == PR_SUCCESS)
        rv = PR_FAILURE;
    /* Create a suitable zero value for any type requested */
    SSM_DestroyAttrValue(&value, PR_FALSE);
    value.type = SSM_NUMERIC_ATTRIBUTE;
    value.u.numeric = 0;
 done:
    rv = ssmcontrolconnection_encodegetattr_reply(msg, rv, &value, 
                                             (SSMResourceAttrType) (msg->type & SSM_SPECIFIC_MASK));
    if (obj != NULL)
        SSM_FreeResource(obj);
 defer:
    return rv;
}

SSMStatus
SSMControlConnection_ProcessSetAttrRequest(SSMControlConnection * ctrl, 
					   SECItem * msg)
{
    SSMStatus       rv;
    SSMResource       *obj;
    SetAttribRequest  request;

    SSM_DEBUG("Got a Set Attribute Request.\n");
    if (CMT_DecodeMessage(SetAttribRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) {
        goto loser;
    }

    PORT_Free(msg->data);
    msg->data = NULL;
    msg->len  = 0;

    SSM_DEBUG("Rsrc ID %ld, attr ID %ld.\n", request.resID, request.fieldID);

    rv = SSMControlConnection_GetResource(ctrl, request.resID, &obj);
    if (rv != PR_SUCCESS) {
        goto loser;
    }
    PR_ASSERT(obj != NULL);
    rv = SSM_SetResAttribute(obj, (SSMAttributeID)request.fieldID, &request.value);
    SSM_FreeResource(obj);
    SSM_DestroyAttrValue(&request.value, PR_FALSE);
    if (rv != PR_SUCCESS) {
        goto loser;
    }
    msg->type = (SECItemType) (SSM_RESOURCE_ACTION  | SSM_SET_ATTRIBUTE |
                SSM_REPLY_OK_MESSAGE | (msg->type & SSM_SPECIFIC_MASK));

    return PR_SUCCESS;
 loser:
    return PR_FAILURE;
}

SSMStatus
SSMControlConnection_ProcessCreateRequest(SSMControlConnection * ctrl, 
                                          SECItem * msg)
{
    SSMStatus  rv;
    SSMResourceID rid = 0;
    SSMResource *res = NULL;
    unsigned char *params = NULL;
    CreateResourceRequest request;
    CreateResourceReply reply;

    SSM_DEBUG("Got a Create Resource Request.\n");
    if (CMT_DecodeMessage(CreateResourceRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) {
        goto loser;
    }

    msg->data = NULL;
    msg->len  = 0;

    SSM_DEBUG("Type %ld, param len %ld.\n", request.type, request.params.len);

    /* Switch on the type.
       ### mwelch Must replace, since many of these resources can be
       generically created using control connection + single param */
    switch(request.type)
    {
    case SSM_RESTYPE_KEYGEN_CONTEXT:
        {
            SSMKeyGenContextCreateArg arg;

            arg.parent = ctrl;
            arg.type   = SSM_CRMF_KEYGEN;
            arg.param  = &request.params;
            SSM_DEBUG("Creating key gen context.\n");
            rv = SSM_CreateResource((SSMResourceType) request.type, &arg, 
                                    ctrl, &rid, &res);
        }
        break;
    case SSM_RESTYPE_SIGNTEXT:
        {
            rv = SSMSignTextResource_Create(request.params.data, ctrl, &res);
            if (rv == PR_SUCCESS) {
                PR_ASSERT(res != NULL);
                rid = res->m_id;
            }
        }
        break;
    default:
        rv = (SSMStatus) PR_INVALID_ARGUMENT_ERROR;
        break;
    }
    if (rv != PR_SUCCESS && rv != SSM_ERR_DEFER_RESPONSE)
        goto loser;
    PR_ASSERT(res != NULL);

    if (SSM_ClientGetResourceReference(res, &res->m_id) != PR_SUCCESS)
        goto loser;

    /* if deferred response don't create reply message */
    if (rv != PR_SUCCESS)
      goto done;

    msg->type = (SECItemType) (SSM_RESOURCE_ACTION  
        | SSM_CREATE_RESOURCE 
        | SSM_REPLY_OK_MESSAGE);

    goto done;
 loser:
    if (rv == PR_SUCCESS)
        rv = PR_FAILURE;
 done:
    if (params)
        PR_Free(params);
    /* Create a reply message here. */
    reply.result = rv;
    reply.resID = rid;
    CMT_EncodeMessage(CreateResourceReplyTemplate,(CMTItem*)msg, &reply);
    return rv;
}

SSMStatus
SSMControlConnection_ProcessResourceRequest(SSMControlConnection * ctrl, 
                                            SECItem * msg)
{
    SSMStatus rv = PR_SUCCESS;

    SSM_DEBUG("Got a resource-related request.\n");
    switch (msg->type & SSM_SUBTYPE_MASK) 
    { 
    case SSM_GET_ATTRIBUTE:
        rv = SSMControlConnection_ProcessGetAttrRequest(ctrl, msg);
        break;
    case SSM_CONSERVE_RESOURCE:
        rv = SSMControlConnection_ProcessConserveRequest(ctrl, msg);
        break;
    case SSM_DESTROY_RESOURCE:
        rv = SSMControlConnection_ProcessDestroyRequest(ctrl, msg);
        break;
    case SSM_DUPLICATE_RESOURCE:
        rv = SSMControlConnection_ProcessDupResourceRequest(ctrl, msg);
        break;
    case SSM_SET_ATTRIBUTE:
        rv = SSMControlConnection_ProcessSetAttrRequest(ctrl, msg);
	break;
    case SSM_CREATE_RESOURCE:
        rv = SSMControlConnection_ProcessCreateRequest(ctrl, msg);
        break;
    case SSM_TLS_STEPUP:
        rv = SSMControlConnection_ProcessTLSRequest(ctrl, msg);
        break;
    default:
        SSM_DEBUG("Unknown resource request (%lx).\n", 
                  (msg->type & SSM_SUBTYPE_MASK));
        goto loser;
    }
    goto done;
 loser:
    SSM_DEBUG("ProcessResourceRequest: loser hit, rv = %ld.\n", rv);
    if (msg->data) 
    {
        PR_Free(msg->data);
        msg->data = NULL;
        msg->len = 0;
    }
    if (rv == PR_SUCCESS) rv = PR_FAILURE;
 done:
    return rv;
}

SSMStatus
SSMControlConnection_ProcessSigningRequest(SSMControlConnection *ctrl, 
										   SECItem *msg)
{
    SSMStatus rv = PR_FAILURE;
	SSMP7ContentInfo *ci;
	SSMResourceID ciRID;
    SEC_PKCS7ContentInfo *cinfo;
    SSMResourceCert *scert, *ecert, *rcert;
    CERTCertificate **rcerts;
    PRInt32 i;
	
	/* Handle a Verify Detached Signature message */
	switch(msg->type & SSM_SUBTYPE_MASK)
	{
	case SSM_VERIFY_DETACHED_SIG:
        {
        VerifyDetachedSigRequest request;
        SingleNumMessage reply;

        SSM_DEBUG("Processing Verify Detached Signature request.\n");
        if (CMT_DecodeMessage(VerifyDetachedSigRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) {
            rv = PR_FAILURE;
        } else {
            rv = PR_SUCCESS;
        }
		msg->data = NULL;

		if (rv == PR_SUCCESS)
		{
			/* Get the content info resource, if it exists. */
			rv = SSMControlConnection_GetResource(ctrl, request.pkcs7ContentID,
                                                  (SSMResource **) &ci);
		}

		if (rv == PR_SUCCESS)
		{
			PR_ASSERT(SSM_IsAKindOf(&ci->super, SSM_RESTYPE_PKCS7_CONTENT_INFO));
            SSM_DEBUG("Found content info (%s at %ld).\n",
                      SSM_ResourceClassName(&ci->super),
                      ci->super.m_id);
			rv = SSMP7ContentInfo_VerifyDetachedSignature(ci,
														  (SECCertUsage) request.certUsage,
														  (HASH_HashType) request.hashAlgID,
														  (PRBool) request.keepCert, 
														  (PRIntn) request.hash.len,
														  (char *)request.hash.data);
            SSM_DEBUG("VerifyDetachedSig rv = %d.\n", rv);
		}
        msg->type = (SECItemType) (SSM_OBJECT_SIGNING | SSM_VERIFY_DETACHED_SIG
               | SSM_REPLY_OK_MESSAGE);
		if (rv != SSM_SUCCESS) {
			reply.value = PR_GetError();
		} else {
			reply.value = 0;
		}
        CMT_EncodeMessage(SingleNumMessageTemplate, (CMTItem*)msg, &reply);

		return SSM_SUCCESS;
        }
		break;
    case SSM_CREATE_SIGNED:
        {
        CreateSignedRequest request;
        CreateContentInfoReply reply;

        SSM_DEBUG("Processing Create Signed request.\n");
        if (CMT_DecodeMessage(CreateSignedRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) {
            goto create_signed_loser;
        }
        msg->data = NULL;
        rv = SSMControlConnection_GetResource(ctrl, request.scertRID,
                                              (SSMResource **)&scert);
        if (rv != PR_SUCCESS)
            goto create_signed_loser;
        if (!SSM_IsAKindOf(&scert->super, SSM_RESTYPE_CERTIFICATE))
            goto create_signed_loser;
        rv = SSMControlConnection_GetResource(ctrl, request.ecertRID,
                                              (SSMResource **)&ecert);
        if (rv != PR_SUCCESS)
            goto create_signed_loser;
        if (!SSM_IsAKindOf(&ecert->super, SSM_RESTYPE_CERTIFICATE))
            goto create_signed_loser;
        cinfo = SECMIME_CreateSigned(scert->cert, ecert->cert, ctrl->m_certdb,
                                     (SECOidTag) request.dig_alg, 
                                     (SECItem*)&request.digest, 
                                     (SECKEYGetPasswordKey) NULL, NULL);
        if (cinfo == NULL)
            goto create_signed_loser;
        rv = SSM_CreateResource(SSM_RESTYPE_PKCS7_CONTENT_INFO, cinfo,
                                ctrl, &ciRID, (SSMResource **)&ci);
        if (rv != PR_SUCCESS)
            goto create_signed_loser;

		/* Get a