signtextres.c

安全开发库。含客户端建立ssl连接、签名、证书验证、证书发布和撤销等。编译用到nss

                                    &digest, NULL, signTextRes->m_conn);
        if (ci == NULL) {
            goto loser;
        }

        /* Create the PKCS#7 object */
        tmpItem = SEC_PKCS7EncodeItem(NULL, &signedResult, ci, NULL, NULL,
                                      signTextRes->m_conn);
        if (tmpItem != &signedResult) {
            goto loser;
        }

        /* Convert the result to base 64 */
        signTextRes->m_resultString = BTOA_DataToAscii(signedResult.data, signedResult.len);
        if (signTextRes->m_resultString == NULL) {
            goto loser;
        }
        break;
    case SSM_BUTTON_CANCEL:
        signTextRes->m_resultString= PL_strdup("error:userCancel");
        break;
    default:
        break;
    }
    SSM_UnlockResource(SSMRESOURCE(signTextRes));
loser:
    /* Free data */
    if (signTextRes->m_stringToSign) {
        PR_Free(signTextRes->m_stringToSign);
    }
    if (signTextRes->m_hostName) {
        PR_Free(signTextRes->m_hostName);
    }
    if (signTextRes->m_certs) {
        CERT_DestroyCertList(signTextRes->m_certs);
    }

    /* Send the task complete event here */
    SSMSignTextResource_SendTaskCompletedEvent(signTextRes);
    return;
}

SSMStatus 
SSMSignTextResource_Print(SSMResource   *res,
			  char *fmt,
                          PRIntn numParam,
			  char ** value,
			  char **resultStr)
{
    char *hostName = NULL, *stringToSign = NULL;
    SSMSignTextResource *signTextRes = (SSMSignTextResource*)res;

    hostName = signTextRes->m_hostName;
    stringToSign = signTextRes->m_stringToSign;
    if (numParam) 
      SSMResource_Print(res, fmt, numParam, value, resultStr);
    else if (signTextRes->m_autoFlag) {
      CERTCertListNode *node;
      CERTCertificate *cert;
      
      /* Get the cert nickname */
      node = (CERTCertListNode*)PR_LIST_HEAD(&signTextRes->m_certs->list);
      cert = node->cert;
      
      /* Get the nickname */
      *resultStr = PR_smprintf(fmt, signTextRes->super.m_id, hostName,
			       stringToSign, cert->nickname);
    } else {
      *resultStr = PR_smprintf(fmt, signTextRes->super.m_id, hostName,
			       stringToSign);
      
    }
    return (*resultStr != NULL) ? PR_SUCCESS : PR_FAILURE;
}

SSMStatus
SSMSignTextResource_GetAttr(SSMResource *res, SSMAttributeID attrID,
			    SSMResourceAttrType attrType,
			    SSMAttributeValue *value)
{
    SSMSignTextResource *signTextRes = (SSMSignTextResource*)res;

    if (!signTextRes || !signTextRes->m_resultString) {
        goto loser;
    }

    switch (attrID) {
        case SSM_FID_SIGNTEXT_RESULT:
            if (!signTextRes->m_resultString) {
                goto loser;
            }
            value->type = SSM_STRING_ATTRIBUTE;
            value->u.string.len = PL_strlen(signTextRes->m_resultString);
            value->u.string.data = (unsigned char *) PL_strdup(signTextRes->m_resultString);
            break;
        default:
            goto loser;
    }

    return PR_SUCCESS;
loser:
    return PR_FAILURE;
}

SSMStatus
SSMSignTextResource_FormSubmitHandler(SSMResource* res,
                                      HTTPRequest* req)
{
    SSMStatus rv;
    char* tmpStr;
    SSMSignTextResource *signTextRes = (SSMSignTextResource*)res;

    SSM_LockResource(res);

    rv = SSM_HTTPParamValue(req, "baseRef", &tmpStr);
    if (rv != SSM_SUCCESS ||
        PL_strcmp(tmpStr, "windowclose_doclose_js") != 0) {
        goto loser;
    }

    /* Detect which button was pressed */
    if (res->m_buttonType == SSM_BUTTON_OK) {
        /* Get the certificate nickname */
        SSM_HTTPParamValue(req, "chose", &signTextRes->m_nickname);
    }

loser:
    /* Close the window */
    SSM_HTTPCloseAndSleep(req);

    /* Unblock the sign text thread waiting on this */
    SSM_NotifyResource(res);
    SSM_UnlockResource(res);

    return rv;
}

SSMStatus SSM_SignTextCertListKeywordHandler(SSMTextGenContext* cx)
{
    SSMStatus rv = SSM_SUCCESS;
    SSMResource* target = NULL;
    SSMSignTextResource* res;
    char* prefix = NULL;
    char* wrapper = NULL;
    char* suffix = NULL;
    char* tmpStr = NULL;
    char* fmt = NULL;
    const PRIntn CERT_LIST_PREFIX = (PRIntn)0;
    const PRIntn CERT_LIST_WRAPPER = (PRIntn)1;
    const PRIntn CERT_LIST_SUFFIX = (PRIntn)2;
    const PRIntn CERT_LIST_PARAM_COUNT = (PRIntn)3;

    /* 
     * make sure cx, cx->m_request, cx->m_params, cx->m_result are not
     * NULL
     */
    PR_ASSERT(cx != NULL && cx->m_request != NULL && cx->m_params != NULL &&
	      cx->m_result != NULL);
    if (cx == NULL || cx->m_request == NULL || cx->m_params == NULL ||
	    cx->m_result == NULL) {
    	PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
    	goto loser;
    }

    if (SSM_Count(cx->m_params) != CERT_LIST_PARAM_COUNT) {
        SSM_HTTPReportSpecificError(cx->m_request, "_signtext_certList: ",
				    "Incorrect number of parameters "
				    " (%d supplied, %d needed).\n",
				    SSM_Count(cx->m_params), 
				    CERT_LIST_PARAM_COUNT);
	    goto loser;
    }

    /* get the connection object */
    target = SSMTextGen_GetTargetObject(cx);
    PR_ASSERT(target != NULL);
    res = (SSMSignTextResource*)target;

    /* form the MessageFormat object */
    /* find arguments (prefix, wrapper, and suffix) */
    prefix = (char *) SSM_At(cx->m_params, CERT_LIST_PREFIX);
    wrapper = (char *) SSM_At(cx->m_params, CERT_LIST_WRAPPER);
    suffix = (char *) SSM_At(cx->m_params, CERT_LIST_SUFFIX);
    PR_ASSERT(prefix != NULL && wrapper != NULL && suffix != NULL);

    /* grab the prefix and expand it */
    rv = SSM_GetAndExpandTextKeyedByString(cx, prefix, &tmpStr);
    if (rv != SSM_SUCCESS) {
	goto loser;
    }

    /* append the prefix */
    rv = SSM_ConcatenateUTF8String(&cx->m_result, tmpStr);
    SSMTextGen_UTF8StringClear(&tmpStr);
    SSM_DebugUTF8String("signtext cert list prefix", cx->m_result);

    /* grab the wrapper */
    rv = SSM_GetAndExpandTextKeyedByString(cx, wrapper, &tmpStr);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    SSM_DebugUTF8String("sign text cert list wrapper", fmt);

    /* form the wrapped cert list UnicodeString */
    rv = ssm_signtext_get_unicode_cert_list(res, tmpStr, &tmpStr);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }

    /* append the wrapped cert list */
    rv = SSM_ConcatenateUTF8String(&cx->m_result, tmpStr);
    if (rv != SSM_SUCCESS) {
      goto loser;
    }
    SSMTextGen_UTF8StringClear(&tmpStr);

    /* grab the suffix and expand it */
    rv = SSM_GetAndExpandTextKeyedByString(cx, suffix, &tmpStr);
    if (rv != SSM_SUCCESS) {
	goto loser;
    }
    SSM_DebugUTF8String("client cert list suffix", tmpStr);

    /* append the suffix */
    rv = SSM_ConcatenateUTF8String(&cx->m_result, tmpStr);
    if (rv != SSM_SUCCESS) {
      goto loser;
    }
    goto done;
loser:
    if (rv == SSM_SUCCESS) {
	rv = SSM_FAILURE;
    }
done:
    PR_FREEIF(fmt);
    PR_FREEIF(tmpStr);
    return rv;
}

/*
 * Function: SSMStatus ssm_client_auth_get_unicode_cert_list()
 * Purpose: forms the cert list UnicodeString
 *
 * Arguments and return values:
 * - conn: SSL connection object
 * - fmt: cert wrapper UnicodeString format
 * - result: resulting UnicodeString
 *
 * Note: if we include the expired certs, we need to append to the end as
 *       well
 */
SSMStatus ssm_signtext_get_unicode_cert_list(SSMSignTextResource* res, 
					     char* fmt, 
					     char** result)
{
    SSMStatus rv = SSM_SUCCESS;
    char * nicknameStr = NULL;
    char * tmpStr = NULL;
    char * finalStr = NULL;
    int i;
    CERTCertListNode *head = NULL;
    int numCerts;

    PR_ASSERT(res != NULL && fmt != NULL && result != NULL);
    /* in case we fail */
    *result = NULL;

    /* concatenate the string using the nicknames */
    head = (CERTCertListNode *)PR_LIST_HEAD(&res->m_certs->list);
    numCerts = SSM_CertListCount(res->m_certs);
    for (i = 0; i < numCerts; i++) {
        tmpStr = PR_smprintf(fmt, i, head->cert->nickname);
	rv = SSM_ConcatenateUTF8String(&finalStr, tmpStr);
	if (rv != SSM_SUCCESS) {
	  goto loser;
	}
	PR_Free(tmpStr);
        tmpStr = NULL;
        head = (CERTCertListNode *)head->links.next;
    }

    SSM_DebugUTF8String("client auth: final cert list", finalStr);
    *result = finalStr;
    return SSM_SUCCESS;
loser:
    SSM_DEBUG("client auth: wrapping cert list failed.\n");
    if (rv == SSM_SUCCESS) {
        rv = SSM_FAILURE;
    }
    PR_FREEIF(finalStr);
    PR_FREEIF(tmpStr);
    return rv;
}