ssldlgs.c

安全开发库。含客户端建立ssl连接、签名、证书验证、证书发布和撤销等。编译用到nss

    SSM_LockResource(req->target);

    /* close the window */
    rv = SSM_HTTPCloseAndSleep(req);

    /* leave the cert untrusted */
    conn->m_UIInfo.trustBadServerCert = BSCA_NO;
    conn->m_UIInfo.UICompleted = PR_TRUE;
    SSM_NotifyResource(req->target);
    SSM_UnlockResource(req->target);

    return rv;
}


SSMStatus SSM_ServerAuthDomainNameKeywordHandler(SSMTextGenContext* cx)
{
    SSMResource* target = NULL;
    SSMSSLDataConnection* sslconn = NULL;
    SSMStatus rv;
    char* pattern = NULL;
    char* key = NULL;
    CERTCertificate* serverCert = NULL;
    char* hostname = NULL;
    char* URLHostname = NULL;
    const PRIntn DOMAIN_NAME_FORMAT = (PRIntn)0;
    /* we have one keyword */
	
    /* check arguments */
    /* ### sjlee: might as well make this a helper function because most
     *		  keyword handlers will use this checking
     */
    PR_ASSERT(cx != NULL);
    PR_ASSERT(cx->m_request != NULL);
    PR_ASSERT(cx->m_params != NULL);
    PR_ASSERT(cx->m_result != NULL);
    if (cx == NULL || cx->m_request == NULL || cx->m_params == NULL ||
	cx->m_result == NULL) {
	PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
	goto loser;
    }
	
    /* retrieve the server cert */
    target = SSMTextGen_GetTargetObject(cx);
    PR_ASSERT(SSM_IsA(target, SSM_RESTYPE_SSL_DATA_CONNECTION) == PR_TRUE);
    sslconn = (SSMSSLDataConnection*)target;

    serverCert = SSL_PeerCertificate(sslconn->socketSSL);
    if (serverCert == NULL) {
	/* couldn't get the server cert: what do I do? */
	goto loser;
    }

    /* get the hostname from the cert */
    hostname = CERT_GetCommonName(&serverCert->subject);
    if (hostname == NULL) {
	goto loser;
    }

    /* get the URL hostname from the socket */
    URLHostname = SSL_RevealURL(sslconn->socketSSL);
    if (URLHostname == NULL) {
	goto loser;
    }

    /* first, find the key (format argument) */
    key = (char *) SSM_At(cx->m_params, DOMAIN_NAME_FORMAT);

    /* second, grab and expand the key word object */
    rv = SSM_GetAndExpandTextKeyedByString(cx, key, &pattern);
    if (rv != SSM_SUCCESS) {
	goto loser;
    }
    SSM_DebugUTF8String("domain name string pattern", pattern);

    SSMTextGen_UTF8StringClear(&cx->m_result);
    
    PR_FREEIF(cx->m_result);
    cx->m_result = PR_smprintf(pattern, URLHostname, hostname);
    if (cx->m_result == NULL) {
        goto loser;
    }
    SSM_DebugUTF8String("wrapped domain name string", cx->m_result);

    goto done;
loser:
    if (rv == SSM_SUCCESS) {
	rv = SSM_FAILURE;
    }
done:
    if (serverCert != NULL) {
	CERT_DestroyCertificate(serverCert);
    }
    if (hostname != NULL) {
	PR_Free(hostname);
    }
    if (URLHostname != NULL) {
	PR_Free(URLHostname);
    }
    PR_FREEIF(pattern);
    return rv;
}


/*
 * Function: SECStatus SSM_SSLMakeCertBadDomainDialog()
 * Purpose: dispatch the UI event to create the server cert domain name
 *          mismatch dialog
 * Arguments and return values
 * - cert: server cert we are dealing with
 * - conn: SSL connection object
 * - returns: SECSuccess if successful *and* the user decides to trust
 *            the cert; appropriate error code otherwise
 */
SECStatus SSM_SSLMakeCertBadDomainDialog(CERTCertificate* cert,
                                         SSMSSLDataConnection* conn)
{
	char *           sslHostname = NULL;
    SECStatus        rv          = SECSuccess;

    SSM_LockResource(SSMRESOURCE(conn));
    conn->m_UIInfo.UICompleted = PR_FALSE;
    conn->m_UIInfo.trustBadServerCert = BSCA_NO;

    /* fire up the UI */
    if (SSMControlConnection_SendUIEvent(SSMCONTROLCONNECTION(conn), "get", 
					 "bad_server_cert_domain", 
					 SSMRESOURCE(conn), NULL, &SSMRESOURCE(conn)->m_clientContext) != SSM_SUCCESS) {
        rv = SECFailure;
        goto loser;
    }

    /* wait until the UI event is complete */
    while (conn->m_UIInfo.UICompleted == PR_FALSE) {
	SSM_WaitResource(SSMRESOURCE(conn), PR_INTERVAL_NO_TIMEOUT);
    }

    if (conn->m_UIInfo.trustBadServerCert == BSCA_NO) {
	/* user did not want to continue.  Cancel here. */
	if (rv == SECSuccess) {
	    rv = SECFailure;
	}
	goto loser;
    }

	sslHostname = SSL_RevealURL(conn->socketSSL);
	if (!sslHostname)
		goto loser;
	rv = CERT_AddOKDomainName(cert, sslHostname);
	PORT_Free(sslHostname);

#if 0	/* this is not neccessary, and is wrong (in this case) */
    rv = SSM_SSLServerCertResetTrust(cert, conn->m_UIInfo.trustBadServerCert);
#endif
    if (rv != SECSuccess) {
	goto loser;
    }

loser:
    conn->m_UIInfo.trustBadServerCert = BSCA_NO;
    conn->m_UIInfo.UICompleted = PR_FALSE;
    SSM_UnlockResource(SSMRESOURCE(conn));

    return rv;
}

SSMStatus SSM_PrettyFormatCert(CERTCertificate* cert, char* fmt, 
                               char** result)
{
    SSMStatus rv = SSM_SUCCESS;
    char * displayName = NULL, *location=NULL, *state = NULL, *country = NULL;
    char * emailaddr = NULL, * orgName = NULL, *unitName = NULL;
    char* issuer = NULL;
    char* serialNumber = NULL;
    char * notBefore = NULL;
    char * notAfter = NULL;
    unsigned char fingerprint[16];
    SECItem fpItem;
    char* fpStr = NULL;
    char* commentString = NULL;

    /* check arguments */
    if (cert == NULL || fmt == NULL || result == NULL) {
	PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
	goto loser;
    }
    
    /* retrieve cert information */
    
    displayName = CERT_GetCommonName(&cert->subject);
    emailaddr = CERT_GetCertEmailAddress(&cert->subject);
    orgName = CERT_GetOrgName(&cert->subject);
    unitName = CERT_GetOrgUnitName(&cert->subject);
    if (!displayName) 
        displayName = PL_strdup("");
    if (!emailaddr)
        emailaddr = PL_strdup("");
    if (!orgName) 
        orgName = PL_strdup("");
    if (!unitName)
        unitName = PL_strdup("");
    
    location = CERT_GetLocalityName(&cert->subject);
    if (!location) 
      location = PL_strdup("");
    state = CERT_GetStateName(&cert->subject);
    if (!state)
        state = PL_strdup("");
    country = CERT_GetCountryName(&cert->subject);
    if (!country)
        country = PL_strdup("");

    issuer = CERT_GetOrgName(&cert->issuer);
    if (issuer == NULL) 
        issuer = PL_strdup("");

    serialNumber = CERT_Hexify(&cert->serialNumber, 1);
    if (serialNumber == NULL) {
	serialNumber = PL_strdup("");
    }

    notBefore = DER_UTCDayToAscii(&cert->validity.notBefore);
    if (!notBefore) 
        notBefore = PL_strdup("");
    notAfter = DER_UTCDayToAscii(&cert->validity.notAfter);
    if (!notAfter) 
        notAfter = PL_strdup("");

    MD5_HashBuf(fingerprint, cert->derCert.data, cert->derCert.len);

    fpItem.data = fingerprint;
    fpItem.len = sizeof(fingerprint);

    fpStr = CERT_Hexify(&fpItem, 1);
    if (fpStr == NULL) {
	fpStr = PL_strdup("");
    }

    commentString = CERT_GetCertCommentString(cert);
    if (commentString == NULL) {
	commentString = PL_strdup(" ");
    }
    /* comments can be NULL */

    *result = PR_smprintf(fmt, displayName, emailaddr, unitName, orgName, 
                          location, state, country, issuer, serialNumber, 
                          notBefore, notAfter, fpStr, commentString);

    if (*result == NULL) {
        goto loser;
    }
    SSM_DebugUTF8String("wrapped view cert string", *result);
    goto done;
loser:
    SSM_DEBUG("Pretty formatting cert failed.\n");
    if (rv == SSM_SUCCESS) {
	rv = SSM_FAILURE;
    }
done:
    if (issuer != NULL) {
	PR_Free(issuer);
    }
    if (serialNumber != NULL) {
	PR_Free(serialNumber);
    }
    if (fpStr != NULL) {
	PR_Free(fpStr);
    }
    if (commentString != NULL) {
	PR_Free(commentString);
    }
    PR_FREEIF(notBefore);
    PR_FREEIF(notAfter);
    PR_FREEIF(displayName);
    PR_FREEIF(emailaddr);
    PR_FREEIF(orgName);
    PR_FREEIF(unitName);
    return rv;
}


SSMStatus SSM_VerifyServerCertKeywordHandler(SSMTextGenContext* cx)
{
    SSMStatus rv;
    SSMResource* target = NULL;
    SSMSSLDataConnection* sslconn = NULL;
    CERTCertDBHandle* handle = NULL;
    CERTCertificate* serverCert = NULL;
    char* nickname = NULL;
    char* key = NULL;
    char* pattern = NULL;
    const PRIntn BAD_CERT_WRAPPER = (PRIntn)0;

    PR_ASSERT(cx != NULL);
    PR_ASSERT(cx->m_request != NULL);
    PR_ASSERT(cx->m_params != NULL);
    PR_ASSERT(cx->m_result != NULL);

    /* retrieve the server cert */
    target = SSMTextGen_GetTargetObject(cx);
    PR_ASSERT(SSM_IsA(target, SSM_RESTYPE_SSL_DATA_CONNECTION) == PR_TRUE);
    sslconn = (SSMSSLDataConnection*)target;
    handle = SSMCONTROLCONNECTION(sslconn)->m_certdb;
    
    serverCert = SSL_PeerCertificate(sslconn->socketSSL);
    if (serverCert == NULL) {
	goto loser;
    }

    nickname = CERT_GetNickName(serverCert, handle, serverCert->arena);
    if (nickname == NULL) {
        /* nickname was not found: that's still OK, let's do this */
        nickname = PL_strdup("Unknown");
	if (nickname == NULL) {
	    goto loser;
	}
    }
    /* don't free it! */
    /* if we want to verify the cert, we would do something like this...
    srv = CERT_VerifyCertNow(ctrlconn->m_certdb, cert, PR_TRUE, certSSLServer,
			     conn);
    */
    SSMTextGen_UTF8StringClear(&cx->m_result);
    rv = SSM_GetAndExpandTextKeyedByString(cx, "not_verified_text", 
                                           &cx->m_result);
    if (rv != SSM_SUCCESS) {
	goto loser;
    }
    SSM_DebugUTF8String("wrapped verification string %s", cx->m_result);
    goto done;
loser:
    if (rv == SSM_SUCCESS) {
	rv = SSM_FAILURE;
    }
done:
    if (serverCert != NULL) {
	CERT_DestroyCertificate(serverCert);
    }
    if (nickname != NULL) {
	PR_Free(nickname);
    }
    PR_FREEIF(pattern);
    return rv;
}


/*
 * Function: SECStatus SSM_SSLMakeUnknownIssuerDialog()
 * Purpose: dispatch the UI event to create the unknown issuer dialog
 * Arguments and return values
 * - cert: server cert we are dealing with
 * - conn: SSL connection object
 * - returns: SECSuccess if successful *and* the user decides to trust
 *            the cert; appropriate error code otherwise
 */
SECStatus SSM_SSLMakeUnknownIssuerDialog(CERTCertificate* cert,
                                         SSMSSLDataConnection* conn)
{
    SECStatus rv = SECSuccess;

    SSM_LockResource(SSMRESOURCE(conn));
    conn->m_UIInfo.UICompleted = PR_FALSE;
    conn->m_UIInfo.trustBadServerCert = BSCA_NO;

    /* fire up the UI */
    if (SSMControlConnection_SendUIEvent(SSMCONTROLCONNECTION(conn), "get", 
					 "bad_server_cert_unknown_issuer1", 
					 SSMRESOURCE(conn), NULL, &SSMRESOURCE(conn)->m_clientContext) != 
	SSM_SUCCESS) {
	rv = SECFailure;
	goto loser;
    }

    /* wait until the UI event is complete */
    while (conn->m_UIInfo.UICompleted == PR_FALSE) {
	SSM_WaitResource(SSMRESOURCE(conn), PR_INTERVAL_NO_TIMEOUT);
    }

    if (conn->m_UIInfo.trustBadServerCert == BSCA_NO) {
	/* user did not want to continue.  Cancel here. */
	if (rv == SECSuccess) {
	    rv = SECFailure;
	}
	goto loser;
    }

    /* reset the trust bit for the session and continue */
    rv = SSM_SSLServerCertResetTrust(cert, conn->m_UIInfo.trustBadServerCert);
    if (rv != SECSuccess) {
	goto loser;
    }

loser:
    conn->m_UIInfo.trustBadServerCert = BSCA_NO;
    conn->m_UIInfo.UICompleted = PR_FALSE;
    SSM_UnlockResource(SSMRESOURCE(conn));

    return rv;
}


SSMStatus SSM_HTTPUnknownIssuerStep1ButtonHandler(HTTPRequest* req)
{
    SSMStatus rv;
    SSMSSLDataConnection* conn;
    char* tmpStr = NULL;

    PR_ASSERT(req->target != NULL);
    conn = (SSMSSLDataConnection*)(req->target);

    /* make sure you got the right baseRef */
    rv = SSM_HTTPParamValue(req, "baseRef", &tmpStr);
    if (rv != SSM_SUCCESS || 
	PL_strcmp(tmpStr, "windowclose_doclose_js") != 0) {
	goto loser;
    }

    rv = SSM_HTTPParamValue(req, "do_cancel", &tmpStr);
    if (rv == SSM_SUCCESS) {
	/* cancel button was clicked */
	req->target->m_buttonType = SSM_BUTTON_CANCEL;
    }
    else {
	rv = SSM_HTTPParamValue(req, "do_next", &tmpStr);
	if (rv == SSM_SUCCESS) {
	    /* next button was clicked */
	    req->target->m_buttonType = SSM_BUTTON_OK;    /* close enough */
	}
    }
    if (rv != SSM_SUCCESS) {
	rv = SSM_ERR_NO_BUTTON;
	goto loser;
    }

    switch (req->target->m_buttonType)
    {
    case SSM_BUTTON_CANCEL:
        rv = ssm_http_server_auth_handle_cancel_button(req);
	break;
    case SSM_BUTTON_OK:
        rv = ssm_http_unknown_issuer_step1_handle_next_button(req);
	break;
    default:
        break;
    }

    return rv;    /* error code will be properly set */
loser:
    /* set the predicate to true and unblock the SSL thread */
    SSM_LockResource(req->target);
    conn->m_UIInfo.UICompleted = PR_TRUE;
    conn->m_UIInfo.trustBadServerCert = BSCA_NO;
    SSM_NotifyResource(req->target);
    SSM_UnlockResource(req->target);

    if (rv == SSM_SUCCESS) {
	rv = SSM_FAILURE;
    }
    return rv;
}


SSMStatus ssm_http_unknown_issuer_step1_handle_next_button(HTTPRequest* req)
{
    SSMStatus rv;
    SSMSSLDataConnection* conn;

    conn = (SSMSSLDataConnection*)(req->target);

    SSM_LockResource(req->target);

    /* do away with the first dialog */
    rv = SSM_HTTPCloseAndSleep(req);
    if (rv != SSM_SUCCESS) {
	goto loser;
    }

    /* fire up the next dialog */
    rv = SSMControlConnection_SendUIEvent(SSMCONTROLCONNECTION(conn), "get", 
					  "bad_server_cert_unknown_issuer2", 
					  SSMRESOURCE(conn), NULL, &SSMRESOURCE(conn)->m_clientContext);
    if (rv != SSM_SUCCESS) {
	goto loser;
    }

    conn->m_UIInfo.UICompleted = PR_FALSE;
    /* the above is redundant but for peace of mind */
    SSM_UnlockResource(req->target);
    return rv;    /* SSM_SUCCESS */
loser:
    /* still we want to unblock the SSL thread: the connection will fail */
    conn->m_UIInfo.trustBadServerCert = BSCA_NO;
    conn->m_UIInfo.UICompleted = PR_TRUE;
    SSM_NotifyResource(req->target);
    SSM_UnlockResource(req->target);

    return rv;
}