aboutsummaryrefslogtreecommitdiffstats
path: root/smime/lib
diff options
context:
space:
mode:
Diffstat (limited to 'smime/lib')
-rw-r--r--smime/lib/.cvsignore1
-rw-r--r--smime/lib/Makefile.am7
-rw-r--r--smime/lib/e-cert-db.c145
-rw-r--r--smime/lib/e-cert-db.h5
-rw-r--r--smime/lib/e-pkcs12.c136
-rw-r--r--smime/lib/smime-marshal.list1
6 files changed, 190 insertions, 105 deletions
diff --git a/smime/lib/.cvsignore b/smime/lib/.cvsignore
index 74b73492ca..7798e01d25 100644
--- a/smime/lib/.cvsignore
+++ b/smime/lib/.cvsignore
@@ -1,3 +1,4 @@
Makefile
Makefile.in
*.la
+smime-marshal.[ch]
diff --git a/smime/lib/Makefile.am b/smime/lib/Makefile.am
index f534fd01f3..a9068e3b18 100644
--- a/smime/lib/Makefile.am
+++ b/smime/lib/Makefile.am
@@ -16,6 +16,7 @@ INCLUDES = \
noinst_LTLIBRARIES = libessmime.la
libessmime_la_SOURCES = \
+ $(MARSHAL_GENERATED) \
e-asn1-object.c \
e-asn1-object.h \
e-cert.c \
@@ -26,3 +27,9 @@ libessmime_la_SOURCES = \
e-cert-db.h \
e-pkcs12.c \
e-pkcs12.h
+
+MARSHAL_GENERATED = smime-marshal.c smime-marshal.h
+@EVO_MARSHAL_RULE@
+
+BUILT_SOURCES = $(MARSHAL_GENERATED)
+CLEANFILES = $(BUILT_SOURCES)
diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c
index 5acdf4e847..d37805d7c4 100644
--- a/smime/lib/e-cert-db.c
+++ b/smime/lib/e-cert-db.c
@@ -62,18 +62,23 @@
#define CERT_NewTempCertificate __CERT_NewTempCertificate
#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm
+#include "smime-marshal.h"
#include "e-cert-db.h"
#include "e-cert-trust.h"
+#include "e-pkcs12.h"
#include "gmodule.h"
#include "nss.h"
+#include "ssl.h"
+#include "p12plcy.h"
#include "pk11func.h"
#include "secmod.h"
#include "certdb.h"
#include "plstr.h"
#include "prprf.h"
#include "prmem.h"
+#include "e-util/e-passwords.h"
#include "e-util/e-dialog-utils.h"
#include <gtk/gtkmessagedialog.h>
#include <libgnome/gnome-i18n.h>
@@ -82,6 +87,13 @@
#include <sys/stat.h>
#include <unistd.h>
+enum {
+ PK11_PASSWD,
+ LAST_SIGNAL
+};
+
+static guint e_cert_db_signals[LAST_SIGNAL];
+
struct _ECertDBPrivate {
};
@@ -109,21 +121,45 @@ e_cert_db_dispose (GObject *object)
G_OBJECT_CLASS (parent_class)->dispose (object);
}
+PRBool
+ucs2_ascii_conversion_fn (PRBool toUnicode,
+ unsigned char *inBuf,
+ unsigned int inBufLen,
+ unsigned char *outBuf,
+ unsigned int maxOutBufLen,
+ unsigned int *outBufLen,
+ PRBool swapBytes)
+{
+ printf ("in ucs2_ascii_conversion_fn\n");
+}
+
+static char* PR_CALLBACK
+pk11_password (PK11SlotInfo* slot, PRBool retry, void* arg)
+{
+ char *pwd;
+ char *nsspwd;
+
+ gboolean rv = FALSE;
+
+ g_signal_emit (e_cert_db_peek (),
+ e_cert_db_signals[PK11_PASSWD], 0,
+ slot,
+ retry,
+ &pwd,
+ &rv);
+
+ nsspwd = PORT_Strdup (pwd);
+ memset (pwd, 0, strlen (pwd));
+ g_free (pwd);
+ return nsspwd;
+}
+
static void
-e_cert_db_class_init (ECertDBClass *klass)
+initialize_nss (void)
{
- GObjectClass *object_class;
char *evolution_dir_path;
gboolean success;
- gboolean has_roots;
- PK11SlotList *list;
- object_class = G_OBJECT_CLASS(klass);
-
- parent_class = g_type_class_ref (PARENT_TYPE);
-
- object_class->dispose = e_cert_db_dispose;
-
evolution_dir_path = g_build_path ("/", g_get_home_dir (), ".evolution", NULL);
/* we initialize NSS here to make sure it only happens once */
@@ -142,11 +178,29 @@ e_cert_db_class_init (ECertDBClass *klass)
if (!success) {
g_warning ("Failed all methods for initializing NSS");
+ return;
}
- /*
- * check to see if you have a rootcert module installed
- */
+ NSS_SetDomesticPolicy();
+
+ PK11_SetPasswordFunc(pk11_password);
+
+ /* Enable ciphers for PKCS#12 */
+ SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
+ SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
+ SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
+ SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
+ SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
+ SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
+ SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
+ PORT_SetUCS2_ASCIIConversionFunction(ucs2_ascii_conversion_fn);
+}
+
+static void
+install_loadable_roots (void)
+{
+ gboolean has_roots;
+ PK11SlotList *list;
has_roots = FALSE;
list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL);
@@ -189,6 +243,32 @@ e_cert_db_class_init (ECertDBClass *klass)
}
static void
+e_cert_db_class_init (ECertDBClass *klass)
+{
+ GObjectClass *object_class;
+
+ object_class = G_OBJECT_CLASS(klass);
+
+ parent_class = g_type_class_ref (PARENT_TYPE);
+
+ object_class->dispose = e_cert_db_dispose;
+
+ initialize_nss();
+ /* check to see if you have a rootcert module installed */
+ install_loadable_roots();
+
+ e_cert_db_signals[PK11_PASSWD] =
+ g_signal_new ("pk11_passwd",
+ G_OBJECT_CLASS_TYPE (object_class),
+ G_SIGNAL_RUN_LAST,
+ G_STRUCT_OFFSET (ECertDBClass, pk11_passwd),
+ NULL, NULL,
+ smime_marshal_BOOLEAN__POINTER_BOOLEAN_POINTER,
+ G_TYPE_BOOLEAN, 3,
+ G_TYPE_POINTER, G_TYPE_BOOLEAN, G_TYPE_POINTER);
+}
+
+static void
e_cert_db_init (ECertDB *ec)
{
ec->priv = g_new0 (ECertDBPrivate, 1);
@@ -250,14 +330,6 @@ e_cert_db_find_cert_by_nickname (ECertDB *certdb,
CERTCertificate *cert = NULL;
/*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));*/
-#if 0
- /* what it should be, but for now...*/
- if (aToken) {
- cert = PK11_FindCertFromNickname(asciiname, NULL);
- } else {
- cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
- }
-#endif
cert = PK11_FindCertFromNickname((char*)nickname, NULL);
if (!cert) {
cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char*)nickname);
@@ -1013,6 +1085,15 @@ e_cert_db_import_pkcs12_file (ECertDB *cert_db,
const char *file_path,
GError **error)
{
+ EPKCS12 *pkcs12 = e_pkcs12_new ();
+ GError *e = NULL;
+
+ if (!e_pkcs12_import_from_file (pkcs12, file_path, &e)) {
+ g_propagate_error (error, e);
+ return FALSE;
+ }
+
+ return TRUE;
}
gboolean
@@ -1023,6 +1104,28 @@ e_cert_db_export_pkcs12_file (ECertDB *cert_db,
{
}
+gboolean
+e_cert_db_login_to_slot (ECertDB *cert_db,
+ PK11SlotInfo *slot)
+{
+ if (PK11_NeedLogin (slot)) {
+ PK11_Logout (slot);
+
+ if (PK11_NeedUserInit (slot)) {
+ printf ("initializing slot password\n");
+ /* the user needs to specify the initial password */
+ PK11_InitPin (slot, "", "farcl.");
+ }
+
+ if (PK11_Authenticate (slot, PR_TRUE, NULL) != SECSuccess) {
+ printf ("PK11_Authenticate failed (err = %d/%d)\n", PORT_GetError(), PORT_GetError() + 0x2000);
+ return FALSE;
+ }
+ }
+
+ return TRUE;
+}
+
static SECStatus PR_CALLBACK
diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h
index ffc381587a..d31fc02186 100644
--- a/smime/lib/e-cert-db.h
+++ b/smime/lib/e-cert-db.h
@@ -47,6 +47,9 @@ struct _ECertDB {
struct _ECertDBClass {
GObjectClass parent_class;
+ /* signals */
+ gboolean (*pk11_passwd) (ECertDB *db, PK11SlotInfo *slot, gboolean retry, char **passwd);
+
/* Padding for future expansion */
void (*_ecert_reserved0) (void);
void (*_ecert_reserved1) (void);
@@ -124,5 +127,7 @@ gboolean e_cert_db_export_pkcs12_file (ECertDB *cert_db,
GList *certs,
GError **error);
+gboolean e_cert_db_login_to_slot (ECertDB *cert_db,
+ PK11SlotInfo *slot);
#endif /* _E_CERT_DB_H_ */
diff --git a/smime/lib/e-pkcs12.c b/smime/lib/e-pkcs12.c
index 3092944196..0a9bb3bc74 100644
--- a/smime/lib/e-pkcs12.c
+++ b/smime/lib/e-pkcs12.c
@@ -63,30 +63,29 @@
#include <unistd.h>
#include "e-util/e-passwords.h"
+#include "e-cert-db.h"
#include "e-pkcs12.h"
#include "prmem.h"
#include "nss.h"
+#include "ssl.h"
#include "pkcs12.h"
#include "p12plcy.h"
#include "pk11func.h"
#include "secerr.h"
struct _EPKCS12Private {
- int tmp_fd;
- char *tmp_path;
+ int mumble;
};
#define PARENT_TYPE G_TYPE_OBJECT
static GObjectClass *parent_class;
-// static callback functions for the NSS PKCS#12 library
+/* static callback functions for the NSS PKCS#12 library */
static SECItem * PR_CALLBACK nickname_collision(SECItem *, PRBool *, void *);
-static void PR_CALLBACK write_export_file(void *arg, const char *buf, unsigned long len);
static gboolean handle_error(int myerr);
-#define PKCS12_TMPFILENAME ".p12tmp"
#define PKCS12_BUFFER_SIZE 2048
#define PKCS12_RESTORE_OK 1
#define PKCS12_BACKUP_OK 2
@@ -185,20 +184,16 @@ input_to_decoder (SEC_PKCS12DecoderContext *dcx, const char *path, GError **erro
while (TRUE) {
amount = fread (buf, 1, sizeof (buf), fp);
if (amount < 0) {
- printf ("got -1 fread\n");
fclose (fp);
return FALSE;
}
+
/* feed the file data into the decoder */
srv = SEC_PKCS12DecoderUpdate(dcx,
(unsigned char*) buf,
amount);
if (srv) {
- /* don't allow the close call to overwrite our precious error code */
/* XXX g_error */
- int pr_err = PORT_GetError();
- PORT_SetError(pr_err);
- printf ("SEC_PKCS12DecoderUpdate returned %d\n", srv);
fclose (fp);
return FALSE;
}
@@ -209,6 +204,9 @@ input_to_decoder (SEC_PKCS12DecoderContext *dcx, const char *path, GError **erro
return TRUE;
}
+/* XXX toshok - this needs to be done using a signal as in the
+ e_cert_db_login_to_slot stuff, instead of a direct gui dep here..
+ for now, though, it stays. */
static gboolean
prompt_for_password (char *title, char *prompt, SECItem *pwd)
{
@@ -219,8 +217,27 @@ prompt_for_password (char *title, char *prompt, SECItem *pwd)
NULL);
if (passwd) {
- SECITEM_AllocItem(NULL, pwd, PL_strlen (passwd));
- memcpy (pwd->data, passwd, strlen (passwd));
+ int len = g_utf8_strlen (passwd, -1);
+ gunichar2 uni;
+ int i;
+ char *p;
+
+ SECITEM_AllocItem(NULL, pwd, sizeof (gunichar2) * (len + 1));
+ memset (pwd->data, 0, sizeof (gunichar2) * (len + 1));
+
+#ifdef IS_LITTLE_ENDIAN
+ p = passwd;
+ for (i=0; i < len; i++) {
+ uni = (gunichar2)(g_utf8_get_char (p) & 0xFFFF);
+ p = g_utf8_next_char (p);
+
+ pwd->data[2*i] = (unsigned char)(uni >> 8);
+ pwd->data[2*i+1] = (unsigned char)(uni & 0xFF);
+ }
+#else
+ memcpy (pwd->data, uni, pwd->len-2);
+#endif
+ memset (passwd, 0, strlen (passwd));
g_free (passwd);
}
@@ -228,19 +245,17 @@ prompt_for_password (char *title, char *prompt, SECItem *pwd)
}
static gboolean
-import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry, GError **error)
+import_from_file_helper (EPKCS12 *pkcs12, PK11SlotInfo *slot,
+ const char *path, gboolean *aWantRetry, GError **error)
{
/*nsNSSShutDownPreventionLock locker; */
- gboolean rv = TRUE;
+ gboolean rv;
SECStatus srv = SECSuccess;
SEC_PKCS12DecoderContext *dcx = NULL;
SECItem passwd;
GError *err = NULL;
- PK11SlotInfo *slot = PK11_GetInternalKeySlot (); /* XXX toshok - we
- hardcode this
- here */
- *aWantRetry = FALSE;
+ *aWantRetry = FALSE;
passwd.data = NULL;
rv = prompt_for_password (_("PKCS12 File Password"), _("Enter password for PKCS12 file:"), &passwd);
@@ -250,32 +265,14 @@ import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry
return TRUE;
}
-#if notyet
- /* XXX we don't need this block as long as we hardcode the
- slot above */
- nsXPIDLString tokenName;
- nsXPIDLCString tokenNameCString;
- const char *tokNameRef;
-
-
- mToken->GetTokenName (getter_Copies(tokenName));
- tokenNameCString.Adopt (ToNewUTF8String(tokenName));
- tokNameRef = tokenNameCString; /* I do this here so that the
- NS_CONST_CAST below doesn't
- break the build on Win32 */
-
- slot = PK11_FindSlotByName (NS_CONST_CAST(char*,tokNameRef));
- if (!slot) {
- srv = SECFailure;
- goto finish;
- }
-#endif
-
/* initialize the decoder */
- dcx = SEC_PKCS12DecoderStart (&passwd, slot, NULL,
- NULL, NULL,
- NULL, NULL,
- pkcs12);
+ dcx = SEC_PKCS12DecoderStart (&passwd,
+ slot,
+ /* we specify NULL for all the
+ funcs + data so it'll use the
+ default pk11wrap functions */
+ NULL, NULL, NULL,
+ NULL, NULL, NULL);
if (!dcx) {
srv = SECFailure;
goto finish;
@@ -289,19 +286,21 @@ import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry
// inputToDecoder indicated a NSS error
srv = SECFailure;
}
+#else
+ srv = SECFailure;
#endif
goto finish;
}
/* verify the blob */
srv = SEC_PKCS12DecoderVerify (dcx);
- if (srv) { printf ("decoderverify failed\n"); goto finish; }
+ if (srv) goto finish;
/* validate bags */
srv = SEC_PKCS12DecoderValidateBags (dcx, nickname_collision);
- if (srv) { printf ("decodervalidatebags failed\n"); goto finish; }
+ if (srv) goto finish;
/* import cert and key */
srv = SEC_PKCS12DecoderImportBags (dcx);
- if (srv) { printf ("decoderimportbags failed\n"); goto finish; }
+ if (srv) goto finish;
/* Later - check to see if this should become default email cert */
handle_error (PKCS12_RESTORE_OK);
finish:
@@ -309,18 +308,14 @@ import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry
We should use that error code instead of inventing a new one
for every error possible. */
if (srv != SECSuccess) {
- printf ("srv != SECSuccess\n");
if (SEC_ERROR_BAD_PASSWORD == PORT_GetError()) {
- printf ("BAD PASSWORD\n");
*aWantRetry = TRUE;
}
handle_error(PKCS12_NSS_ERROR);
} else if (!rv) {
handle_error(PKCS12_RESTORE_FAILED);
}
- if (slot)
- PK11_FreeSlot(slot);
- // finish the decoder
+ /* finish the decoder */
if (dcx)
SEC_PKCS12DecoderFinish(dcx);
return TRUE;
@@ -332,32 +327,17 @@ e_pkcs12_import_from_file (EPKCS12 *pkcs12, const char *path, GError **error)
/*nsNSSShutDownPreventionLock locker;*/
gboolean rv = TRUE;
gboolean wantRetry;
+ PK11SlotInfo *slot;
+ printf ("importing pkcs12 from `%s'\n", path);
-#if 0
- /* XXX we don't use tokens yet */
- if (!mToken) {
- if (!mTokenSet) {
- rv = SetToken(NULL); // Ask the user to pick a slot
- if (NS_FAILED(rv)) {
- handle_error(PKCS12_USER_CANCELED);
- return rv;
- }
- }
- }
+ slot = PK11_GetInternalKeySlot();
- if (!mToken) {
- handle_error(PKCS12_RESTORE_FAILED);
- return NS_ERROR_NOT_AVAILABLE;
- }
+ if (!e_cert_db_login_to_slot (e_cert_db_peek (), slot))
+ return FALSE;
- /* init slot */
- rv = mToken->Login(PR_TRUE);
- if (NS_FAILED(rv)) return rv;
-#endif
-
do {
- rv = import_from_file_helper (pkcs12, path, &wantRetry, error);
+ rv = import_from_file_helper (pkcs12, slot, path, &wantRetry, error);
} while (rv && wantRetry);
return rv;
@@ -433,18 +413,6 @@ nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
return new_nick;
}
-/* write bytes to the exported PKCS#12 file */
-static void PR_CALLBACK
-write_export_file(void *arg, const char *buf, unsigned long len)
-{
- EPKCS12 *pkcs12 = E_PKCS12 (arg);
- EPKCS12Private *priv = pkcs12->priv;
-
- printf ("write_export_file\n");
-
- write (priv->tmp_fd, buf, len);
-}
-
static gboolean
handle_error(int myerr)
{
diff --git a/smime/lib/smime-marshal.list b/smime/lib/smime-marshal.list
new file mode 100644
index 0000000000..97c7a93233
--- /dev/null
+++ b/smime/lib/smime-marshal.list
@@ -0,0 +1 @@
+BOOL:POINTER,BOOL,POINTER