From 4e1bce59fa373fd302b994d495427109c9fff121 Mon Sep 17 00:00:00 2001
From: Chris Toshok <toshok@ximian.com>
Date: Wed, 12 Nov 2003 02:07:25 +0000
Subject: don't init NSS here. it's done in e_cert_db_peek.

2003-11-11  Chris Toshok  <toshok@ximian.com>

	* tests/import-cert.c (main): don't init NSS here.  it's done in
	e_cert_db_peek.

	* lib/Makefile.am (libessmime_la_SOURCES): add e-cert-db.[ch]

	* gui/smime-ui.glade: set the initial sensitivity of the buttons
	here, and add the beginnings of the CA import dialog (where you
	assign trust levels to it.)

	* gui/certificate-manager.c (handle_selection_changed):
	sensitize/desensitize all the various buttons correctly when the
	GtkTreeView's selection changes.
	(yourcerts_selection_changed): new, selection change handler for
	the Your Certs tab.
	(initialize_yourcerts_ui): hook up the tree selection, and add a
	model column for the ECert.
	(contactcerts_selection_changed): new, selection change handler
	for the Contact Certs tab.
	(initialize_contactcerts_ui): hook up the tree selection, and add
	a model column for the ECert.
	(import_ca): new function.
	(delete_ca): new function.
	(authoritycerts_selection_changed): new, selection change handler
	for the Authority Certs tab.
	(create_authoritycerts_treemodel): new function for creating the
	authority cert tree model.  the other tabs will eventually use a
	separate function for this too, as unload_certs gets fleshed out.
	(initialize_authoritycerts_ui): hook up the tree selection, and
	add import/delete buttons.
	(destroy_key): dtor for the keys in our hashes.
	(destroy_value): dtor for the values in our hashes.
	(unload_certs): new function.  basically destroy/recreate the
	model and hash for the particular cert type/tab.
	(load_certs): use e_cert_get_cert_type.
	(populate_ui): use unload_certs as well as load_certs.
	(certificate_manager_config_control_new): call e_cert_db_peek
	,which will initialize all of NSS.  hook up all the widgets from
	libglade.

	* lib/e-cert.h: add prototypes for all the new methods, and add
	the ECertType enum.

	* lib/e-cert.c (e_cert_dispose): handle deletion from the DB here.
	(e_cert_new_from_der): new function.
	(e_cert_get_internal_cert): new function.
	(e_cert_get_raw_der): new function.
	(e_cert_get_issuer_name): new
	(e_cert_get_subject_name): new
	(e_cert_mark_for_deletion): new
	(e_cert_get_cert_type): new.
	(e_cert_is_ca_cert): nuke.

	* lib/e-cert-db.[ch]: new, partly implemented, derived from
	mozilla's nsNSSCertificateDB code.

svn path=/trunk/; revision=23292
---
 smime/lib/e-cert.c | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 134 insertions(+), 4 deletions(-)

(limited to 'smime/lib/e-cert.c')

diff --git a/smime/lib/e-cert.c b/smime/lib/e-cert.c
index 5636730401..7db638b884 100644
--- a/smime/lib/e-cert.c
+++ b/smime/lib/e-cert.c
@@ -20,12 +20,54 @@
  * Author: Chris Toshok (toshok@ximian.com)
  */
 
+/* The following is the mozilla license blurb, as the bodies some of
+   these functions were derived from the mozilla source. */
+
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ *
+ */
+
 #include "e-cert.h"
+#include "pk11func.h"
+#include "certdb.h"
 
 struct _ECertPrivate {
 	CERTCertificate *cert;
+
+	/* pointers we cache since the nss implementation allocs the
+	   string */
 	char *org_name;
 	char *cn;
+
+	gboolean delete;
 };
 
 #define PARENT_TYPE G_TYPE_OBJECT
@@ -42,11 +84,23 @@ e_cert_dispose (GObject *object)
 	if (ec->priv->org_name)
 		PORT_Free (ec->priv->org_name);
 	if (ec->priv->cn)
-		PORT_Free (ec->priv->org_name);
+		PORT_Free (ec->priv->cn);
+
+	if (ec->priv->delete) {
+		printf ("attempting to delete cert marked for deletion\n");
+		if (e_cert_get_cert_type (ec) == E_CERT_USER) {
+			PK11_DeleteTokenCertAndKey(ec->priv->cert, NULL);
+		} else if (!PK11_IsReadOnly(ec->priv->cert->slot)) {
+			/* If the list of built-ins does contain a non-removable
+			   copy of this certificate, our call will not remove
+			   the certificate permanently, but rather remove all trust. */
+			SEC_DeletePermCertificate(ec->priv->cert);
+		}
+	}
 
 	g_free (ec->priv);
 	ec->priv = NULL;
-
+	
 	if (G_OBJECT_CLASS (parent_class)->dispose)
 		G_OBJECT_CLASS (parent_class)->dispose (object);
 }
@@ -115,9 +169,47 @@ e_cert_new (CERTCertificate *cert)
 	return ecert;
 }
 
+ECert*
+e_cert_new_from_der (char *data, guint32 len)
+{
+	CERTCertificate *cert = CERT_DecodeCertFromPackage (data, len);
+
+	if (!cert)
+		return NULL;
+
+	if (cert->dbhandle == NULL)
+		cert->dbhandle = CERT_GetDefaultCertDB();
+
+	return e_cert_new (cert);
+}
+
 
 
 
+CERTCertificate*
+e_cert_get_internal_cert (ECert *cert)
+{
+	/* XXX should this refcnt it? */
+	return cert->priv->cert;
+}
+
+gboolean
+e_cert_get_raw_der (ECert *cert, char **data, guint32 *len)
+{
+	/* XXX do we really need to check if cert->priv->cert is NULL
+	   here?  it should always be non-null if we have the
+	   ECert.. */
+	if (cert->priv->cert) {
+		*data = (char*)cert->priv->cert->derCert.data;
+		*len = (guint32)cert->priv->cert->derCert.len;
+		return TRUE;
+	}
+
+	*len = 0;
+	return FALSE;
+
+}
+
 const char*
 e_cert_get_nickname (ECert *cert)
 {
@@ -141,8 +233,46 @@ e_cert_get_cn       (ECert *cert)
 	return cert->priv->cn;
 }
 
+const char*
+e_cert_get_issuer_name (ECert *cert)
+{
+	return cert->priv->cert->issuerName;
+}
+
+const char*
+e_cert_get_subject_name (ECert *cert)
+{
+	return cert->priv->cert->subjectName;
+}
+
 gboolean
-e_cert_is_ca_cert (ECert *cert)
+e_cert_mark_for_deletion (ECert *cert)
+{
+	//	nsNSSShutDownPreventionLock locker;
+
+#if 0
+	// make sure user is logged in to the token
+	nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+#endif
+
+	if (PK11_NeedLogin(cert->priv->cert->slot)
+	    && !PK11_NeedUserInit(cert->priv->cert->slot)
+	    && !PK11_IsInternal(cert->priv->cert->slot)) {
+		if (SECSuccess != PK11_Authenticate(cert->priv->cert->slot, PR_TRUE, NULL)) {
+			return FALSE;
+		}
+	}
+
+	cert->priv->delete = TRUE;
+
+	return TRUE;
+}
+
+ECertType
+e_cert_get_cert_type (ECert *cert)
 {
-	return CERT_IsCACert (cert->priv->cert, NULL);
+	if (CERT_IsCACert (cert->priv->cert, NULL))
+		return E_CERT_CA;
+	else /* XXX more here */
+		return E_CERT_USER;
 }
-- 
cgit v1.2.3