oldfunc.c

安全开发库。含客户端建立ssl连接、签名、证书验证、证书发布和撤销等。编译用到nss

      goto loser;
    }
    if (SSM_FindUTF8StringInBundles(cx, "nick_template_with_num", 
				    &nickFmtWithNum) != SSM_SUCCESS) {
      goto loser;
    }
  }
  while ( 1 ) {	
    if ( count == 1 ) 
      nickname = PR_smprintf(nickFmt, username, caname);
    else 
      nickname = PR_smprintf(nickFmtWithNum, username, caname, count);
    
    if ( nickname == NULL ) 
      goto loser;
 
    _ssm_compress_spaces(nickname);

    /* look up the nickname to make sure it isn't in use already */
    dummycert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), nickname);
    
    if ( dummycert == NULL ) 
      goto done;
    
    /* found a cert, destroy it and loop */
    CERT_DestroyCertificate(dummycert);
    PORT_Free(nickname);
    count++;
  } /* end of while(1) */
    
loser:
    if ( nickname ) 
      PORT_Free(nickname);
    nickname = NULL;
done:
    if ( caname ) 
      PORT_Free(caname);
    if ( username ) 
      PORT_Free(username);
    if ( cx )
      SSMTextGen_DestroyContext(cx);
    return(nickname);
}

SSMStatus SSM_OKButtonCommandHandler(HTTPRequest * req)
{
  char * tmpStr = NULL;
  SSMStatus rv;

  /* check the base ref */
  rv = SSM_HTTPParamValue(req, "baseRef", &tmpStr);
  if (rv != SSM_SUCCESS ||
    PL_strcmp(tmpStr, "windowclose_doclose_js") != 0) {
    goto loser;
  }
  /* close the window */
  rv = SSM_HTTPCloseAndSleep(req);
  
loser:
  return rv;
}

SSMStatus SSM_CertCAImportCommandHandler1(HTTPRequest *req)
{
    SSMStatus rv;
    char * tmpStr = NULL;

    /* make sure you got the right baseRef */
    rv = SSM_HTTPParamValue(req, "baseRef", &tmpStr);
    if (rv != SSM_SUCCESS ||
        PL_strcmp(tmpStr, "windowclose_doclose_js") != 0) {
        goto loser;
    }
    /* close the first window */
    rv = SSM_HTTPCloseAndSleep(req);
    if (rv != SSM_SUCCESS)
      SSM_DEBUG("Errors closing ImportCAStep1 window: %d\n", rv);
 
    /* figure out the buttons */
    rv =  SSM_HTTPParamValue(req, "do_cancel", &tmpStr);
    if (rv == SSM_SUCCESS) {
      /* cancel button was clicked */
      return SSM_SUCCESS;
    }
    rv = SSM_HTTPParamValue(req, "do_ok", &tmpStr);
    if (rv == SSM_SUCCESS) {
      /* user wants to proceed */
      rv=SSMControlConnection_SendUIEvent(req->ctrlconn, 
				          "get", "import_ca_cert2", 
					  req->target, NULL, 
					  &req->target->m_clientContext);
      if (rv != PR_SUCCESS) {
      /* problem! */
        SSM_DEBUG("Cannot fire second dialog for CA cert importation!\n");
	SSM_NotifyUIEvent(req->target);
      }
    }
    else 
      SSM_DEBUG("Cannot identify button pressed in first importCACert dialog!\n");
loser:
    return rv; 
}


SSMStatus SSM_CertCAImportCommandHandler2(HTTPRequest * req)
{
    SSMStatus rv;
    char * tmpStr = NULL;

    /* if we got here, user must have hit OK for import CA cert */
    acceptcacert = PR_TRUE;

    /* check parameters */
    rv = SSM_HTTPParamValue(req, "acceptssl", &tmpStr);
    if (rv == SSM_SUCCESS) 
      acceptssl = PR_TRUE;
    
    rv = SSM_HTTPParamValue(req, "acceptemail", &tmpStr);
    if (rv == SSM_SUCCESS) 
      acceptmime = PR_TRUE;
    
    rv = SSM_HTTPParamValue(req, "acceptobject", &tmpStr);
    if (rv == SSM_SUCCESS) 
      acceptobjectsign = PR_TRUE;
    
 
    SSM_NotifyUIEvent(req->target);
    return rv;
}

SSMStatus SSM_SubmitFormFromButtonHandler(HTTPRequest *req)
{
   SSMResource * res = NULL;
   char * value;
   SSMStatus rv = SSM_FAILURE;

   res = (req->target) ? req->target : (SSMResource *) req->ctrlconn;

   rv = SSM_HTTPParamValue(req, "do_cancel", &value);
   if (rv == SSM_SUCCESS) {
     /* user hit "Cancel", exit */
     res->m_buttonType = SSM_BUTTON_CANCEL;
     goto finished; 
   }
   res->m_buttonType = SSM_BUTTON_OK;
   /* set up the stage to process the main form */ 
   rv = SSM_HTTPParamValue(req, "formName", &value);
   if (rv != SSM_SUCCESS) {
     SSM_DEBUG("Error in SubmitFormHandler: no form name given!\n");
     goto finished;
   }
   if (res->m_formName)  /* hmm... will it crash here? */
     PR_Free(res->m_formName);
   res->m_formName = PL_strdup(value);
        
   rv = SSM_HTTPCloseAndSleep(req);
   if (rv != PR_SUCCESS)
     SSM_DEBUG("SubmitForm: Problem closing dialog box!\n");
   
   return rv;
finished:
   /* no more event handlers called on this event, notify ctrlconn */
   SSM_HTTPCloseWindow(req);
   /* if this is a UIEvent, notify owner connection */
   if (res->m_UILock)
     SSM_NotifyUIEvent(res);
   return rv;
}
   

static void SSM_ImportCACert(void * arg)
{
  CERTCertTrust trust;
  char * nickname = NULL;
  caImportCertArg * certArg = (caImportCertArg *)arg;
  CERTCertificate * cert = certArg->cert;
  SSMControlConnection * ctrl = certArg->ctrl;
  CERTDERCerts * derCerts = certArg->derCerts;
  SSMResource * certObj = NULL;
  SSMResourceID certRID;
  SSMStatus rv;
  char * params;

  /* UI asks - do you want to import this cert for 
   * 1) email
   * 2) web sites
   * 3) objects
   * UI sets accept, acceptssl, acceptmime, acceptobjectsign
   */
  acceptssl = acceptmime = acceptobjectsign = acceptcacert = PR_FALSE;


  /* create resource for that cert */
  rv = SSM_CreateResource(SSM_RESTYPE_CERTIFICATE, cert, 
			  ctrl, &certRID, &certObj);
  if (rv != SSM_SUCCESS) {
    SSM_DEBUG("SSM_ImportCACert: can't create certificate resource!\n");
    goto done;
  }
  
  /* pick a nickname for the cert */
  nickname = CERT_GetCommonName(&cert->subject);
  
  params = PR_smprintf("certresource=%d&nickname=%s", certRID, nickname);
  SSM_LockUIEvent(certObj);
  rv = SSMControlConnection_SendUIEvent(ctrl, "get", "import_ca_cert1", 
					certObj, params, 
					&certObj->m_clientContext);
  if (rv != PR_SUCCESS)  {
    SSM_DEBUG("Cannot fire up first import CA cert dialog!\n");
    goto done;
  }
  SSM_WaitUIEvent(certObj, PR_INTERVAL_NO_TIMEOUT);

  if (!acceptcacert)
    goto done;

  PORT_Memset((void *)&trust, 0, sizeof(trust));
  if (acceptssl) 
    trust.sslFlags = CERTDB_VALID_CA | CERTDB_TRUSTED_CA;
  else trust.sslFlags = CERTDB_VALID_CA;
  if (acceptmime) 
    trust.emailFlags = CERTDB_VALID_CA | CERTDB_TRUSTED_CA;
  else trust.emailFlags = CERTDB_VALID_CA;
  if (acceptobjectsign)
    trust.objectSigningFlags = CERTDB_VALID_CA | CERTDB_TRUSTED_CA;
  else
    trust.objectSigningFlags = CERTDB_VALID_CA;

  rv = CERT_AddTempCertToPerm(cert, nickname, &trust);
  if (rv != PR_SUCCESS) {
    /* tell user we're having problems */;
    goto done;
  }
  if (derCerts->numcerts > 1) {
    rv = CERT_ImportCAChain(derCerts->rawCerts + 1, derCerts->numcerts - 1,
			    certUsageSSLCA); 
    if (rv != PR_SUCCESS) 
      /* tell user we're having problems */
      SSM_DEBUG("Cannot import CA chain\n");
  }
 done:
  if (certObj) 
    SSM_FreeResource(certObj);
  if (nickname)
    PR_Free(nickname);
  CERT_DestroyCertificate(cert);
  PR_Free(arg);
  return;
}

SSMStatus SSM_CAPolicyKeywordHandler(SSMTextGenContext * cx)
{
  SSMStatus rv = SSM_FAILURE;
  char * policyString = NULL, * certresStr = NULL;
  CERTCertificate * caCert;
  SSMResource * resource;
  SSMResourceID certRID;
  SSMControlConnection * ctrl;
  
  PR_ASSERT(cx != NULL);
  PR_ASSERT(cx->m_request != NULL);
  PR_ASSERT(cx->m_params != NULL);
  PR_ASSERT(cx->m_result != NULL);
  if (cx == NULL || cx->m_request == NULL || cx->m_params == NULL ||
      cx->m_result == NULL) {
    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
    goto loser;
  }

  /* find the certificate we're talking about */
  rv = SSM_HTTPParamValue(cx->m_request, "action", &certresStr);
  if (rv != SSM_SUCCESS) {
    goto loser;
  }
  certRID = atoi(certresStr);
  resource = SSMTextGen_GetTargetObject(cx);
  if (!resource) {
    SSM_DEBUG("SSM_CAPolicyKeywordHandler: can't get target object!\n");
    goto loser;
  }
  if (SSM_IsAKindOf(resource, SSM_RESTYPE_CONTROL_CONNECTION)) {
    ctrl = (SSMControlConnection *)resource;
    rv = SSMControlConnection_GetResource(ctrl, certRID, &resource);
    if (rv != SSM_SUCCESS) {
      SSM_DEBUG("SSM_CAPolicyKeywordHandler: can't find cert resource %d\n", 
		certRID);
      goto loser;
    }
  } else
    PR_ASSERT(SSM_IsAKindOf(resource, SSM_RESTYPE_CERTIFICATE));
  
  caCert = ((SSMResourceCert *)resource)->cert;
  
  /* For some reason, this function is going to return policy */
  policyString = CERT_GetCertCommentString(caCert);
  if (!policyString) {
    rv = SSM_GetUTF8Text(cx, "no_ca_policy", &policyString);
    if (rv != SSM_SUCCESS) {
      SSM_DEBUG("Could not find text %s in policy files.\n", "no_ca_policy");
      goto loser;
    }
    SSM_DEBUG("No policy is available for new CA cert: %s!\n", policyString);
  }
  PR_FREEIF(cx->m_result);
  cx->m_result = policyString;
  policyString = NULL;
  rv = SSM_SUCCESS;
  goto done;

 loser:
  SSMTextGen_UTF8StringClear(&cx->m_result);
  rv = SSM_FAILURE;
  SSM_DEBUG("Failed formatting CA policy from signers cert\n");
 done: 
  if (policyString) 
    PR_Free(policyString);
  
  return rv;
}

SSMStatus SSM_CACertKeywordHandler(SSMTextGenContext* cx)
{
  SSMStatus rv = SSM_FAILURE;
  char* pattern = NULL;
  char* key = NULL;
  char * style = NULL;
  const PRIntn CERT_FORMAT = (PRIntn)0;
  const PRIntn CERT_WRAPPER = (PRIntn)1;
  const PRIntn CERT_WRAPPER_NO_COMMENT = (PRIntn)2;
  PRIntn wrapper;
  CERTCertificate * caCert = NULL;
  char * certresStr = NULL;
  SSMControlConnection * ctrl;
  SSMResource * resource;
  SSMResourceID certRID;
  
	
  PR_ASSERT(cx != NULL);
  PR_ASSERT(cx->m_request != NULL);
  PR_ASSERT(cx->m_params != NULL);
  PR_ASSERT(cx->m_result != NULL);
  if (cx == NULL || cx->m_request == NULL || cx->m_params == NULL ||
      cx->m_result == NULL) {
    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
    goto loser;
  }

  /* find the certificate we're talking about */
  rv = SSM_HTTPParamValue(cx->m_request, "action", &certresStr);
  if (rv != SSM_SUCCESS) {
    goto loser;
  }
  certRID = atoi(certresStr);
  resource = SSMTextGen_GetTargetObject(cx);
  if (!resource) {
    SSM_DEBUG("SSM_CAPolicyKeywordHandler: can't get target object!\n");
    goto loser;
  }
  if (SSM_IsAKindOf(resource, SSM_RESTYPE_CONTROL_CONNECTION)) {
    ctrl = (SSMControlConnection *)resource;
    rv = SSMControlConnection_GetResource(ctrl, certRID, &resource);
    if (rv != SSM_SUCCESS) {
      SSM_DEBUG("SSM_CACertKeywordHandler: can't find cert resource %d\n", 
		certRID);
      goto loser;
    }
  } else
    PR_ASSERT(SSM_IsAKindOf(resource, SSM_RESTYPE_CERTIFICATE));

  caCert = ((SSMResourceCert *)resource)->cert;

  /* form the MessageFormat object */
  /* get the correct wrapper */
  if (CERT_GetCertCommentString(caCert))
    wrapper = CERT_WRAPPER;
  else wrapper = CERT_WRAPPER_NO_COMMENT;
  key = (char *) SSM_At(cx->m_params, wrapper);
  
  /* second, grab and expand the keyword objects */
  rv = SSM_GetAndExpandTextKeyedByString(cx, key, &pattern);
  if (rv != SSM_SUCCESS) {
    goto loser;
  }
  SSM_DebugUTF8String("ca cert info pattern <%s>", pattern);

  style = (char *) SSM_At(cx->m_params, CERT_FORMAT);
  PR_FREEIF(cx->m_result);
  if (!strcmp(style, "pretty"))
    rv = SSM_PrettyFormatCert(caCert, pattern, &cx->m_result);
  else if (!strcmp(style, "simple"))
    rv = SSM_FormatCert(caCert, pattern, &cx->m_result);
  else {
    SSM_DEBUG("SSM_CACertKeywordHandler: bad formatting parameter!\n");
    rv =  SSM_ERR_INVALID_FUNC;
  }
  goto done;

loser:
  if (rv == SSM_SUCCESS)
    rv = SSM_FAILURE;
 done:
  if (pattern != NULL) {
    PR_Free(pattern);
  }
  return rv;
}