michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: /* $Id: nsPKCS12Blob.h,v 1.16 2006/04/12 15:43:32 benjamin%smedbergs.us Exp $ */ michael@0: michael@0: #ifndef _NS_PKCS12BLOB_H_ michael@0: #define _NS_PKCS12BLOB_H_ michael@0: michael@0: #include "nsCOMPtr.h" michael@0: #include "nsString.h" michael@0: #include "nsIFile.h" michael@0: #include "nsIPK11TokenDB.h" michael@0: #include "nsNSSHelper.h" michael@0: #include "nsIPK11Token.h" michael@0: #include "nsIMutableArray.h" michael@0: michael@0: #include "nss.h" michael@0: michael@0: #include "pkcs12.h" michael@0: #include "p12plcy.h" michael@0: michael@0: class nsIX509Cert; michael@0: michael@0: // michael@0: // nsPKCS12Blob michael@0: // michael@0: // Class for importing/exporting PKCS#12 blobs michael@0: // michael@0: class nsPKCS12Blob michael@0: { michael@0: public: michael@0: nsPKCS12Blob(); michael@0: virtual ~nsPKCS12Blob(); michael@0: michael@0: // Set the token to use (default is internal) michael@0: nsresult SetToken(nsIPK11Token *token); michael@0: michael@0: // PKCS#12 Import michael@0: nsresult ImportFromFile(nsIFile *file); michael@0: michael@0: // PKCS#12 Export michael@0: nsresult ExportToFile(nsIFile *file, nsIX509Cert **certs, int numCerts); michael@0: michael@0: private: michael@0: michael@0: nsCOMPtr mToken; michael@0: nsCOMPtr mCertArray; michael@0: nsCOMPtr mUIContext; michael@0: michael@0: // local helper functions michael@0: nsresult getPKCS12FilePassword(SECItem *); michael@0: nsresult newPKCS12FilePassword(SECItem *); michael@0: nsresult inputToDecoder(SEC_PKCS12DecoderContext *, nsIFile *); michael@0: void unicodeToItem(const char16_t *, SECItem *); michael@0: void handleError(int myerr = 0); michael@0: michael@0: // RetryReason and ImportMode are used when importing a PKCS12 file. michael@0: // There are two reasons that cause us to retry: michael@0: // - When the password entered by the user is incorrect. michael@0: // The user will be prompted to try again. michael@0: // - When the user entered a zero length password. michael@0: // An empty password should be represented as an empty michael@0: // string (a SECItem that contains a single terminating michael@0: // null UTF16 character), but some applications use a michael@0: // zero length SECItem. michael@0: // We try both variations, zero length item and empty string, michael@0: // without giving a user prompt when trying the different empty password flavors. michael@0: michael@0: enum RetryReason { rr_do_not_retry, rr_bad_password, rr_auto_retry_empty_password_flavors }; michael@0: enum ImportMode { im_standard_prompt, im_try_zero_length_secitem }; michael@0: michael@0: nsresult ImportFromFileHelper(nsIFile *file, ImportMode aImportMode, RetryReason &aWantRetry); michael@0: michael@0: // NSPR file I/O for export file michael@0: PRFileDesc *mTmpFile; michael@0: michael@0: // simulated file I/O for "in memory" temporary digest data michael@0: nsCString *mDigest; michael@0: nsCString::const_iterator *mDigestIterator; michael@0: michael@0: bool mTokenSet; michael@0: michael@0: // C-style callback functions for the NSS PKCS#12 library michael@0: static SECStatus digest_open(void *, PRBool); michael@0: static SECStatus digest_close(void *, PRBool); michael@0: static int digest_read(void *, unsigned char *, unsigned long); michael@0: static int digest_write(void *, unsigned char *, unsigned long); michael@0: static SECItem * nickname_collision(SECItem *, PRBool *, void *); michael@0: static void write_export_file(void *arg, const char *buf, unsigned long len); michael@0: michael@0: }; michael@0: michael@0: #endif /* _NS_PKCS12BLOB_H_ */