From 135e1d6968e7205611aea943496f1fd3f5ba04fc Mon Sep 17 00:00:00 2001 From: Chris Toshok Date: Mon, 5 Jan 2004 20:49:44 +0000 Subject: new function, implement the password dialog for PK11 slot authentication. 2004-01-05 Chris Toshok * gui/component.c (smime_pk11_passwd): new function, implement the password dialog for PK11 slot authentication. (smime_component_init): new function, initialize any gui related signals that the backend exposes. * gui/certificate-manager.c (import_your): use e_cert_db_import_pkcs12_file. (delete_your): new function, implement. (view_your): same. (backup_your): new function, stub out. (backup_all_your): same. (create_yourcerts_treemodel): new function. (initialize_yourcerts_ui): do all the sorting foo, and hook up all the signals. (ainitialize_contactcerts_ui): same. (initialize_authoritycerts_ui): same. (view_contact): treemodel -> streemodel. (view_ca): same. (delete_contact): same, and convert from the sort iter to the child iter before we remove. (delete_ca): same. (import_contact): call gtk_tree_view_expand_all. (import_ca): same. (add_user_cert): append to the child model, not the sort model. (add_contact_cert): same. (add_ca_cert): same. (unload_certs): implement the E_CERT_USER case, and fix the USER/CA stuff to use the sorted treemodels. (load_certs): remove spew. (populate_ui): expand all the tree views. * lib/.cvsignore: ignore the generated marshalling files. * lib/Makefile.am: add the marshalling foo. * lib/smime-marshal.list (BOOL): new file. * lib/e-cert-db.c (pk11_password): new function, emit the pk11_passwd signal. (initialize_nss): new function, split out all the nss init code here, and add all the PKCS12 cipers. (install_loadable_roots): new function, split this code out from the class_init. (e_cert_db_class_init): call initialize_nss() and install_loadable_roots(). also register our pk11_passwd signal. (e_cert_db_import_pkcs12_file): implement. (e_cert_db_login_to_slot): new function, implement. * lib/e-cert-db.h (struct _ECertDBClass): add pk11_passwd signal, and add prototype for e_cert_db_login_to_slot. * lib/e-pkcs12.c (input_to_decoder): remove spew. (prompt_for_password): fix this. (import_from_file_helper): fix fix fix, and remove spew. (write_export_file): nuke, we don't need this. svn path=/trunk/; revision=24058 --- smime/lib/e-pkcs12.c | 136 ++++++++++++++++++++------------------------------- 1 file changed, 52 insertions(+), 84 deletions(-) (limited to 'smime/lib/e-pkcs12.c') diff --git a/smime/lib/e-pkcs12.c b/smime/lib/e-pkcs12.c index 3092944196..0a9bb3bc74 100644 --- a/smime/lib/e-pkcs12.c +++ b/smime/lib/e-pkcs12.c @@ -63,30 +63,29 @@ #include #include "e-util/e-passwords.h" +#include "e-cert-db.h" #include "e-pkcs12.h" #include "prmem.h" #include "nss.h" +#include "ssl.h" #include "pkcs12.h" #include "p12plcy.h" #include "pk11func.h" #include "secerr.h" struct _EPKCS12Private { - int tmp_fd; - char *tmp_path; + int mumble; }; #define PARENT_TYPE G_TYPE_OBJECT static GObjectClass *parent_class; -// static callback functions for the NSS PKCS#12 library +/* static callback functions for the NSS PKCS#12 library */ static SECItem * PR_CALLBACK nickname_collision(SECItem *, PRBool *, void *); -static void PR_CALLBACK write_export_file(void *arg, const char *buf, unsigned long len); static gboolean handle_error(int myerr); -#define PKCS12_TMPFILENAME ".p12tmp" #define PKCS12_BUFFER_SIZE 2048 #define PKCS12_RESTORE_OK 1 #define PKCS12_BACKUP_OK 2 @@ -185,20 +184,16 @@ input_to_decoder (SEC_PKCS12DecoderContext *dcx, const char *path, GError **erro while (TRUE) { amount = fread (buf, 1, sizeof (buf), fp); if (amount < 0) { - printf ("got -1 fread\n"); fclose (fp); return FALSE; } + /* feed the file data into the decoder */ srv = SEC_PKCS12DecoderUpdate(dcx, (unsigned char*) buf, amount); if (srv) { - /* don't allow the close call to overwrite our precious error code */ /* XXX g_error */ - int pr_err = PORT_GetError(); - PORT_SetError(pr_err); - printf ("SEC_PKCS12DecoderUpdate returned %d\n", srv); fclose (fp); return FALSE; } @@ -209,6 +204,9 @@ input_to_decoder (SEC_PKCS12DecoderContext *dcx, const char *path, GError **erro return TRUE; } +/* XXX toshok - this needs to be done using a signal as in the + e_cert_db_login_to_slot stuff, instead of a direct gui dep here.. + for now, though, it stays. */ static gboolean prompt_for_password (char *title, char *prompt, SECItem *pwd) { @@ -219,8 +217,27 @@ prompt_for_password (char *title, char *prompt, SECItem *pwd) NULL); if (passwd) { - SECITEM_AllocItem(NULL, pwd, PL_strlen (passwd)); - memcpy (pwd->data, passwd, strlen (passwd)); + int len = g_utf8_strlen (passwd, -1); + gunichar2 uni; + int i; + char *p; + + SECITEM_AllocItem(NULL, pwd, sizeof (gunichar2) * (len + 1)); + memset (pwd->data, 0, sizeof (gunichar2) * (len + 1)); + +#ifdef IS_LITTLE_ENDIAN + p = passwd; + for (i=0; i < len; i++) { + uni = (gunichar2)(g_utf8_get_char (p) & 0xFFFF); + p = g_utf8_next_char (p); + + pwd->data[2*i] = (unsigned char)(uni >> 8); + pwd->data[2*i+1] = (unsigned char)(uni & 0xFF); + } +#else + memcpy (pwd->data, uni, pwd->len-2); +#endif + memset (passwd, 0, strlen (passwd)); g_free (passwd); } @@ -228,19 +245,17 @@ prompt_for_password (char *title, char *prompt, SECItem *pwd) } static gboolean -import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry, GError **error) +import_from_file_helper (EPKCS12 *pkcs12, PK11SlotInfo *slot, + const char *path, gboolean *aWantRetry, GError **error) { /*nsNSSShutDownPreventionLock locker; */ - gboolean rv = TRUE; + gboolean rv; SECStatus srv = SECSuccess; SEC_PKCS12DecoderContext *dcx = NULL; SECItem passwd; GError *err = NULL; - PK11SlotInfo *slot = PK11_GetInternalKeySlot (); /* XXX toshok - we - hardcode this - here */ - *aWantRetry = FALSE; + *aWantRetry = FALSE; passwd.data = NULL; rv = prompt_for_password (_("PKCS12 File Password"), _("Enter password for PKCS12 file:"), &passwd); @@ -250,32 +265,14 @@ import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry return TRUE; } -#if notyet - /* XXX we don't need this block as long as we hardcode the - slot above */ - nsXPIDLString tokenName; - nsXPIDLCString tokenNameCString; - const char *tokNameRef; - - - mToken->GetTokenName (getter_Copies(tokenName)); - tokenNameCString.Adopt (ToNewUTF8String(tokenName)); - tokNameRef = tokenNameCString; /* I do this here so that the - NS_CONST_CAST below doesn't - break the build on Win32 */ - - slot = PK11_FindSlotByName (NS_CONST_CAST(char*,tokNameRef)); - if (!slot) { - srv = SECFailure; - goto finish; - } -#endif - /* initialize the decoder */ - dcx = SEC_PKCS12DecoderStart (&passwd, slot, NULL, - NULL, NULL, - NULL, NULL, - pkcs12); + dcx = SEC_PKCS12DecoderStart (&passwd, + slot, + /* we specify NULL for all the + funcs + data so it'll use the + default pk11wrap functions */ + NULL, NULL, NULL, + NULL, NULL, NULL); if (!dcx) { srv = SECFailure; goto finish; @@ -289,19 +286,21 @@ import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry // inputToDecoder indicated a NSS error srv = SECFailure; } +#else + srv = SECFailure; #endif goto finish; } /* verify the blob */ srv = SEC_PKCS12DecoderVerify (dcx); - if (srv) { printf ("decoderverify failed\n"); goto finish; } + if (srv) goto finish; /* validate bags */ srv = SEC_PKCS12DecoderValidateBags (dcx, nickname_collision); - if (srv) { printf ("decodervalidatebags failed\n"); goto finish; } + if (srv) goto finish; /* import cert and key */ srv = SEC_PKCS12DecoderImportBags (dcx); - if (srv) { printf ("decoderimportbags failed\n"); goto finish; } + if (srv) goto finish; /* Later - check to see if this should become default email cert */ handle_error (PKCS12_RESTORE_OK); finish: @@ -309,18 +308,14 @@ import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry We should use that error code instead of inventing a new one for every error possible. */ if (srv != SECSuccess) { - printf ("srv != SECSuccess\n"); if (SEC_ERROR_BAD_PASSWORD == PORT_GetError()) { - printf ("BAD PASSWORD\n"); *aWantRetry = TRUE; } handle_error(PKCS12_NSS_ERROR); } else if (!rv) { handle_error(PKCS12_RESTORE_FAILED); } - if (slot) - PK11_FreeSlot(slot); - // finish the decoder + /* finish the decoder */ if (dcx) SEC_PKCS12DecoderFinish(dcx); return TRUE; @@ -332,32 +327,17 @@ e_pkcs12_import_from_file (EPKCS12 *pkcs12, const char *path, GError **error) /*nsNSSShutDownPreventionLock locker;*/ gboolean rv = TRUE; gboolean wantRetry; + PK11SlotInfo *slot; + printf ("importing pkcs12 from `%s'\n", path); -#if 0 - /* XXX we don't use tokens yet */ - if (!mToken) { - if (!mTokenSet) { - rv = SetToken(NULL); // Ask the user to pick a slot - if (NS_FAILED(rv)) { - handle_error(PKCS12_USER_CANCELED); - return rv; - } - } - } + slot = PK11_GetInternalKeySlot(); - if (!mToken) { - handle_error(PKCS12_RESTORE_FAILED); - return NS_ERROR_NOT_AVAILABLE; - } + if (!e_cert_db_login_to_slot (e_cert_db_peek (), slot)) + return FALSE; - /* init slot */ - rv = mToken->Login(PR_TRUE); - if (NS_FAILED(rv)) return rv; -#endif - do { - rv = import_from_file_helper (pkcs12, path, &wantRetry, error); + rv = import_from_file_helper (pkcs12, slot, path, &wantRetry, error); } while (rv && wantRetry); return rv; @@ -433,18 +413,6 @@ nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx) return new_nick; } -/* write bytes to the exported PKCS#12 file */ -static void PR_CALLBACK -write_export_file(void *arg, const char *buf, unsigned long len) -{ - EPKCS12 *pkcs12 = E_PKCS12 (arg); - EPKCS12Private *priv = pkcs12->priv; - - printf ("write_export_file\n"); - - write (priv->tmp_fd, buf, len); -} - static gboolean handle_error(int myerr) { -- cgit v1.2.3