LCOV - code coverage report
Current view: directory - security/manager/ssl/src - nsCMSSecureMessage.cpp (source / functions) Found Hit Coverage
Test: app.info Lines: 170 0 0.0 %
Date: 2012-06-02 Functions: 12 0 0.0 %

       1                 : /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
       2                 : /* ***** BEGIN LICENSE BLOCK *****
       3                 :  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
       4                 :  *
       5                 :  * The contents of this file are subject to the Mozilla Public License Version
       6                 :  * 1.1 (the "License"); you may not use this file except in compliance with
       7                 :  * the License. You may obtain a copy of the License at
       8                 :  * http://www.mozilla.org/MPL/
       9                 :  *
      10                 :  * Software distributed under the License is distributed on an "AS IS" basis,
      11                 :  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
      12                 :  * for the specific language governing rights and limitations under the
      13                 :  * License.
      14                 :  *
      15                 :  * The Original Code is Mozilla Communicator.
      16                 :  *
      17                 :  * The Initial Developer of the Original Code is
      18                 :  * Netscape Communications Corp..
      19                 :  * Portions created by the Initial Developer are Copyright (C) 2001
      20                 :  * the Initial Developer. All Rights Reserved.
      21                 :  *
      22                 :  * Contributor(s): Terry Hayes <thayes@netscape.com>
      23                 :  *
      24                 :  * Alternatively, the contents of this file may be used under the terms of
      25                 :  * either the GNU General Public License Version 2 or later (the "GPL"), or
      26                 :  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
      27                 :  * in which case the provisions of the GPL or the LGPL are applicable instead
      28                 :  * of those above. If you wish to allow use of your version of this file only
      29                 :  * under the terms of either the GPL or the LGPL, and not to allow others to
      30                 :  * use your version of this file under the terms of the MPL, indicate your
      31                 :  * decision by deleting the provisions above and replace them with the notice
      32                 :  * and other provisions required by the GPL or the LGPL. If you do not delete
      33                 :  * the provisions above, a recipient may use your version of this file under
      34                 :  * the terms of any one of the MPL, the GPL or the LGPL.
      35                 :  *
      36                 :  * ***** END LICENSE BLOCK ***** */
      37                 : 
      38                 : #include "nsMemory.h"
      39                 : #include "nsXPIDLString.h"
      40                 : #include "nsCOMPtr.h"
      41                 : #include "nsISupports.h"
      42                 : #include "nsIInterfaceRequestor.h"
      43                 : #include "nsCRT.h"
      44                 : 
      45                 : #include "nsICMSSecureMessage.h"
      46                 : 
      47                 : #include "nsCMSSecureMessage.h"
      48                 : #include "nsNSSCertificate.h"
      49                 : #include "nsNSSHelper.h"
      50                 : #include "nsNSSShutDown.h"
      51                 : 
      52                 : #include <string.h>
      53                 : #include "plbase64.h"
      54                 : #include "cert.h"
      55                 : #include "cms.h"
      56                 : 
      57                 : #include "nsIServiceManager.h"
      58                 : #include "nsIPrefService.h"
      59                 : #include "nsIPrefBranch.h"
      60                 : 
      61                 : #include "prlog.h"
      62                 : #ifdef PR_LOGGING
      63                 : extern PRLogModuleInfo* gPIPNSSLog;
      64                 : #endif
      65                 : 
      66                 : // Standard ISupports implementation
      67                 : // NOTE: Should these be the thread-safe versions?
      68                 : 
      69                 : /*****
      70                 :  * nsCMSSecureMessage
      71                 :  *****/
      72                 : 
      73                 : // Standard ISupports implementation
      74               0 : NS_IMPL_ISUPPORTS1(nsCMSSecureMessage, nsICMSSecureMessage)
      75                 : 
      76                 : // nsCMSSecureMessage constructor
      77               0 : nsCMSSecureMessage::nsCMSSecureMessage()
      78                 : {
      79                 :   // initialize superclass
      80               0 : }
      81                 : 
      82                 : // nsCMSMessage destructor
      83               0 : nsCMSSecureMessage::~nsCMSSecureMessage()
      84                 : {
      85               0 : }
      86                 : 
      87                 : /* string getCertByPrefID (in string certID); */
      88               0 : NS_IMETHODIMP nsCMSSecureMessage::
      89                 : GetCertByPrefID(const char *certID, char **_retval)
      90                 : {
      91               0 :   nsNSSShutDownPreventionLock locker;
      92               0 :   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::GetCertByPrefID\n"));
      93               0 :   nsresult rv = NS_OK;
      94               0 :   CERTCertificate *cert = 0;
      95               0 :   nsXPIDLCString nickname;
      96               0 :   nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
      97                 : 
      98               0 :   *_retval = 0;
      99                 : 
     100               0 :   nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID, &rv);
     101               0 :   if (NS_FAILED(rv)) {
     102               0 :     goto done;
     103                 :   }
     104                 : 
     105               0 :   rv = prefs->GetCharPref(certID,
     106               0 :                           getter_Copies(nickname));
     107               0 :   if (NS_FAILED(rv)) goto done;
     108                 : 
     109                 :   /* Find a good cert in the user's database */
     110               0 :   cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), const_cast<char*>(nickname.get()), 
     111               0 :            certUsageEmailRecipient, true, ctx);
     112                 : 
     113               0 :   if (!cert) { 
     114                 :     /* Success, but no value */
     115               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::GetCertByPrefID - can't find user cert\n"));
     116               0 :     goto done;
     117                 :   } 
     118                 : 
     119                 :   /* Convert the DER to a BASE64 String */
     120               0 :   encode(cert->derCert.data, cert->derCert.len, _retval);
     121                 : 
     122                 : done:
     123               0 :   if (cert) CERT_DestroyCertificate(cert);
     124               0 :   return rv;
     125                 : }
     126                 : 
     127                 : 
     128                 : // nsCMSSecureMessage::DecodeCert
     129               0 : nsresult nsCMSSecureMessage::
     130                 : DecodeCert(const char *value, nsIX509Cert ** _retval)
     131                 : {
     132               0 :   nsNSSShutDownPreventionLock locker;
     133               0 :   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::DecodeCert\n"));
     134               0 :   nsresult rv = NS_OK;
     135                 :   PRInt32 length;
     136               0 :   unsigned char *data = 0;
     137                 : 
     138               0 :   *_retval = 0;
     139                 : 
     140               0 :   if (!value) { return NS_ERROR_FAILURE; }
     141                 : 
     142               0 :   rv = decode(value, &data, &length);
     143               0 :   if (NS_FAILED(rv)) {
     144               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::DecodeCert - can't decode cert\n"));
     145               0 :     return rv;
     146                 :   }
     147                 : 
     148               0 :   nsCOMPtr<nsIX509Cert> cert =  nsNSSCertificate::ConstructFromDER((char *)data, length);
     149                 : 
     150               0 :   if (cert) {
     151               0 :     *_retval = cert;
     152               0 :     NS_ADDREF(*_retval);
     153                 :   }
     154                 :   else {
     155               0 :     rv = NS_ERROR_FAILURE;
     156                 :   }
     157                 : 
     158               0 :   nsCRT::free((char*)data);
     159               0 :   return rv;
     160                 : }
     161                 : 
     162                 : // nsCMSSecureMessage::SendMessage
     163               0 : nsresult nsCMSSecureMessage::
     164                 : SendMessage(const char *msg, const char *base64Cert, char ** _retval)
     165                 : {
     166               0 :   nsNSSShutDownPreventionLock locker;
     167               0 :   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage\n"));
     168               0 :   nsresult rv = NS_OK;
     169               0 :   CERTCertificate *cert = 0;
     170               0 :   NSSCMSMessage *cmsMsg = 0;
     171               0 :   unsigned char *certDER = 0;
     172                 :   PRInt32 derLen;
     173                 :   NSSCMSEnvelopedData *env;
     174                 :   NSSCMSContentInfo *cinfo;
     175                 :   NSSCMSRecipientInfo *rcpt;
     176                 :   SECItem output;
     177               0 :   PLArenaPool *arena = PORT_NewArena(1024);
     178                 :   SECStatus s;
     179               0 :   nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
     180                 : 
     181                 :   /* Step 0. Create a CMS Message */
     182               0 :   cmsMsg = NSS_CMSMessage_Create(NULL);
     183               0 :   if (!cmsMsg) {
     184               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create NSSCMSMessage\n"));
     185               0 :     rv = NS_ERROR_FAILURE;
     186               0 :     goto done;
     187                 :   }
     188                 : 
     189                 :   /* Step 1.  Import the certificate into NSS */
     190               0 :   rv = decode(base64Cert, &certDER, &derLen);
     191               0 :   if (NS_FAILED(rv)) {
     192               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't decode / import cert into NSS\n"));
     193               0 :     goto done;
     194                 :   }
     195                 : 
     196               0 :   cert = CERT_DecodeCertFromPackage((char *)certDER, derLen);
     197               0 :   if (!cert) {
     198               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't decode cert from package\n"));
     199               0 :     rv = NS_ERROR_FAILURE;
     200               0 :     goto done;
     201                 :   }
     202                 : 
     203                 : #if 0
     204                 :   cert->dbhandle = CERT_GetDefaultCertDB();  /* work-around */
     205                 : #endif
     206                 : 
     207                 :   /* Step 2.  Get a signature cert */
     208                 : 
     209                 :   /* Step 3. Build inner (signature) content */
     210                 : 
     211                 :   /* Step 4. Build outer (enveloped) content */
     212               0 :   env = NSS_CMSEnvelopedData_Create(cmsMsg, SEC_OID_DES_EDE3_CBC, 0);
     213               0 :   if (!env) {
     214               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create envelope data\n"));
     215               0 :     rv = NS_ERROR_FAILURE;
     216               0 :     goto done;
     217                 :   }
     218                 : 
     219               0 :   cinfo = NSS_CMSEnvelopedData_GetContentInfo(env);
     220               0 :   s = NSS_CMSContentInfo_SetContent_Data(cmsMsg, cinfo, 0, false);
     221               0 :   if (s != SECSuccess) {
     222               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't set content data\n"));
     223               0 :     rv = NS_ERROR_FAILURE;
     224               0 :     goto done;
     225                 :   }
     226                 : 
     227               0 :   rcpt = NSS_CMSRecipientInfo_Create(cmsMsg, cert);
     228               0 :   if (!rcpt) {
     229               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create recipient info\n"));
     230               0 :     rv = NS_ERROR_FAILURE;
     231               0 :     goto done;
     232                 :   }
     233                 : 
     234               0 :   s = NSS_CMSEnvelopedData_AddRecipient(env, rcpt);
     235               0 :   if (s != SECSuccess) {
     236               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't add recipient\n"));
     237               0 :     rv = NS_ERROR_FAILURE;
     238               0 :     goto done;
     239                 :   }
     240                 : 
     241                 :   /* Step 5. Add content to message */
     242               0 :   cinfo = NSS_CMSMessage_GetContentInfo(cmsMsg);
     243               0 :   s = NSS_CMSContentInfo_SetContent_EnvelopedData(cmsMsg, cinfo, env);
     244               0 :   if (s != SECSuccess) {
     245               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't set content enveloped data\n"));
     246               0 :     rv = NS_ERROR_FAILURE;
     247               0 :     goto done;
     248                 :   }
     249                 :   
     250                 :   /* Step 6. Encode */
     251                 :   NSSCMSEncoderContext *ecx;
     252                 : 
     253               0 :   output.data = 0; output.len = 0;
     254                 :   ecx = NSS_CMSEncoder_Start(cmsMsg, 0, 0, &output, arena,
     255               0 :             0, ctx, 0, 0, 0, 0);
     256               0 :   if (!ecx) {
     257               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't start cms encoder\n"));
     258               0 :     rv = NS_ERROR_FAILURE;
     259               0 :     goto done;
     260                 :   }
     261                 : 
     262               0 :   s = NSS_CMSEncoder_Update(ecx, msg, strlen(msg));
     263               0 :   if (s != SECSuccess) {
     264               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't update encoder\n"));
     265               0 :     rv = NS_ERROR_FAILURE;
     266               0 :     goto done;
     267                 :   }
     268                 : 
     269               0 :   s = NSS_CMSEncoder_Finish(ecx);
     270               0 :   if (s != SECSuccess) {
     271               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't finish encoder\n"));
     272               0 :     rv = NS_ERROR_FAILURE;
     273               0 :     goto done;
     274                 :   }
     275                 : 
     276                 :   /* Step 7. Base64 encode and return the result */
     277               0 :   rv = encode(output.data, output.len, _retval);
     278                 : 
     279                 : done:
     280               0 :   if (certDER) nsCRT::free((char *)certDER);
     281               0 :   if (cert) CERT_DestroyCertificate(cert);
     282               0 :   if (cmsMsg) NSS_CMSMessage_Destroy(cmsMsg);
     283               0 :   if (arena) PORT_FreeArena(arena, false);  /* false? */
     284                 : 
     285               0 :   return rv;
     286                 : }
     287                 : 
     288                 : /*
     289                 :  * nsCMSSecureMessage::ReceiveMessage
     290                 :  */
     291               0 : nsresult nsCMSSecureMessage::
     292                 : ReceiveMessage(const char *msg, char **_retval)
     293                 : {
     294               0 :   nsNSSShutDownPreventionLock locker;
     295               0 :   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage\n"));
     296               0 :   nsresult rv = NS_OK;
     297                 :   NSSCMSDecoderContext *dcx;
     298               0 :   unsigned char *der = 0;
     299                 :   PRInt32 derLen;
     300               0 :   NSSCMSMessage *cmsMsg = 0;
     301                 :   SECItem *content;
     302               0 :   nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
     303                 : 
     304                 :   /* Step 1. Decode the base64 wrapper */
     305               0 :   rv = decode(msg, &der, &derLen);
     306               0 :   if (NS_FAILED(rv)) {
     307               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't base64 decode\n"));
     308               0 :     goto done;
     309                 :   }
     310                 : 
     311               0 :   dcx = NSS_CMSDecoder_Start(0, 0, 0, /* pw */ 0, ctx, /* key */ 0, 0);
     312               0 :   if (!dcx) {
     313               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't start decoder\n"));
     314               0 :     rv = NS_ERROR_FAILURE;
     315               0 :     goto done;
     316                 :   }
     317                 : 
     318               0 :   (void)NSS_CMSDecoder_Update(dcx, (char *)der, derLen);
     319               0 :   cmsMsg = NSS_CMSDecoder_Finish(dcx);
     320               0 :   if (!cmsMsg) {
     321               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't finish decoder\n"));
     322               0 :     rv = NS_ERROR_FAILURE;
     323                 :     /* Memory leak on dcx?? */
     324               0 :     goto done;
     325                 :   }
     326                 : 
     327               0 :   content = NSS_CMSMessage_GetContent(cmsMsg);
     328               0 :   if (!content) {
     329               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't get content\n"));
     330               0 :     rv = NS_ERROR_FAILURE;
     331               0 :     goto done;
     332                 :   }
     333                 : 
     334                 :   /* Copy the data */
     335               0 :   *_retval = (char*)malloc(content->len+1);
     336               0 :   memcpy(*_retval, content->data, content->len);
     337               0 :   (*_retval)[content->len] = 0;
     338                 : 
     339                 : done:
     340               0 :   if (der) free(der);
     341               0 :   if (cmsMsg) NSS_CMSMessage_Destroy(cmsMsg);
     342                 : 
     343               0 :   return rv;
     344                 : }
     345                 : 
     346               0 : nsresult nsCMSSecureMessage::
     347                 : encode(const unsigned char *data, PRInt32 dataLen, char **_retval)
     348                 : {
     349               0 :   nsresult rv = NS_OK;
     350                 : 
     351               0 :   *_retval = PL_Base64Encode((const char *)data, dataLen, NULL);
     352               0 :   if (!*_retval) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
     353                 : 
     354                 : loser:
     355               0 :   return rv;
     356                 : }
     357                 : 
     358               0 : nsresult nsCMSSecureMessage::
     359                 : decode(const char *data, unsigned char **result, PRInt32 * _retval)
     360                 : {
     361               0 :   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::decode\n"));
     362               0 :   nsresult rv = NS_OK;
     363               0 :   PRUint32 len = PL_strlen(data);
     364               0 :   int adjust = 0;
     365                 : 
     366                 :   /* Compute length adjustment */
     367               0 :   if (data[len-1] == '=') {
     368               0 :     adjust++;
     369               0 :     if (data[len-2] == '=') adjust++;
     370                 :   }
     371                 : 
     372               0 :   *result = (unsigned char *)PL_Base64Decode(data, len, NULL);
     373               0 :   if (!*result) {
     374               0 :     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::decode - error decoding base64\n"));
     375               0 :     rv = NS_ERROR_ILLEGAL_VALUE;
     376               0 :     goto loser;
     377                 :   }
     378                 : 
     379               0 :   *_retval = (len*3)/4 - adjust;
     380                 : 
     381                 : loser:
     382               0 :   return rv;
     383                 : }

Generated by: LCOV version 1.7