security/manager/ssl/src/nsCMS.cpp@6474c204b198 (annotated)
security/manager/ssl/src/nsCMS.cpp
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ |
| michael@0 | 2 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 3 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 4 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 5 | |
| michael@0 | 6 | #include "nsCMS.h" |
| michael@0 | 7 | |
| michael@0 | 8 | #include "CertVerifier.h" |
| michael@0 | 9 | #include "pkix/pkixtypes.h" |
| michael@0 | 10 | #include "nsISupports.h" |
| michael@0 | 11 | #include "nsNSSHelper.h" |
| michael@0 | 12 | #include "nsNSSCertificate.h" |
| michael@0 | 13 | #include "smime.h" |
| michael@0 | 14 | #include "cms.h" |
| michael@0 | 15 | #include "nsICMSMessageErrors.h" |
| michael@0 | 16 | #include "nsIArray.h" |
| michael@0 | 17 | #include "nsArrayUtils.h" |
| michael@0 | 18 | #include "nsCertVerificationThread.h" |
| michael@0 | 19 | |
| michael@0 | 20 | #include "prlog.h" |
| michael@0 | 21 | |
| michael@0 | 22 | using namespace mozilla; |
| michael@0 | 23 | using namespace mozilla::psm; |
| michael@0 | 24 | |
| michael@0 | 25 | #ifdef PR_LOGGING |
| michael@0 | 26 | extern PRLogModuleInfo* gPIPNSSLog; |
| michael@0 | 27 | #endif |
| michael@0 | 28 | |
| michael@0 | 29 | using namespace mozilla; |
| michael@0 | 30 | |
| michael@0 | 31 | NS_IMPL_ISUPPORTS(nsCMSMessage, nsICMSMessage, nsICMSMessage2) |
| michael@0 | 32 | |
| michael@0 | 33 | nsCMSMessage::nsCMSMessage() |
| michael@0 | 34 | { |
| michael@0 | 35 | m_cmsMsg = nullptr; |
| michael@0 | 36 | } |
| michael@0 | 37 | nsCMSMessage::nsCMSMessage(NSSCMSMessage *aCMSMsg) |
| michael@0 | 38 | { |
| michael@0 | 39 | m_cmsMsg = aCMSMsg; |
| michael@0 | 40 | } |
| michael@0 | 41 | |
| michael@0 | 42 | nsCMSMessage::~nsCMSMessage() |
| michael@0 | 43 | { |
| michael@0 | 44 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 45 | if (isAlreadyShutDown()) { |
| michael@0 | 46 | return; |
| michael@0 | 47 | } |
| michael@0 | 48 | destructorSafeDestroyNSSReference(); |
| michael@0 | 49 | shutdown(calledFromObject); |
| michael@0 | 50 | } |
| michael@0 | 51 | |
| michael@0 | 52 | void nsCMSMessage::virtualDestroyNSSReference() |
| michael@0 | 53 | { |
| michael@0 | 54 | destructorSafeDestroyNSSReference(); |
| michael@0 | 55 | } |
| michael@0 | 56 | |
| michael@0 | 57 | void nsCMSMessage::destructorSafeDestroyNSSReference() |
| michael@0 | 58 | { |
| michael@0 | 59 | if (m_cmsMsg) { |
| michael@0 | 60 | NSS_CMSMessage_Destroy(m_cmsMsg); |
| michael@0 | 61 | } |
| michael@0 | 62 | } |
| michael@0 | 63 | |
| michael@0 | 64 | NS_IMETHODIMP nsCMSMessage::VerifySignature() |
| michael@0 | 65 | { |
| michael@0 | 66 | return CommonVerifySignature(nullptr, 0); |
| michael@0 | 67 | } |
| michael@0 | 68 | |
| michael@0 | 69 | NSSCMSSignerInfo* nsCMSMessage::GetTopLevelSignerInfo() |
| michael@0 | 70 | { |
| michael@0 | 71 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 72 | if (isAlreadyShutDown()) |
| michael@0 | 73 | return nullptr; |
| michael@0 | 74 | |
| michael@0 | 75 | if (!m_cmsMsg) |
| michael@0 | 76 | return nullptr; |
| michael@0 | 77 | |
| michael@0 | 78 | if (!NSS_CMSMessage_IsSigned(m_cmsMsg)) |
| michael@0 | 79 | return nullptr; |
| michael@0 | 80 | |
| michael@0 | 81 | NSSCMSContentInfo *cinfo = NSS_CMSMessage_ContentLevel(m_cmsMsg, 0); |
| michael@0 | 82 | if (!cinfo) |
| michael@0 | 83 | return nullptr; |
| michael@0 | 84 | |
| michael@0 | 85 | NSSCMSSignedData *sigd = (NSSCMSSignedData*)NSS_CMSContentInfo_GetContent(cinfo); |
| michael@0 | 86 | if (!sigd) |
| michael@0 | 87 | return nullptr; |
| michael@0 | 88 | |
| michael@0 | 89 | PR_ASSERT(NSS_CMSSignedData_SignerInfoCount(sigd) > 0); |
| michael@0 | 90 | return NSS_CMSSignedData_GetSignerInfo(sigd, 0); |
| michael@0 | 91 | } |
| michael@0 | 92 | |
| michael@0 | 93 | NS_IMETHODIMP nsCMSMessage::GetSignerEmailAddress(char * * aEmail) |
| michael@0 | 94 | { |
| michael@0 | 95 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 96 | if (isAlreadyShutDown()) |
| michael@0 | 97 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 98 | |
| michael@0 | 99 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::GetSignerEmailAddress\n")); |
| michael@0 | 100 | NS_ENSURE_ARG(aEmail); |
| michael@0 | 101 | |
| michael@0 | 102 | NSSCMSSignerInfo *si = GetTopLevelSignerInfo(); |
| michael@0 | 103 | if (!si) |
| michael@0 | 104 | return NS_ERROR_FAILURE; |
| michael@0 | 105 | |
| michael@0 | 106 | *aEmail = NSS_CMSSignerInfo_GetSignerEmailAddress(si); |
| michael@0 | 107 | return NS_OK; |
| michael@0 | 108 | } |
| michael@0 | 109 | |
| michael@0 | 110 | NS_IMETHODIMP nsCMSMessage::GetSignerCommonName(char ** aName) |
| michael@0 | 111 | { |
| michael@0 | 112 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 113 | if (isAlreadyShutDown()) |
| michael@0 | 114 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 115 | |
| michael@0 | 116 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::GetSignerCommonName\n")); |
| michael@0 | 117 | NS_ENSURE_ARG(aName); |
| michael@0 | 118 | |
| michael@0 | 119 | NSSCMSSignerInfo *si = GetTopLevelSignerInfo(); |
| michael@0 | 120 | if (!si) |
| michael@0 | 121 | return NS_ERROR_FAILURE; |
| michael@0 | 122 | |
| michael@0 | 123 | *aName = NSS_CMSSignerInfo_GetSignerCommonName(si); |
| michael@0 | 124 | return NS_OK; |
| michael@0 | 125 | } |
| michael@0 | 126 | |
| michael@0 | 127 | NS_IMETHODIMP nsCMSMessage::ContentIsEncrypted(bool *isEncrypted) |
| michael@0 | 128 | { |
| michael@0 | 129 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 130 | if (isAlreadyShutDown()) |
| michael@0 | 131 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 132 | |
| michael@0 | 133 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::ContentIsEncrypted\n")); |
| michael@0 | 134 | NS_ENSURE_ARG(isEncrypted); |
| michael@0 | 135 | |
| michael@0 | 136 | if (!m_cmsMsg) |
| michael@0 | 137 | return NS_ERROR_FAILURE; |
| michael@0 | 138 | |
| michael@0 | 139 | *isEncrypted = NSS_CMSMessage_IsEncrypted(m_cmsMsg); |
| michael@0 | 140 | |
| michael@0 | 141 | return NS_OK; |
| michael@0 | 142 | } |
| michael@0 | 143 | |
| michael@0 | 144 | NS_IMETHODIMP nsCMSMessage::ContentIsSigned(bool *isSigned) |
| michael@0 | 145 | { |
| michael@0 | 146 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 147 | if (isAlreadyShutDown()) |
| michael@0 | 148 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 149 | |
| michael@0 | 150 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::ContentIsSigned\n")); |
| michael@0 | 151 | NS_ENSURE_ARG(isSigned); |
| michael@0 | 152 | |
| michael@0 | 153 | if (!m_cmsMsg) |
| michael@0 | 154 | return NS_ERROR_FAILURE; |
| michael@0 | 155 | |
| michael@0 | 156 | *isSigned = NSS_CMSMessage_IsSigned(m_cmsMsg); |
| michael@0 | 157 | |
| michael@0 | 158 | return NS_OK; |
| michael@0 | 159 | } |
| michael@0 | 160 | |
| michael@0 | 161 | NS_IMETHODIMP nsCMSMessage::GetSignerCert(nsIX509Cert **scert) |
| michael@0 | 162 | { |
| michael@0 | 163 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 164 | if (isAlreadyShutDown()) |
| michael@0 | 165 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 166 | |
| michael@0 | 167 | NSSCMSSignerInfo *si = GetTopLevelSignerInfo(); |
| michael@0 | 168 | if (!si) |
| michael@0 | 169 | return NS_ERROR_FAILURE; |
| michael@0 | 170 | |
| michael@0 | 171 | if (si->cert) { |
| michael@0 | 172 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::GetSignerCert got signer cert\n")); |
| michael@0 | 173 | |
| michael@0 | 174 | *scert = nsNSSCertificate::Create(si->cert); |
| michael@0 | 175 | if (*scert) { |
| michael@0 | 176 | (*scert)->AddRef(); |
| michael@0 | 177 | } |
| michael@0 | 178 | } |
| michael@0 | 179 | else { |
| michael@0 | 180 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::GetSignerCert no signer cert, do we have a cert list? %s\n", |
| michael@0 | 181 | (si->certList ? "yes" : "no") )); |
| michael@0 | 182 | |
| michael@0 | 183 | *scert = nullptr; |
| michael@0 | 184 | } |
| michael@0 | 185 | |
| michael@0 | 186 | return NS_OK; |
| michael@0 | 187 | } |
| michael@0 | 188 | |
| michael@0 | 189 | NS_IMETHODIMP nsCMSMessage::GetEncryptionCert(nsIX509Cert **ecert) |
| michael@0 | 190 | { |
| michael@0 | 191 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 192 | if (isAlreadyShutDown()) |
| michael@0 | 193 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 194 | |
| michael@0 | 195 | return NS_ERROR_NOT_IMPLEMENTED; |
| michael@0 | 196 | } |
| michael@0 | 197 | |
| michael@0 | 198 | NS_IMETHODIMP nsCMSMessage::VerifyDetachedSignature(unsigned char* aDigestData, uint32_t aDigestDataLen) |
| michael@0 | 199 | { |
| michael@0 | 200 | if (!aDigestData || !aDigestDataLen) |
| michael@0 | 201 | return NS_ERROR_FAILURE; |
| michael@0 | 202 | |
| michael@0 | 203 | return CommonVerifySignature(aDigestData, aDigestDataLen); |
| michael@0 | 204 | } |
| michael@0 | 205 | |
| michael@0 | 206 | nsresult nsCMSMessage::CommonVerifySignature(unsigned char* aDigestData, uint32_t aDigestDataLen) |
| michael@0 | 207 | { |
| michael@0 | 208 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 209 | if (isAlreadyShutDown()) |
| michael@0 | 210 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 211 | |
| michael@0 | 212 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature, content level count %d\n", NSS_CMSMessage_ContentLevelCount(m_cmsMsg))); |
| michael@0 | 213 | NSSCMSContentInfo *cinfo = nullptr; |
| michael@0 | 214 | NSSCMSSignedData *sigd = nullptr; |
| michael@0 | 215 | NSSCMSSignerInfo *si; |
| michael@0 | 216 | int32_t nsigners; |
| michael@0 | 217 | RefPtr<SharedCertVerifier> certVerifier; |
| michael@0 | 218 | nsresult rv = NS_ERROR_FAILURE; |
| michael@0 | 219 | |
| michael@0 | 220 | if (!NSS_CMSMessage_IsSigned(m_cmsMsg)) { |
| michael@0 | 221 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - not signed\n")); |
| michael@0 | 222 | return NS_ERROR_CMS_VERIFY_NOT_SIGNED; |
| michael@0 | 223 | } |
| michael@0 | 224 | |
| michael@0 | 225 | cinfo = NSS_CMSMessage_ContentLevel(m_cmsMsg, 0); |
| michael@0 | 226 | if (cinfo) { |
| michael@0 | 227 | // I don't like this hard cast. We should check in some way, that we really have this type. |
| michael@0 | 228 | sigd = (NSSCMSSignedData*)NSS_CMSContentInfo_GetContent(cinfo); |
| michael@0 | 229 | } |
| michael@0 | 230 | |
| michael@0 | 231 | if (!sigd) { |
| michael@0 | 232 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - no content info\n")); |
| michael@0 | 233 | rv = NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO; |
| michael@0 | 234 | goto loser; |
| michael@0 | 235 | } |
| michael@0 | 236 | |
| michael@0 | 237 | if (aDigestData && aDigestDataLen) |
| michael@0 | 238 | { |
| michael@0 | 239 | SECItem digest; |
| michael@0 | 240 | digest.data = aDigestData; |
| michael@0 | 241 | digest.len = aDigestDataLen; |
| michael@0 | 242 | |
| michael@0 | 243 | if (NSS_CMSSignedData_SetDigestValue(sigd, SEC_OID_SHA1, &digest)) { |
| michael@0 | 244 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - bad digest\n")); |
| michael@0 | 245 | rv = NS_ERROR_CMS_VERIFY_BAD_DIGEST; |
| michael@0 | 246 | goto loser; |
| michael@0 | 247 | } |
| michael@0 | 248 | } |
| michael@0 | 249 | |
| michael@0 | 250 | // Import certs. Note that import failure is not a signature verification failure. // |
| michael@0 | 251 | if (NSS_CMSSignedData_ImportCerts(sigd, CERT_GetDefaultCertDB(), certUsageEmailRecipient, true) != SECSuccess) { |
| michael@0 | 252 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - can not import certs\n")); |
| michael@0 | 253 | } |
| michael@0 | 254 | |
| michael@0 | 255 | nsigners = NSS_CMSSignedData_SignerInfoCount(sigd); |
| michael@0 | 256 | PR_ASSERT(nsigners > 0); |
| michael@0 | 257 | NS_ENSURE_TRUE(nsigners > 0, NS_ERROR_UNEXPECTED); |
| michael@0 | 258 | si = NSS_CMSSignedData_GetSignerInfo(sigd, 0); |
| michael@0 | 259 | |
| michael@0 | 260 | // See bug 324474. We want to make sure the signing cert is |
| michael@0 | 261 | // still valid at the current time. |
| michael@0 | 262 | |
| michael@0 | 263 | certVerifier = GetDefaultCertVerifier(); |
| michael@0 | 264 | NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED); |
| michael@0 | 265 | |
| michael@0 | 266 | { |
| michael@0 | 267 | SECStatus srv = certVerifier->VerifyCert(si->cert, |
| michael@0 | 268 | certificateUsageEmailSigner, |
| michael@0 | 269 | PR_Now(), nullptr /*XXX pinarg*/, |
| michael@0 | 270 | nullptr /*hostname*/); |
| michael@0 | 271 | if (srv != SECSuccess) { |
| michael@0 | 272 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, |
| michael@0 | 273 | ("nsCMSMessage::CommonVerifySignature - signing cert not trusted now\n")); |
| michael@0 | 274 | rv = NS_ERROR_CMS_VERIFY_UNTRUSTED; |
| michael@0 | 275 | goto loser; |
| michael@0 | 276 | } |
| michael@0 | 277 | } |
| michael@0 | 278 | |
| michael@0 | 279 | // We verify the first signer info, only // |
| michael@0 | 280 | if (NSS_CMSSignedData_VerifySignerInfo(sigd, 0, CERT_GetDefaultCertDB(), certUsageEmailSigner) != SECSuccess) { |
| michael@0 | 281 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - unable to verify signature\n")); |
| michael@0 | 282 | |
| michael@0 | 283 | if (NSSCMSVS_SigningCertNotFound == si->verificationStatus) { |
| michael@0 | 284 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - signing cert not found\n")); |
| michael@0 | 285 | rv = NS_ERROR_CMS_VERIFY_NOCERT; |
| michael@0 | 286 | } |
| michael@0 | 287 | else if(NSSCMSVS_SigningCertNotTrusted == si->verificationStatus) { |
| michael@0 | 288 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - signing cert not trusted at signing time\n")); |
| michael@0 | 289 | rv = NS_ERROR_CMS_VERIFY_UNTRUSTED; |
| michael@0 | 290 | } |
| michael@0 | 291 | else if(NSSCMSVS_Unverified == si->verificationStatus) { |
| michael@0 | 292 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - can not verify\n")); |
| michael@0 | 293 | rv = NS_ERROR_CMS_VERIFY_ERROR_UNVERIFIED; |
| michael@0 | 294 | } |
| michael@0 | 295 | else if(NSSCMSVS_ProcessingError == si->verificationStatus) { |
| michael@0 | 296 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - processing error\n")); |
| michael@0 | 297 | rv = NS_ERROR_CMS_VERIFY_ERROR_PROCESSING; |
| michael@0 | 298 | } |
| michael@0 | 299 | else if(NSSCMSVS_BadSignature == si->verificationStatus) { |
| michael@0 | 300 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - bad signature\n")); |
| michael@0 | 301 | rv = NS_ERROR_CMS_VERIFY_BAD_SIGNATURE; |
| michael@0 | 302 | } |
| michael@0 | 303 | else if(NSSCMSVS_DigestMismatch == si->verificationStatus) { |
| michael@0 | 304 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - digest mismatch\n")); |
| michael@0 | 305 | rv = NS_ERROR_CMS_VERIFY_DIGEST_MISMATCH; |
| michael@0 | 306 | } |
| michael@0 | 307 | else if(NSSCMSVS_SignatureAlgorithmUnknown == si->verificationStatus) { |
| michael@0 | 308 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - algo unknown\n")); |
| michael@0 | 309 | rv = NS_ERROR_CMS_VERIFY_UNKNOWN_ALGO; |
| michael@0 | 310 | } |
| michael@0 | 311 | else if(NSSCMSVS_SignatureAlgorithmUnsupported == si->verificationStatus) { |
| michael@0 | 312 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - algo not supported\n")); |
| michael@0 | 313 | rv = NS_ERROR_CMS_VERIFY_UNSUPPORTED_ALGO; |
| michael@0 | 314 | } |
| michael@0 | 315 | else if(NSSCMSVS_MalformedSignature == si->verificationStatus) { |
| michael@0 | 316 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - malformed signature\n")); |
| michael@0 | 317 | rv = NS_ERROR_CMS_VERIFY_MALFORMED_SIGNATURE; |
| michael@0 | 318 | } |
| michael@0 | 319 | |
| michael@0 | 320 | goto loser; |
| michael@0 | 321 | } |
| michael@0 | 322 | |
| michael@0 | 323 | // Save the profile. Note that save import failure is not a signature verification failure. // |
| michael@0 | 324 | if (NSS_SMIMESignerInfo_SaveSMIMEProfile(si) != SECSuccess) { |
| michael@0 | 325 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - unable to save smime profile\n")); |
| michael@0 | 326 | } |
| michael@0 | 327 | |
| michael@0 | 328 | rv = NS_OK; |
| michael@0 | 329 | loser: |
| michael@0 | 330 | return rv; |
| michael@0 | 331 | } |
| michael@0 | 332 | |
| michael@0 | 333 | NS_IMETHODIMP nsCMSMessage::AsyncVerifySignature( |
| michael@0 | 334 | nsISMimeVerificationListener *aListener) |
| michael@0 | 335 | { |
| michael@0 | 336 | return CommonAsyncVerifySignature(aListener, nullptr, 0); |
| michael@0 | 337 | } |
| michael@0 | 338 | |
| michael@0 | 339 | NS_IMETHODIMP nsCMSMessage::AsyncVerifyDetachedSignature( |
| michael@0 | 340 | nsISMimeVerificationListener *aListener, |
| michael@0 | 341 | unsigned char* aDigestData, uint32_t aDigestDataLen) |
| michael@0 | 342 | { |
| michael@0 | 343 | if (!aDigestData || !aDigestDataLen) |
| michael@0 | 344 | return NS_ERROR_FAILURE; |
| michael@0 | 345 | |
| michael@0 | 346 | return CommonAsyncVerifySignature(aListener, aDigestData, aDigestDataLen); |
| michael@0 | 347 | } |
| michael@0 | 348 | |
| michael@0 | 349 | nsresult nsCMSMessage::CommonAsyncVerifySignature(nsISMimeVerificationListener *aListener, |
| michael@0 | 350 | unsigned char* aDigestData, uint32_t aDigestDataLen) |
| michael@0 | 351 | { |
| michael@0 | 352 | nsSMimeVerificationJob *job = new nsSMimeVerificationJob; |
| michael@0 | 353 | |
| michael@0 | 354 | if (aDigestData) |
| michael@0 | 355 | { |
| michael@0 | 356 | job->digest_data = new unsigned char[aDigestDataLen]; |
| michael@0 | 357 | memcpy(job->digest_data, aDigestData, aDigestDataLen); |
| michael@0 | 358 | } |
| michael@0 | 359 | else |
| michael@0 | 360 | { |
| michael@0 | 361 | job->digest_data = nullptr; |
| michael@0 | 362 | } |
| michael@0 | 363 | |
| michael@0 | 364 | job->digest_len = aDigestDataLen; |
| michael@0 | 365 | job->mMessage = this; |
| michael@0 | 366 | job->mListener = aListener; |
| michael@0 | 367 | |
| michael@0 | 368 | nsresult rv = nsCertVerificationThread::addJob(job); |
| michael@0 | 369 | if (NS_FAILED(rv)) |
| michael@0 | 370 | delete job; |
| michael@0 | 371 | |
| michael@0 | 372 | return rv; |
| michael@0 | 373 | } |
| michael@0 | 374 | |
| michael@0 | 375 | class nsZeroTerminatedCertArray : public nsNSSShutDownObject |
| michael@0 | 376 | { |
| michael@0 | 377 | public: |
| michael@0 | 378 | nsZeroTerminatedCertArray() |
| michael@0 | 379 | :mCerts(nullptr), mPoolp(nullptr), mSize(0) |
| michael@0 | 380 | { |
| michael@0 | 381 | } |
| michael@0 | 382 | |
| michael@0 | 383 | ~nsZeroTerminatedCertArray() |
| michael@0 | 384 | { |
| michael@0 | 385 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 386 | if (isAlreadyShutDown()) { |
| michael@0 | 387 | return; |
| michael@0 | 388 | } |
| michael@0 | 389 | destructorSafeDestroyNSSReference(); |
| michael@0 | 390 | shutdown(calledFromObject); |
| michael@0 | 391 | } |
| michael@0 | 392 | |
| michael@0 | 393 | void virtualDestroyNSSReference() |
| michael@0 | 394 | { |
| michael@0 | 395 | destructorSafeDestroyNSSReference(); |
| michael@0 | 396 | } |
| michael@0 | 397 | |
| michael@0 | 398 | void destructorSafeDestroyNSSReference() |
| michael@0 | 399 | { |
| michael@0 | 400 | if (mCerts) |
| michael@0 | 401 | { |
| michael@0 | 402 | for (uint32_t i=0; i < mSize; i++) { |
| michael@0 | 403 | if (mCerts[i]) { |
| michael@0 | 404 | CERT_DestroyCertificate(mCerts[i]); |
| michael@0 | 405 | } |
| michael@0 | 406 | } |
| michael@0 | 407 | } |
| michael@0 | 408 | |
| michael@0 | 409 | if (mPoolp) |
| michael@0 | 410 | PORT_FreeArena(mPoolp, false); |
| michael@0 | 411 | } |
| michael@0 | 412 | |
| michael@0 | 413 | bool allocate(uint32_t count) |
| michael@0 | 414 | { |
| michael@0 | 415 | // only allow allocation once |
| michael@0 | 416 | if (mPoolp) |
| michael@0 | 417 | return false; |
| michael@0 | 418 | |
| michael@0 | 419 | mSize = count; |
| michael@0 | 420 | |
| michael@0 | 421 | if (!mSize) |
| michael@0 | 422 | return false; |
| michael@0 | 423 | |
| michael@0 | 424 | mPoolp = PORT_NewArena(1024); |
| michael@0 | 425 | if (!mPoolp) |
| michael@0 | 426 | return false; |
| michael@0 | 427 | |
| michael@0 | 428 | mCerts = (CERTCertificate**)PORT_ArenaZAlloc( |
| michael@0 | 429 | mPoolp, (count+1)*sizeof(CERTCertificate*)); |
| michael@0 | 430 | |
| michael@0 | 431 | if (!mCerts) |
| michael@0 | 432 | return false; |
| michael@0 | 433 | |
| michael@0 | 434 | // null array, including zero termination |
| michael@0 | 435 | for (uint32_t i = 0; i < count+1; i++) { |
| michael@0 | 436 | mCerts[i] = nullptr; |
| michael@0 | 437 | } |
| michael@0 | 438 | |
| michael@0 | 439 | return true; |
| michael@0 | 440 | } |
| michael@0 | 441 | |
| michael@0 | 442 | void set(uint32_t i, CERTCertificate *c) |
| michael@0 | 443 | { |
| michael@0 | 444 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 445 | if (isAlreadyShutDown()) |
| michael@0 | 446 | return; |
| michael@0 | 447 | |
| michael@0 | 448 | if (i >= mSize) |
| michael@0 | 449 | return; |
| michael@0 | 450 | |
| michael@0 | 451 | if (mCerts[i]) { |
| michael@0 | 452 | CERT_DestroyCertificate(mCerts[i]); |
| michael@0 | 453 | } |
| michael@0 | 454 | |
| michael@0 | 455 | mCerts[i] = CERT_DupCertificate(c); |
| michael@0 | 456 | } |
| michael@0 | 457 | |
| michael@0 | 458 | CERTCertificate *get(uint32_t i) |
| michael@0 | 459 | { |
| michael@0 | 460 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 461 | if (isAlreadyShutDown()) |
| michael@0 | 462 | return nullptr; |
| michael@0 | 463 | |
| michael@0 | 464 | if (i >= mSize) |
| michael@0 | 465 | return nullptr; |
| michael@0 | 466 | |
| michael@0 | 467 | return CERT_DupCertificate(mCerts[i]); |
| michael@0 | 468 | } |
| michael@0 | 469 | |
| michael@0 | 470 | CERTCertificate **getRawArray() |
| michael@0 | 471 | { |
| michael@0 | 472 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 473 | if (isAlreadyShutDown()) |
| michael@0 | 474 | return nullptr; |
| michael@0 | 475 | |
| michael@0 | 476 | return mCerts; |
| michael@0 | 477 | } |
| michael@0 | 478 | |
| michael@0 | 479 | private: |
| michael@0 | 480 | CERTCertificate **mCerts; |
| michael@0 | 481 | PLArenaPool *mPoolp; |
| michael@0 | 482 | uint32_t mSize; |
| michael@0 | 483 | }; |
| michael@0 | 484 | |
| michael@0 | 485 | NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsIArray * aRecipientCerts) |
| michael@0 | 486 | { |
| michael@0 | 487 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 488 | if (isAlreadyShutDown()) |
| michael@0 | 489 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 490 | |
| michael@0 | 491 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted\n")); |
| michael@0 | 492 | NSSCMSContentInfo *cinfo; |
| michael@0 | 493 | NSSCMSEnvelopedData *envd; |
| michael@0 | 494 | NSSCMSRecipientInfo *recipientInfo; |
| michael@0 | 495 | nsZeroTerminatedCertArray recipientCerts; |
| michael@0 | 496 | SECOidTag bulkAlgTag; |
| michael@0 | 497 | int keySize; |
| michael@0 | 498 | uint32_t i; |
| michael@0 | 499 | nsCOMPtr<nsIX509Cert2> nssRecipientCert; |
| michael@0 | 500 | nsresult rv = NS_ERROR_FAILURE; |
| michael@0 | 501 | |
| michael@0 | 502 | // Check the recipient certificates // |
| michael@0 | 503 | uint32_t recipientCertCount; |
| michael@0 | 504 | aRecipientCerts->GetLength(&recipientCertCount); |
| michael@0 | 505 | PR_ASSERT(recipientCertCount > 0); |
| michael@0 | 506 | |
| michael@0 | 507 | if (!recipientCerts.allocate(recipientCertCount)) { |
| michael@0 | 508 | goto loser; |
| michael@0 | 509 | } |
| michael@0 | 510 | |
| michael@0 | 511 | for (i=0; i<recipientCertCount; i++) { |
| michael@0 | 512 | nsCOMPtr<nsIX509Cert> x509cert = do_QueryElementAt(aRecipientCerts, i); |
| michael@0 | 513 | |
| michael@0 | 514 | nssRecipientCert = do_QueryInterface(x509cert); |
| michael@0 | 515 | |
| michael@0 | 516 | if (!nssRecipientCert) |
| michael@0 | 517 | return NS_ERROR_FAILURE; |
| michael@0 | 518 | |
| michael@0 | 519 | mozilla::pkix::ScopedCERTCertificate c(nssRecipientCert->GetCert()); |
| michael@0 | 520 | recipientCerts.set(i, c.get()); |
| michael@0 | 521 | } |
| michael@0 | 522 | |
| michael@0 | 523 | // Find a bulk key algorithm // |
| michael@0 | 524 | if (NSS_SMIMEUtil_FindBulkAlgForRecipients(recipientCerts.getRawArray(), &bulkAlgTag, |
| michael@0 | 525 | &keySize) != SECSuccess) { |
| michael@0 | 526 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't find bulk alg for recipients\n")); |
| michael@0 | 527 | rv = NS_ERROR_CMS_ENCRYPT_NO_BULK_ALG; |
| michael@0 | 528 | goto loser; |
| michael@0 | 529 | } |
| michael@0 | 530 | |
| michael@0 | 531 | m_cmsMsg = NSS_CMSMessage_Create(nullptr); |
| michael@0 | 532 | if (!m_cmsMsg) { |
| michael@0 | 533 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create new cms message\n")); |
| michael@0 | 534 | rv = NS_ERROR_OUT_OF_MEMORY; |
| michael@0 | 535 | goto loser; |
| michael@0 | 536 | } |
| michael@0 | 537 | |
| michael@0 | 538 | if ((envd = NSS_CMSEnvelopedData_Create(m_cmsMsg, bulkAlgTag, keySize)) == nullptr) { |
| michael@0 | 539 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create enveloped data\n")); |
| michael@0 | 540 | goto loser; |
| michael@0 | 541 | } |
| michael@0 | 542 | |
| michael@0 | 543 | cinfo = NSS_CMSMessage_GetContentInfo(m_cmsMsg); |
| michael@0 | 544 | if (NSS_CMSContentInfo_SetContent_EnvelopedData(m_cmsMsg, cinfo, envd) != SECSuccess) { |
| michael@0 | 545 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create content enveloped data\n")); |
| michael@0 | 546 | goto loser; |
| michael@0 | 547 | } |
| michael@0 | 548 | |
| michael@0 | 549 | cinfo = NSS_CMSEnvelopedData_GetContentInfo(envd); |
| michael@0 | 550 | if (NSS_CMSContentInfo_SetContent_Data(m_cmsMsg, cinfo, nullptr, false) != SECSuccess) { |
| michael@0 | 551 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't set content data\n")); |
| michael@0 | 552 | goto loser; |
| michael@0 | 553 | } |
| michael@0 | 554 | |
| michael@0 | 555 | // Create and attach recipient information // |
| michael@0 | 556 | for (i=0; i < recipientCertCount; i++) { |
| michael@0 | 557 | mozilla::pkix::ScopedCERTCertificate rc(recipientCerts.get(i)); |
| michael@0 | 558 | if ((recipientInfo = NSS_CMSRecipientInfo_Create(m_cmsMsg, rc.get())) == nullptr) { |
| michael@0 | 559 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create recipient info\n")); |
| michael@0 | 560 | goto loser; |
| michael@0 | 561 | } |
| michael@0 | 562 | if (NSS_CMSEnvelopedData_AddRecipient(envd, recipientInfo) != SECSuccess) { |
| michael@0 | 563 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't add recipient info\n")); |
| michael@0 | 564 | goto loser; |
| michael@0 | 565 | } |
| michael@0 | 566 | } |
| michael@0 | 567 | |
| michael@0 | 568 | return NS_OK; |
| michael@0 | 569 | loser: |
| michael@0 | 570 | if (m_cmsMsg) { |
| michael@0 | 571 | NSS_CMSMessage_Destroy(m_cmsMsg); |
| michael@0 | 572 | m_cmsMsg = nullptr; |
| michael@0 | 573 | } |
| michael@0 | 574 | |
| michael@0 | 575 | return rv; |
| michael@0 | 576 | } |
| michael@0 | 577 | |
| michael@0 | 578 | NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert* aEncryptCert, unsigned char* aDigestData, uint32_t aDigestDataLen) |
| michael@0 | 579 | { |
| michael@0 | 580 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 581 | if (isAlreadyShutDown()) |
| michael@0 | 582 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 583 | |
| michael@0 | 584 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned\n")); |
| michael@0 | 585 | NSSCMSContentInfo *cinfo; |
| michael@0 | 586 | NSSCMSSignedData *sigd; |
| michael@0 | 587 | NSSCMSSignerInfo *signerinfo; |
| michael@0 | 588 | mozilla::pkix::ScopedCERTCertificate scert; |
| michael@0 | 589 | mozilla::pkix::ScopedCERTCertificate ecert; |
| michael@0 | 590 | nsCOMPtr<nsIX509Cert2> aSigningCert2 = do_QueryInterface(aSigningCert); |
| michael@0 | 591 | nsresult rv = NS_ERROR_FAILURE; |
| michael@0 | 592 | |
| michael@0 | 593 | /* Get the certs */ |
| michael@0 | 594 | if (aSigningCert2) { |
| michael@0 | 595 | scert = aSigningCert2->GetCert(); |
| michael@0 | 596 | } |
| michael@0 | 597 | if (!scert) { |
| michael@0 | 598 | return NS_ERROR_FAILURE; |
| michael@0 | 599 | } |
| michael@0 | 600 | |
| michael@0 | 601 | if (aEncryptCert) { |
| michael@0 | 602 | nsCOMPtr<nsIX509Cert2> aEncryptCert2 = do_QueryInterface(aEncryptCert); |
| michael@0 | 603 | if (aEncryptCert2) { |
| michael@0 | 604 | ecert = aEncryptCert2->GetCert(); |
| michael@0 | 605 | } |
| michael@0 | 606 | } |
| michael@0 | 607 | |
| michael@0 | 608 | /* |
| michael@0 | 609 | * create the message object |
| michael@0 | 610 | */ |
| michael@0 | 611 | m_cmsMsg = NSS_CMSMessage_Create(nullptr); /* create a message on its own pool */ |
| michael@0 | 612 | if (!m_cmsMsg) { |
| michael@0 | 613 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create new message\n")); |
| michael@0 | 614 | rv = NS_ERROR_OUT_OF_MEMORY; |
| michael@0 | 615 | goto loser; |
| michael@0 | 616 | } |
| michael@0 | 617 | |
| michael@0 | 618 | /* |
| michael@0 | 619 | * build chain of objects: message->signedData->data |
| michael@0 | 620 | */ |
| michael@0 | 621 | if ((sigd = NSS_CMSSignedData_Create(m_cmsMsg)) == nullptr) { |
| michael@0 | 622 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create signed data\n")); |
| michael@0 | 623 | goto loser; |
| michael@0 | 624 | } |
| michael@0 | 625 | cinfo = NSS_CMSMessage_GetContentInfo(m_cmsMsg); |
| michael@0 | 626 | if (NSS_CMSContentInfo_SetContent_SignedData(m_cmsMsg, cinfo, sigd) |
| michael@0 | 627 | != SECSuccess) { |
| michael@0 | 628 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't set content signed data\n")); |
| michael@0 | 629 | goto loser; |
| michael@0 | 630 | } |
| michael@0 | 631 | |
| michael@0 | 632 | cinfo = NSS_CMSSignedData_GetContentInfo(sigd); |
| michael@0 | 633 | |
| michael@0 | 634 | /* we're always passing data in and detaching optionally */ |
| michael@0 | 635 | if (NSS_CMSContentInfo_SetContent_Data(m_cmsMsg, cinfo, nullptr, true) |
| michael@0 | 636 | != SECSuccess) { |
| michael@0 | 637 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't set content data\n")); |
| michael@0 | 638 | goto loser; |
| michael@0 | 639 | } |
| michael@0 | 640 | |
| michael@0 | 641 | /* |
| michael@0 | 642 | * create & attach signer information |
| michael@0 | 643 | */ |
| michael@0 | 644 | if ((signerinfo = NSS_CMSSignerInfo_Create(m_cmsMsg, scert.get(), SEC_OID_SHA1)) |
| michael@0 | 645 | == nullptr) { |
| michael@0 | 646 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create signer info\n")); |
| michael@0 | 647 | goto loser; |
| michael@0 | 648 | } |
| michael@0 | 649 | |
| michael@0 | 650 | /* we want the cert chain included for this one */ |
| michael@0 | 651 | if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChain, |
| michael@0 | 652 | certUsageEmailSigner) |
| michael@0 | 653 | != SECSuccess) { |
| michael@0 | 654 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't include signer cert chain\n")); |
| michael@0 | 655 | goto loser; |
| michael@0 | 656 | } |
| michael@0 | 657 | |
| michael@0 | 658 | if (NSS_CMSSignerInfo_AddSigningTime(signerinfo, PR_Now()) |
| michael@0 | 659 | != SECSuccess) { |
| michael@0 | 660 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add signing time\n")); |
| michael@0 | 661 | goto loser; |
| michael@0 | 662 | } |
| michael@0 | 663 | |
| michael@0 | 664 | if (NSS_CMSSignerInfo_AddSMIMECaps(signerinfo) != SECSuccess) { |
| michael@0 | 665 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add smime caps\n")); |
| michael@0 | 666 | goto loser; |
| michael@0 | 667 | } |
| michael@0 | 668 | |
| michael@0 | 669 | if (ecert) { |
| michael@0 | 670 | if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ecert.get(), |
| michael@0 | 671 | CERT_GetDefaultCertDB()) |
| michael@0 | 672 | != SECSuccess) { |
| michael@0 | 673 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add smime enc key prefs\n")); |
| michael@0 | 674 | goto loser; |
| michael@0 | 675 | } |
| michael@0 | 676 | |
| michael@0 | 677 | if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ecert.get(), |
| michael@0 | 678 | CERT_GetDefaultCertDB()) |
| michael@0 | 679 | != SECSuccess) { |
| michael@0 | 680 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add MS smime enc key prefs\n")); |
| michael@0 | 681 | goto loser; |
| michael@0 | 682 | } |
| michael@0 | 683 | |
| michael@0 | 684 | // If signing and encryption cert are identical, don't add it twice. |
| michael@0 | 685 | bool addEncryptionCert = |
| michael@0 | 686 | (ecert && (!scert || !CERT_CompareCerts(ecert.get(), scert.get()))); |
| michael@0 | 687 | |
| michael@0 | 688 | if (addEncryptionCert && |
| michael@0 | 689 | NSS_CMSSignedData_AddCertificate(sigd, ecert.get()) != SECSuccess) { |
| michael@0 | 690 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add own encryption certificate\n")); |
| michael@0 | 691 | goto loser; |
| michael@0 | 692 | } |
| michael@0 | 693 | } |
| michael@0 | 694 | |
| michael@0 | 695 | if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) { |
| michael@0 | 696 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add signer info\n")); |
| michael@0 | 697 | goto loser; |
| michael@0 | 698 | } |
| michael@0 | 699 | |
| michael@0 | 700 | // Finally, add the pre-computed digest if passed in |
| michael@0 | 701 | if (aDigestData) { |
| michael@0 | 702 | SECItem digest; |
| michael@0 | 703 | |
| michael@0 | 704 | digest.data = aDigestData; |
| michael@0 | 705 | digest.len = aDigestDataLen; |
| michael@0 | 706 | |
| michael@0 | 707 | if (NSS_CMSSignedData_SetDigestValue(sigd, SEC_OID_SHA1, &digest)) { |
| michael@0 | 708 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't set digest value\n")); |
| michael@0 | 709 | goto loser; |
| michael@0 | 710 | } |
| michael@0 | 711 | } |
| michael@0 | 712 | |
| michael@0 | 713 | return NS_OK; |
| michael@0 | 714 | loser: |
| michael@0 | 715 | if (m_cmsMsg) { |
| michael@0 | 716 | NSS_CMSMessage_Destroy(m_cmsMsg); |
| michael@0 | 717 | m_cmsMsg = nullptr; |
| michael@0 | 718 | } |
| michael@0 | 719 | return rv; |
| michael@0 | 720 | } |
| michael@0 | 721 | |
| michael@0 | 722 | NS_IMPL_ISUPPORTS(nsCMSDecoder, nsICMSDecoder) |
| michael@0 | 723 | |
| michael@0 | 724 | nsCMSDecoder::nsCMSDecoder() |
| michael@0 | 725 | : m_dcx(nullptr) |
| michael@0 | 726 | { |
| michael@0 | 727 | } |
| michael@0 | 728 | |
| michael@0 | 729 | nsCMSDecoder::~nsCMSDecoder() |
| michael@0 | 730 | { |
| michael@0 | 731 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 732 | if (isAlreadyShutDown()) { |
| michael@0 | 733 | return; |
| michael@0 | 734 | } |
| michael@0 | 735 | destructorSafeDestroyNSSReference(); |
| michael@0 | 736 | shutdown(calledFromObject); |
| michael@0 | 737 | } |
| michael@0 | 738 | |
| michael@0 | 739 | void nsCMSDecoder::virtualDestroyNSSReference() |
| michael@0 | 740 | { |
| michael@0 | 741 | destructorSafeDestroyNSSReference(); |
| michael@0 | 742 | } |
| michael@0 | 743 | |
| michael@0 | 744 | void nsCMSDecoder::destructorSafeDestroyNSSReference() |
| michael@0 | 745 | { |
| michael@0 | 746 | if (m_dcx) { |
| michael@0 | 747 | NSS_CMSDecoder_Cancel(m_dcx); |
| michael@0 | 748 | m_dcx = nullptr; |
| michael@0 | 749 | } |
| michael@0 | 750 | } |
| michael@0 | 751 | |
| michael@0 | 752 | /* void start (in NSSCMSContentCallback cb, in voidPtr arg); */ |
| michael@0 | 753 | NS_IMETHODIMP nsCMSDecoder::Start(NSSCMSContentCallback cb, void * arg) |
| michael@0 | 754 | { |
| michael@0 | 755 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 756 | if (isAlreadyShutDown()) |
| michael@0 | 757 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 758 | |
| michael@0 | 759 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSDecoder::Start\n")); |
| michael@0 | 760 | m_ctx = new PipUIContext(); |
| michael@0 | 761 | |
| michael@0 | 762 | m_dcx = NSS_CMSDecoder_Start(0, cb, arg, 0, m_ctx, 0, 0); |
| michael@0 | 763 | if (!m_dcx) { |
| michael@0 | 764 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSDecoder::Start - can't start decoder\n")); |
| michael@0 | 765 | return NS_ERROR_FAILURE; |
| michael@0 | 766 | } |
| michael@0 | 767 | return NS_OK; |
| michael@0 | 768 | } |
| michael@0 | 769 | |
| michael@0 | 770 | /* void update (in string bug, in long len); */ |
| michael@0 | 771 | NS_IMETHODIMP nsCMSDecoder::Update(const char *buf, int32_t len) |
| michael@0 | 772 | { |
| michael@0 | 773 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 774 | if (isAlreadyShutDown()) |
| michael@0 | 775 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 776 | |
| michael@0 | 777 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSDecoder::Update\n")); |
| michael@0 | 778 | NSS_CMSDecoder_Update(m_dcx, (char *)buf, len); |
| michael@0 | 779 | return NS_OK; |
| michael@0 | 780 | } |
| michael@0 | 781 | |
| michael@0 | 782 | /* void finish (); */ |
| michael@0 | 783 | NS_IMETHODIMP nsCMSDecoder::Finish(nsICMSMessage ** aCMSMsg) |
| michael@0 | 784 | { |
| michael@0 | 785 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 786 | if (isAlreadyShutDown()) |
| michael@0 | 787 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 788 | |
| michael@0 | 789 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSDecoder::Finish\n")); |
| michael@0 | 790 | NSSCMSMessage *cmsMsg; |
| michael@0 | 791 | cmsMsg = NSS_CMSDecoder_Finish(m_dcx); |
| michael@0 | 792 | m_dcx = nullptr; |
| michael@0 | 793 | if (cmsMsg) { |
| michael@0 | 794 | nsCMSMessage *obj = new nsCMSMessage(cmsMsg); |
| michael@0 | 795 | // The NSS object cmsMsg still carries a reference to the context |
| michael@0 | 796 | // we gave it on construction. |
| michael@0 | 797 | // Make sure the context will live long enough. |
| michael@0 | 798 | obj->referenceContext(m_ctx); |
| michael@0 | 799 | *aCMSMsg = obj; |
| michael@0 | 800 | NS_ADDREF(*aCMSMsg); |
| michael@0 | 801 | } |
| michael@0 | 802 | return NS_OK; |
| michael@0 | 803 | } |
| michael@0 | 804 | |
| michael@0 | 805 | NS_IMPL_ISUPPORTS(nsCMSEncoder, nsICMSEncoder) |
| michael@0 | 806 | |
| michael@0 | 807 | nsCMSEncoder::nsCMSEncoder() |
| michael@0 | 808 | : m_ecx(nullptr) |
| michael@0 | 809 | { |
| michael@0 | 810 | } |
| michael@0 | 811 | |
| michael@0 | 812 | nsCMSEncoder::~nsCMSEncoder() |
| michael@0 | 813 | { |
| michael@0 | 814 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 815 | if (isAlreadyShutDown()) { |
| michael@0 | 816 | return; |
| michael@0 | 817 | } |
| michael@0 | 818 | destructorSafeDestroyNSSReference(); |
| michael@0 | 819 | shutdown(calledFromObject); |
| michael@0 | 820 | } |
| michael@0 | 821 | |
| michael@0 | 822 | void nsCMSEncoder::virtualDestroyNSSReference() |
| michael@0 | 823 | { |
| michael@0 | 824 | destructorSafeDestroyNSSReference(); |
| michael@0 | 825 | } |
| michael@0 | 826 | |
| michael@0 | 827 | void nsCMSEncoder::destructorSafeDestroyNSSReference() |
| michael@0 | 828 | { |
| michael@0 | 829 | if (m_ecx) |
| michael@0 | 830 | NSS_CMSEncoder_Cancel(m_ecx); |
| michael@0 | 831 | } |
| michael@0 | 832 | |
| michael@0 | 833 | /* void start (); */ |
| michael@0 | 834 | NS_IMETHODIMP nsCMSEncoder::Start(nsICMSMessage *aMsg, NSSCMSContentCallback cb, void * arg) |
| michael@0 | 835 | { |
| michael@0 | 836 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 837 | if (isAlreadyShutDown()) |
| michael@0 | 838 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 839 | |
| michael@0 | 840 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Start\n")); |
| michael@0 | 841 | nsCMSMessage *cmsMsg = static_cast<nsCMSMessage*>(aMsg); |
| michael@0 | 842 | m_ctx = new PipUIContext(); |
| michael@0 | 843 | |
| michael@0 | 844 | m_ecx = NSS_CMSEncoder_Start(cmsMsg->getCMS(), cb, arg, 0, 0, 0, m_ctx, 0, 0, 0, 0); |
| michael@0 | 845 | if (!m_ecx) { |
| michael@0 | 846 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Start - can't start encoder\n")); |
| michael@0 | 847 | return NS_ERROR_FAILURE; |
| michael@0 | 848 | } |
| michael@0 | 849 | return NS_OK; |
| michael@0 | 850 | } |
| michael@0 | 851 | |
| michael@0 | 852 | /* void update (in string aBuf, in long aLen); */ |
| michael@0 | 853 | NS_IMETHODIMP nsCMSEncoder::Update(const char *aBuf, int32_t aLen) |
| michael@0 | 854 | { |
| michael@0 | 855 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 856 | if (isAlreadyShutDown()) |
| michael@0 | 857 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 858 | |
| michael@0 | 859 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Update\n")); |
| michael@0 | 860 | if (!m_ecx || NSS_CMSEncoder_Update(m_ecx, aBuf, aLen) != SECSuccess) { |
| michael@0 | 861 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Update - can't update encoder\n")); |
| michael@0 | 862 | return NS_ERROR_FAILURE; |
| michael@0 | 863 | } |
| michael@0 | 864 | return NS_OK; |
| michael@0 | 865 | } |
| michael@0 | 866 | |
| michael@0 | 867 | /* void finish (); */ |
| michael@0 | 868 | NS_IMETHODIMP nsCMSEncoder::Finish() |
| michael@0 | 869 | { |
| michael@0 | 870 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 871 | if (isAlreadyShutDown()) |
| michael@0 | 872 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 873 | |
| michael@0 | 874 | nsresult rv = NS_OK; |
| michael@0 | 875 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Finish\n")); |
| michael@0 | 876 | if (!m_ecx || NSS_CMSEncoder_Finish(m_ecx) != SECSuccess) { |
| michael@0 | 877 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Finish - can't finish encoder\n")); |
| michael@0 | 878 | rv = NS_ERROR_FAILURE; |
| michael@0 | 879 | } |
| michael@0 | 880 | m_ecx = nullptr; |
| michael@0 | 881 | return rv; |
| michael@0 | 882 | } |
| michael@0 | 883 | |
| michael@0 | 884 | /* void encode (in nsICMSMessage aMsg); */ |
| michael@0 | 885 | NS_IMETHODIMP nsCMSEncoder::Encode(nsICMSMessage *aMsg) |
| michael@0 | 886 | { |
| michael@0 | 887 | nsNSSShutDownPreventionLock locker; |
| michael@0 | 888 | if (isAlreadyShutDown()) |
| michael@0 | 889 | return NS_ERROR_NOT_AVAILABLE; |
| michael@0 | 890 | |
| michael@0 | 891 | PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSEncoder::Encode\n")); |
| michael@0 | 892 | return NS_ERROR_NOT_IMPLEMENTED; |
| michael@0 | 893 | } |
