certres.c

安全开发库。含客户端建立ssl连接、签名、证书验证、证书发布和撤销等。编译用到nss

  return rv;
}



SSMStatus SSMResourceCert_Destroy(SSMResource * resource, PRBool doFree)
{
  SSMResourceCert * res = (SSMResourceCert *)resource;
  SSMResource *tmpRes;

  if (!res) goto loser;
  SSM_DEBUG("Trying to remove cert with id: %d\n", resource->m_id);
  /* remove cert from the cert resource db */
  SSM_HashRemove(resource->m_connection->m_certIdDB, (SSMHashKey) res->cert, 
  	(void**)&tmpRes);
  PR_ASSERT(tmpRes == resource); 

  if (res->cert != NULL) {
      if (res->m_markedForDeletion) {
	  SSM_DEBUG("Cert id %d is being deleted.\n", resource->m_id);
	  if (SSMUI_CertBelongs(res->cert) == myCert) {
	      PK11_DeleteTokenCertAndKey(res->cert, res->super.m_connection);
	  }
	  else {
	      SEC_DeletePermCertificate(res->cert);
	  }
      }
      else {
	  CERT_DestroyCertificate(res->cert);
      }
      res->cert = NULL;
  }

  /* Destroy superclass */
  SSMResource_Destroy(SSMRESOURCE(res), PR_FALSE);
  
  if (doFree)
    PR_Free(res);

  return PR_SUCCESS;
loser:
  return PR_FAILURE;
}

SSMStatus SSM_VerifyCert(SSMResourceCert * resource, 
				SECCertUsage certUsage)
{
  return (*resource->m_verify_func)(resource, certUsage);
}

SSMStatus SSM_DeleteCertificate(SSMResourceCert * resource) 
{
  return (*resource->m_deletecert_func)(resource);
}

SSMStatus SSMResourceCert_DeleteCert(SSMResourceCert * res)
{

  PR_ASSERT(SSM_IsAKindOf((SSMResource *)res, SSM_RESTYPE_CERTIFICATE));  
  if (!res || !res->cert) {
    SSM_DEBUG("DeleteCert: bad argument!\n");
    goto done;
  }

  SSM_DEBUG("Cert id %d is marked for deletion.\n", ((SSMResource*)res)->m_id);
  SSM_LockResource((SSMResource*)res);
  res->m_markedForDeletion = PR_TRUE; /* delete it from disk */
  SSM_UnlockResource((SSMResource*)res);

  /* this will get the reference count right */
  SSM_FreeResource((SSMResource*)res);

 done:
  return SSM_SUCCESS;
}


SSMStatus SSMResourceCert_Verify(SSMResourceCert  * resource,
				SECCertUsage certUsage)
{
  if (!resource || !resource->cert)
    goto loser;

  if (CERT_VerifyCertNow(SSMRESOURCE(resource)->m_connection->m_certdb, 
			 resource->cert, PR_TRUE, 
			 certUsage, NULL) != SECSuccess) 
    goto loser;
  return PR_SUCCESS;
loser:
  return PR_FAILURE;
}

SSMStatus SSMResourceCert_HTML(SSMResource *res, PRIntn * len, void ** value)
{
  SSMStatus rv = PR_SUCCESS;
  SSMResourceCert * resource = (SSMResourceCert *)res;

  if (!resource || !resource->cert || !value) {
    rv = (SSMStatus) PR_INVALID_ARGUMENT_ERROR;
    goto loser;
  }
  *value = NULL;
  if (len) *len = 0;
    
  *value = CERT_HTMLCertInfo(resource->cert, PR_FALSE, PR_TRUE);
  if (!*value) { 
    rv = (SSMStatus) PR_GetError();
    goto loser;
  }
  
  if (len)
    *len = strlen((char *)*value);
  goto done;

loser:
  if (len && *len) 
    *len = 0;
  if (value && *value) 
    *value = NULL;

done:
  return rv;
}

SSMStatus
SSMResourceCert_FormSubmitHandler(SSMResource *res, HTTPRequest * req)
{
  SSMStatus rv = SSM_FAILURE;
  char* tmpStr = NULL;
  
  /* make sure you got the right baseRef */
  rv = SSM_HTTPParamValue(req, "baseRef", &tmpStr);
  if (rv != SSM_SUCCESS ||
      PL_strcmp(tmpStr, "windowclose_doclose_js") != 0) {
    goto loser;
  }
  
  rv = SSM_HTTPCloseAndSleep(req);
  if (rv != SSM_SUCCESS)
    SSM_DEBUG("Errors closing window in FormSubmitHandler: %d\n", rv);
  
  if (!res->m_formName)
    goto loser;
  if (PL_strcmp(res->m_formName, "cert_edit") == 0)
    rv = SSM_EditCertificateTrustHandler(req);
  else if (PL_strcmp(res->m_formName, "trust_new_ca") == 0)
    rv = SSM_CertCAImportCommandHandler2(req);
  else {
    SSM_DEBUG("CertResource_FormsubmitHandler: bad formName %s\n", res->m_formName);
  }
    
loser:
  return rv;
}

static
certPane SSMUI_CertBelongs(CERTCertificate * cert)
{
  CERTCertTrust * trust;
  certPane owner = badCert;

  if (!cert || !cert->trust) 
    goto done;
  trust = cert->trust;

  if ((trust->sslFlags & CERTDB_USER) ||
      (trust->emailFlags & CERTDB_USER) ||
      (trust->objectSigningFlags & CERTDB_USER))
    owner = myCert;
  else if ((trust->sslFlags & CERTDB_VALID_CA) ||
	   (trust->emailFlags & CERTDB_VALID_CA) ||
	   (trust->objectSigningFlags & CERTDB_VALID_CA))
    owner = caCert;
  else if (trust->sslFlags & CERTDB_VALID_PEER) 
    owner = webCert;
  else if (trust->emailFlags & CERTDB_VALID_PEER) 
    owner = othersCert;
 done:
  return owner;
}

/* 
 * Find correct help target for the kind of cert we're deleting.
 */
SSMStatus SSM_DeleteCertHelpKeywordHandler(SSMTextGenContext * cx)
{
  SSMStatus rv = SSM_FAILURE;
  certPane kind = badCert;
  PR_ASSERT(cx != NULL);
  PR_ASSERT(cx->m_request != NULL);
  PR_ASSERT(cx->m_params != NULL);
  PR_ASSERT(cx->m_result != NULL);
  PR_ASSERT(SSM_IsAKindOf(cx->m_request->target, SSM_RESTYPE_CERTIFICATE));

  kind = SSMUI_CertBelongs(((SSMResourceCert *)cx->m_request->target)->cert);
  switch (kind) {
  case caCert:
    rv = SSM_GetAndExpandText(cx, "help_delete_ca", &cx->m_result);
    break;
  case myCert:
    rv = SSM_GetAndExpandText(cx, "help_delete_mine", &cx->m_result);
    break;
  case webCert:
    rv = SSM_GetAndExpandText(cx, "help_delete_websites", &cx->m_result);
    break;
  case othersCert:
    rv = SSM_GetAndExpandText(cx, "help_delete_others", &cx->m_result);
    break;
  default:
    SSM_DEBUG("DeleteCertHelpKeyword: can't figure out cert type!\n");
  }
  return rv;
}

SSMStatus SSM_DeleteCertWarnKeywordHandler(SSMTextGenContext * cx)
{
  SSMStatus rv = SSM_FAILURE;
  certPane kind = badCert;

  PR_ASSERT(cx != NULL);
  PR_ASSERT(cx->m_request != NULL);
  PR_ASSERT(cx->m_params != NULL);
  PR_ASSERT(cx->m_result != NULL);
  PR_ASSERT(SSM_IsAKindOf(cx->m_request->target, SSM_RESTYPE_CERTIFICATE));

  kind = SSMUI_CertBelongs(((SSMResourceCert *)cx->m_request->target)->cert);
  switch (kind)  {
  case othersCert:
    rv = SSM_GetAndExpandText(cx, "delete_cert_warning_others", &cx->m_result);
    break;
  case myCert:
    rv = SSM_GetAndExpandText(cx, "delete_cert_warning_mine", &cx->m_result);
    break;
  case caCert:
    rv = SSM_GetAndExpandText(cx, "delete_cert_warning_ca", &cx->m_result);
    break;
  case webCert:
    rv = SSM_GetAndExpandText(cx, "delete_cert_warning_web", &cx->m_result);
    break;
  default:
    SSM_DEBUG("DeleteCertWarnKeyword: can't figure out cert type!\n");  
  }
  return rv;
}
  


SSMStatus SSM_DeleteCertHandler(HTTPRequest * req)
{
  SSMStatus rv;
  char * value = NULL;
  char * nickname = NULL;
  
  /* if this brakes, we're in deep trouble */
  PR_ASSERT(SSM_IsAKindOf(req->target, SSM_RESTYPE_CERTIFICATE));

  /* close the window */
  rv = SSM_HTTPCloseAndSleep(req);
  if (rv != SSM_SUCCESS) 
    SSM_DEBUG("DeleteCertHandler: Problem closing DeleteCertificateWindow!\n");
 
  /* check which button was clicked */
  rv = SSM_HTTPParamValue(req, "do_cancel", &value);
  if (rv == SSM_SUCCESS) 
    goto done;
  
  rv = SSM_HTTPParamValue(req, "do_ok", &value);
  if (rv == SSM_SUCCESS) {
    if (((SSMResourceCert *)req->target)->cert->nickname)
      nickname = PL_strdup(((SSMResourceCert *)req->target)->cert->nickname);
    else nickname = PL_strdup(((SSMResourceCert *)req->target)->cert->emailAddr);
    rv = (SSMStatus) SSM_DeleteCertificate((SSMResourceCert *)req->target);
    /* delete this cert from Security Advisor hashtable */
    rv = SSM_ChangeCertSecAdvisorList(req, nickname, (ssmCertHashAction)-1);
    PR_Free(nickname);
    goto done;
  }
  SSM_DEBUG("DeleteCertHandler: can't figure out which button was clicked in DeleteCert dialog!\n");
    
done:
  SSM_NotifyUIEvent((SSMResource *)req->ctrlconn);
  return rv;
}

SSMStatus SSM_ProcessCertDeleteButton(HTTPRequest * req)
{
  SSMResource * target;
  char * params = NULL;
  char * certNickname = NULL, * formName = NULL;
  SSMTextGenContext * cx = NULL;
  char * page = NULL, * outPage = NULL;
  SSMStatus rv = SSM_FAILURE;

  rv = SSM_HTTPParamValue(req, "selectCert", &certNickname);
  if (rv != SSM_SUCCESS) 
    goto loser;
  
  rv = SSM_HTTPParamValue(req, "formName", &formName);
  if (rv != SSM_SUCCESS) 
    goto loser;
  
  /* Get the target resource. */
  target = (req->target ? req->target : (SSMResource *) req->ctrlconn);
  PR_ASSERT(target);
  
  params = PR_smprintf("action=delete_cert&nick=%s&formName=%s",certNickname, 
		       formName);
  SSM_LockUIEvent(&req->ctrlconn->super.super);
  rv = SSMControlConnection_SendUIEvent(req->ctrlconn, "cert", "delete_cert", 
					target, params, &target->m_clientContext);
  SSM_WaitUIEvent((SSMResource *)req->ctrlconn, PR_INTERVAL_NO_TIMEOUT);
  /* See if the user canceled, if so send back HTTP_NO_CONTENT
   * so security advisor doesn't redraw the same content.
   */
  if (req->ctrlconn->super.super.m_buttonType == SSM_BUTTON_CANCEL) {
    SSM_HTTPReportError(req, HTTP_NO_CONTENT);
    goto done;
  }  
 /* tell the secadvisor page to reload */
  rv = SSM_RefreshRefererPage(req);
  goto done;
  
loser:
  if (rv == SSM_SUCCESS) 
    rv = SSM_FAILURE;
  SSM_HTTPReportSpecificError(req, 
			      "ProcessDeleteCert: can't send/process delete cert UIEvent", rv);

done:
  PR_FREEIF(params);
  PR_FREEIF(page);
  PR_FREEIF(outPage);
  return rv;
}

SSMStatus SSM_RefreshRefererPage(HTTPRequest * req)
{
  SSMTextGenContext * cx = NULL;
  SSMStatus rv = SSM_FAILURE;
  char * page = NULL, * outPage = NULL, * ptr = NULL;

  if (!req) 
    goto done;
  
  /* ptr will point the last '/' in the referer URL. We are interested 
   * in everything AFTER the last '/'.
   */
  ptr = strrchr(req->referer, '/');
  
  rv = SSMTextGen_NewTopLevelContext(req, &cx);
  rv = SSM_GetAndExpandText(cx, "refresh_window_content", &page);
  SSMTextGen_DestroyContext(cx);
  outPage = PR_smprintf(page, ptr+1);
  req->sentResponse = PR_TRUE;
  rv = SSM_HTTPSendOKHeader(req, NULL, "text/html");
  rv = SSM_HTTPSendUTF8String(req, outPage);

 done:
  return rv;
}


SSMStatus SSM_HTTPCertListHandler(HTTPRequest * req)
{
  SSMStatus rv = SSM_FAILURE;
  char * nick = NULL, * action = NULL, *target, * page=NULL, *outPage = NULL;
  char * nickhtml = NULL, * formName = NULL;
  CERTCertificate * cert;
  CERTCertList * certList = NULL;
  PRIntn numcerts = 0;
  SSMTextGenContext * cx; 
  PRBool emailCert = PR_FALSE;
  char * certres;
  SSMResource * certresource;

  SSM_DEBUG("In cert_list handler\n");

  /* figure out the certificate  */

  /* this is a cert identified by resource id */
  rv = SSM_HTTPParamValue(req, "certresource", &certres);
  if (rv == SSM_SUCCESS) {
    rv = SSM_RIDTextToResource(req, certres, &certresource);
    if (rv != SSM_SUCCESS || !certresource 
	|| !(SSM_IsAKindOf(certresource, SSM_RESTYPE_CERTIFICATE))) {
      SSM_DEBUG("certListHandler:can't find cert by resource ID %s!\n", certres);
	  goto loser;
	}

    cert = ((SSMResourceCert *)certresource)->cert;
    rv = SSM_ProcessCertUIAction(req, cert);
    goto done;
  }

  rv = SSM_HTTPParamValue(req, "target", &target);
  if (rv != SSM_SUCCESS) 
    /* can't find target */
    goto loser;
  
  rv = SSM_HTTPParamValue(req, "nick", &nick);
  if (rv != SSM_SUCCESS || PL_strcmp(nick,"undefined")==0) {
    /* can't find cert selection */
    SSM_DEBUG("certListHandler: can't find cert nick!\n");
    goto loser;
  }

  nickhtml = SSM_ConvertStringToHTMLString(nick);
  if (!nickhtml) {
    SSM_DEBUG("HTTPCertListHandler: error in ConvertStringToHTMLString\n");
    goto loser;
  }
  rv = SSM_HTTPParamValue(req, "formName", &formName);
  if (rv != SSM_SUCCESS || !formName) {
    SSM_DEBUG("certListHandler: no originating formName found!\n");
    goto loser;
  }
  
  /* look for certs by nickname, unless it's "others", 
   * then check email address
   */
  if (strstr(formName,"_others")) 
    emailCert = PR_TRUE;

  certList = SSMControlConnection_CreateCertListByNickname(req->ctrlconn, 
							   nick, 
							   emailCert);
  if (certList && SSM_CertListCount(certList) > 1)
    { /* more than one cert under the same nickname */
             
      /* get current values */
      rv = SSM_HTTPParamValue(req, "action", &action);
      if (rv != SSM_SUCCESS) {
	/* can't find action selection */
	goto loser;
      }

      rv = SSMTextGen_NewTopLevelContext(req, &cx);
      rv = SSM_GetAndExpandText(cx, "choose_cert_content", &page);
      SSMTextGen_DestroyContext(cx);
      outPage = PR_smprintf(page, atoi(target), action, nickhtml, formName);
      rv = SSM_HTTPSendOKHeader(req, NULL, "text/html");
      rv = SSM_HTTPSendUTF8String(req, outPage);
      
    }
  else 
    {
      /* get selected certificate */
      cert = SSMControlConnection_FindCertByNickname(req->ctrlconn, nick, 
						     emailCert);
      if (!cert) {
	SSM_DEBUG("HTTPCertListHandler: can't find cert with nick %s!\n",nick);
	goto loser;