1 : /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 : /* ***** BEGIN LICENSE BLOCK *****
3 : * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 : *
5 : * The contents of this file are subject to the Mozilla Public License Version
6 : * 1.1 (the "License"); you may not use this file except in compliance with
7 : * the License. You may obtain a copy of the License at
8 : * http://www.mozilla.org/MPL/
9 : *
10 : * Software distributed under the License is distributed on an "AS IS" basis,
11 : * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 : * for the specific language governing rights and limitations under the
13 : * License.
14 : *
15 : * The Original Code is Mozilla Communicator.
16 : *
17 : * The Initial Developer of the Original Code is
18 : * Netscape Communications Corp..
19 : * Portions created by the Initial Developer are Copyright (C) 2001
20 : * the Initial Developer. All Rights Reserved.
21 : *
22 : * Contributor(s): Terry Hayes <thayes@netscape.com>
23 : *
24 : * Alternatively, the contents of this file may be used under the terms of
25 : * either the GNU General Public License Version 2 or later (the "GPL"), or
26 : * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 : * in which case the provisions of the GPL or the LGPL are applicable instead
28 : * of those above. If you wish to allow use of your version of this file only
29 : * under the terms of either the GPL or the LGPL, and not to allow others to
30 : * use your version of this file under the terms of the MPL, indicate your
31 : * decision by deleting the provisions above and replace them with the notice
32 : * and other provisions required by the GPL or the LGPL. If you do not delete
33 : * the provisions above, a recipient may use your version of this file under
34 : * the terms of any one of the MPL, the GPL or the LGPL.
35 : *
36 : * ***** END LICENSE BLOCK ***** */
37 :
38 : #include "nsMemory.h"
39 : #include "nsXPIDLString.h"
40 : #include "nsCOMPtr.h"
41 : #include "nsISupports.h"
42 : #include "nsIInterfaceRequestor.h"
43 : #include "nsCRT.h"
44 :
45 : #include "nsICMSSecureMessage.h"
46 :
47 : #include "nsCMSSecureMessage.h"
48 : #include "nsNSSCertificate.h"
49 : #include "nsNSSHelper.h"
50 : #include "nsNSSShutDown.h"
51 :
52 : #include <string.h>
53 : #include "plbase64.h"
54 : #include "cert.h"
55 : #include "cms.h"
56 :
57 : #include "nsIServiceManager.h"
58 : #include "nsIPrefService.h"
59 : #include "nsIPrefBranch.h"
60 :
61 : #include "prlog.h"
62 : #ifdef PR_LOGGING
63 : extern PRLogModuleInfo* gPIPNSSLog;
64 : #endif
65 :
66 : // Standard ISupports implementation
67 : // NOTE: Should these be the thread-safe versions?
68 :
69 : /*****
70 : * nsCMSSecureMessage
71 : *****/
72 :
73 : // Standard ISupports implementation
74 0 : NS_IMPL_ISUPPORTS1(nsCMSSecureMessage, nsICMSSecureMessage)
75 :
76 : // nsCMSSecureMessage constructor
77 0 : nsCMSSecureMessage::nsCMSSecureMessage()
78 : {
79 : // initialize superclass
80 0 : }
81 :
82 : // nsCMSMessage destructor
83 0 : nsCMSSecureMessage::~nsCMSSecureMessage()
84 : {
85 0 : }
86 :
87 : /* string getCertByPrefID (in string certID); */
88 0 : NS_IMETHODIMP nsCMSSecureMessage::
89 : GetCertByPrefID(const char *certID, char **_retval)
90 : {
91 0 : nsNSSShutDownPreventionLock locker;
92 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::GetCertByPrefID\n"));
93 0 : nsresult rv = NS_OK;
94 0 : CERTCertificate *cert = 0;
95 0 : nsXPIDLCString nickname;
96 0 : nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
97 :
98 0 : *_retval = 0;
99 :
100 0 : nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID, &rv);
101 0 : if (NS_FAILED(rv)) {
102 0 : goto done;
103 : }
104 :
105 0 : rv = prefs->GetCharPref(certID,
106 0 : getter_Copies(nickname));
107 0 : if (NS_FAILED(rv)) goto done;
108 :
109 : /* Find a good cert in the user's database */
110 0 : cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), const_cast<char*>(nickname.get()),
111 0 : certUsageEmailRecipient, true, ctx);
112 :
113 0 : if (!cert) {
114 : /* Success, but no value */
115 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::GetCertByPrefID - can't find user cert\n"));
116 0 : goto done;
117 : }
118 :
119 : /* Convert the DER to a BASE64 String */
120 0 : encode(cert->derCert.data, cert->derCert.len, _retval);
121 :
122 : done:
123 0 : if (cert) CERT_DestroyCertificate(cert);
124 0 : return rv;
125 : }
126 :
127 :
128 : // nsCMSSecureMessage::DecodeCert
129 0 : nsresult nsCMSSecureMessage::
130 : DecodeCert(const char *value, nsIX509Cert ** _retval)
131 : {
132 0 : nsNSSShutDownPreventionLock locker;
133 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::DecodeCert\n"));
134 0 : nsresult rv = NS_OK;
135 : PRInt32 length;
136 0 : unsigned char *data = 0;
137 :
138 0 : *_retval = 0;
139 :
140 0 : if (!value) { return NS_ERROR_FAILURE; }
141 :
142 0 : rv = decode(value, &data, &length);
143 0 : if (NS_FAILED(rv)) {
144 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::DecodeCert - can't decode cert\n"));
145 0 : return rv;
146 : }
147 :
148 0 : nsCOMPtr<nsIX509Cert> cert = nsNSSCertificate::ConstructFromDER((char *)data, length);
149 :
150 0 : if (cert) {
151 0 : *_retval = cert;
152 0 : NS_ADDREF(*_retval);
153 : }
154 : else {
155 0 : rv = NS_ERROR_FAILURE;
156 : }
157 :
158 0 : nsCRT::free((char*)data);
159 0 : return rv;
160 : }
161 :
162 : // nsCMSSecureMessage::SendMessage
163 0 : nsresult nsCMSSecureMessage::
164 : SendMessage(const char *msg, const char *base64Cert, char ** _retval)
165 : {
166 0 : nsNSSShutDownPreventionLock locker;
167 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage\n"));
168 0 : nsresult rv = NS_OK;
169 0 : CERTCertificate *cert = 0;
170 0 : NSSCMSMessage *cmsMsg = 0;
171 0 : unsigned char *certDER = 0;
172 : PRInt32 derLen;
173 : NSSCMSEnvelopedData *env;
174 : NSSCMSContentInfo *cinfo;
175 : NSSCMSRecipientInfo *rcpt;
176 : SECItem output;
177 0 : PLArenaPool *arena = PORT_NewArena(1024);
178 : SECStatus s;
179 0 : nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
180 :
181 : /* Step 0. Create a CMS Message */
182 0 : cmsMsg = NSS_CMSMessage_Create(NULL);
183 0 : if (!cmsMsg) {
184 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create NSSCMSMessage\n"));
185 0 : rv = NS_ERROR_FAILURE;
186 0 : goto done;
187 : }
188 :
189 : /* Step 1. Import the certificate into NSS */
190 0 : rv = decode(base64Cert, &certDER, &derLen);
191 0 : if (NS_FAILED(rv)) {
192 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't decode / import cert into NSS\n"));
193 0 : goto done;
194 : }
195 :
196 0 : cert = CERT_DecodeCertFromPackage((char *)certDER, derLen);
197 0 : if (!cert) {
198 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't decode cert from package\n"));
199 0 : rv = NS_ERROR_FAILURE;
200 0 : goto done;
201 : }
202 :
203 : #if 0
204 : cert->dbhandle = CERT_GetDefaultCertDB(); /* work-around */
205 : #endif
206 :
207 : /* Step 2. Get a signature cert */
208 :
209 : /* Step 3. Build inner (signature) content */
210 :
211 : /* Step 4. Build outer (enveloped) content */
212 0 : env = NSS_CMSEnvelopedData_Create(cmsMsg, SEC_OID_DES_EDE3_CBC, 0);
213 0 : if (!env) {
214 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create envelope data\n"));
215 0 : rv = NS_ERROR_FAILURE;
216 0 : goto done;
217 : }
218 :
219 0 : cinfo = NSS_CMSEnvelopedData_GetContentInfo(env);
220 0 : s = NSS_CMSContentInfo_SetContent_Data(cmsMsg, cinfo, 0, false);
221 0 : if (s != SECSuccess) {
222 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't set content data\n"));
223 0 : rv = NS_ERROR_FAILURE;
224 0 : goto done;
225 : }
226 :
227 0 : rcpt = NSS_CMSRecipientInfo_Create(cmsMsg, cert);
228 0 : if (!rcpt) {
229 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create recipient info\n"));
230 0 : rv = NS_ERROR_FAILURE;
231 0 : goto done;
232 : }
233 :
234 0 : s = NSS_CMSEnvelopedData_AddRecipient(env, rcpt);
235 0 : if (s != SECSuccess) {
236 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't add recipient\n"));
237 0 : rv = NS_ERROR_FAILURE;
238 0 : goto done;
239 : }
240 :
241 : /* Step 5. Add content to message */
242 0 : cinfo = NSS_CMSMessage_GetContentInfo(cmsMsg);
243 0 : s = NSS_CMSContentInfo_SetContent_EnvelopedData(cmsMsg, cinfo, env);
244 0 : if (s != SECSuccess) {
245 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't set content enveloped data\n"));
246 0 : rv = NS_ERROR_FAILURE;
247 0 : goto done;
248 : }
249 :
250 : /* Step 6. Encode */
251 : NSSCMSEncoderContext *ecx;
252 :
253 0 : output.data = 0; output.len = 0;
254 : ecx = NSS_CMSEncoder_Start(cmsMsg, 0, 0, &output, arena,
255 0 : 0, ctx, 0, 0, 0, 0);
256 0 : if (!ecx) {
257 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't start cms encoder\n"));
258 0 : rv = NS_ERROR_FAILURE;
259 0 : goto done;
260 : }
261 :
262 0 : s = NSS_CMSEncoder_Update(ecx, msg, strlen(msg));
263 0 : if (s != SECSuccess) {
264 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't update encoder\n"));
265 0 : rv = NS_ERROR_FAILURE;
266 0 : goto done;
267 : }
268 :
269 0 : s = NSS_CMSEncoder_Finish(ecx);
270 0 : if (s != SECSuccess) {
271 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't finish encoder\n"));
272 0 : rv = NS_ERROR_FAILURE;
273 0 : goto done;
274 : }
275 :
276 : /* Step 7. Base64 encode and return the result */
277 0 : rv = encode(output.data, output.len, _retval);
278 :
279 : done:
280 0 : if (certDER) nsCRT::free((char *)certDER);
281 0 : if (cert) CERT_DestroyCertificate(cert);
282 0 : if (cmsMsg) NSS_CMSMessage_Destroy(cmsMsg);
283 0 : if (arena) PORT_FreeArena(arena, false); /* false? */
284 :
285 0 : return rv;
286 : }
287 :
288 : /*
289 : * nsCMSSecureMessage::ReceiveMessage
290 : */
291 0 : nsresult nsCMSSecureMessage::
292 : ReceiveMessage(const char *msg, char **_retval)
293 : {
294 0 : nsNSSShutDownPreventionLock locker;
295 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage\n"));
296 0 : nsresult rv = NS_OK;
297 : NSSCMSDecoderContext *dcx;
298 0 : unsigned char *der = 0;
299 : PRInt32 derLen;
300 0 : NSSCMSMessage *cmsMsg = 0;
301 : SECItem *content;
302 0 : nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
303 :
304 : /* Step 1. Decode the base64 wrapper */
305 0 : rv = decode(msg, &der, &derLen);
306 0 : if (NS_FAILED(rv)) {
307 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't base64 decode\n"));
308 0 : goto done;
309 : }
310 :
311 0 : dcx = NSS_CMSDecoder_Start(0, 0, 0, /* pw */ 0, ctx, /* key */ 0, 0);
312 0 : if (!dcx) {
313 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't start decoder\n"));
314 0 : rv = NS_ERROR_FAILURE;
315 0 : goto done;
316 : }
317 :
318 0 : (void)NSS_CMSDecoder_Update(dcx, (char *)der, derLen);
319 0 : cmsMsg = NSS_CMSDecoder_Finish(dcx);
320 0 : if (!cmsMsg) {
321 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't finish decoder\n"));
322 0 : rv = NS_ERROR_FAILURE;
323 : /* Memory leak on dcx?? */
324 0 : goto done;
325 : }
326 :
327 0 : content = NSS_CMSMessage_GetContent(cmsMsg);
328 0 : if (!content) {
329 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::ReceiveMessage - can't get content\n"));
330 0 : rv = NS_ERROR_FAILURE;
331 0 : goto done;
332 : }
333 :
334 : /* Copy the data */
335 0 : *_retval = (char*)malloc(content->len+1);
336 0 : memcpy(*_retval, content->data, content->len);
337 0 : (*_retval)[content->len] = 0;
338 :
339 : done:
340 0 : if (der) free(der);
341 0 : if (cmsMsg) NSS_CMSMessage_Destroy(cmsMsg);
342 :
343 0 : return rv;
344 : }
345 :
346 0 : nsresult nsCMSSecureMessage::
347 : encode(const unsigned char *data, PRInt32 dataLen, char **_retval)
348 : {
349 0 : nsresult rv = NS_OK;
350 :
351 0 : *_retval = PL_Base64Encode((const char *)data, dataLen, NULL);
352 0 : if (!*_retval) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
353 :
354 : loser:
355 0 : return rv;
356 : }
357 :
358 0 : nsresult nsCMSSecureMessage::
359 : decode(const char *data, unsigned char **result, PRInt32 * _retval)
360 : {
361 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::decode\n"));
362 0 : nsresult rv = NS_OK;
363 0 : PRUint32 len = PL_strlen(data);
364 0 : int adjust = 0;
365 :
366 : /* Compute length adjustment */
367 0 : if (data[len-1] == '=') {
368 0 : adjust++;
369 0 : if (data[len-2] == '=') adjust++;
370 : }
371 :
372 0 : *result = (unsigned char *)PL_Base64Decode(data, len, NULL);
373 0 : if (!*result) {
374 0 : PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::decode - error decoding base64\n"));
375 0 : rv = NS_ERROR_ILLEGAL_VALUE;
376 0 : goto loser;
377 : }
378 :
379 0 : *_retval = (len*3)/4 - adjust;
380 :
381 : loser:
382 0 : return rv;
383 : }
|