Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changes for NSS/JSS integration.

Browse Source 
git-svn-id: svn://10.0.0.236/trunk@96967 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
nicolson%netscape.com 2001-06-12 20:57:20 +00:00
parent 9c9c9d9f98
commit 045745acdd
9 changed files with 172 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
mozilla/security/nss/lib/certdb/pcertdb.c
View File

@ -34,7 +34,7 @@
/*
* Permanent Certificate database handling code
*
* $Id: pcertdb.c,v 1.13 2001-04-11 22:28:11 nelsonb%netscape.com Exp $
* $Id: pcertdb.c,v 1.14 2001-06-12 20:57:09 nicolson%netscape.com Exp $
*/
#include "prtime.h"
@ -7196,10 +7196,6 @@ CERT_SaveImportedCert(CERTCertificate *cert, SECCertUsage usage,
break;
}
if ( (trust.sslFlags | trust.emailFlags | trust.objectSigningFlags) == 0 ){
saveit = PR_FALSE;
}
if ( saveit ) {
if ( cert->isperm ) {
/* Cert already in the DB. Just adjust flags */

12
mozilla/security/nss/lib/nss/nss.def
View File

@ -95,6 +95,7 @@ DER_GeneralizedTimeToTime;
NSS_Init;
NSS_Initialize;
NSS_InitReadWrite;
NSS_IsInitialized;
NSS_NoDB_Init;
NSS_Shutdown;
NSS_VersionCheck;
@ -113,6 +114,7 @@ PK11_DigestOp;
PK11_DigestFinal;
PK11_DoesMechanism;
PK11_FindCertFromNickname;
PK11_FindCertsFromNickname;
PK11_FindCertFromDERCert;
PK11_FindCertByIssuerAndSN;
PK11_FindKeyByAnyCert;
@ -307,6 +309,7 @@ PK11_GetKeyStrength;
PK11_ImportCertForKeyToSlot;
PK11_ImportEncryptedPrivateKeyInfo;
PK11_ImportPrivateKeyInfo;
PK11_ImportDERPrivateKeyInfo;
PK11_MapPBEMechanismToCryptoMechanism;
PK11_PBEKeyGen;
PK11_ParamFromAlgid;
@ -477,6 +480,10 @@ PBE_CreateContext;
PBE_DestroyContext;
PBE_GenerateBits;
PK11_CheckSSOPassword;
PK11_CopySymKeyForSigning;
PK11_DeleteTokenCertAndKey;
PK11_DEREncodePublicKey;
PK11_FindKeyByKeyID;
PK11_GetIVLength;
PK11_GetKeyData;
PK11_GetKeyType;
@ -486,6 +493,7 @@ PK11_ImportCertForKey;
PK11_ImportDERCertForKey;
PK11_IsLoggedIn;
PK11_KeyForDERCertExists;
PK11_KeyForCertExists;
PK11_Logout;
PK11_NeedPWInit;
PK11_MakeIDFromPubKey;
@ -510,6 +518,9 @@ PK11_ReferenceSlot;
PK11_GetSlotPWValues;
PK11_ImportSymKey;
PK11_ExtractKeyValue;
PK11_TraversePrivateKeysInSlot;
PK11_TraverseCertsInSlot;
SEC_CertNicknameConflict;
SECMOD_DeleteInternalModule;
SECMOD_DestroyModule;
SECMOD_GetDefaultModuleList;
@ -521,6 +532,7 @@ SECMOD_ReleaseReadLock;
SECKEY_GetPrivateKeyType;
SECKEY_EncodeDERSubjectPublicKeyInfo;
SECKEY_ExtractPublicKey;
SECKEY_HashPassword;
SEC_PKCS5GetIV;
VFY_EndWithSignature;
;+ local:

9
mozilla/security/nss/lib/nss/nss.h
View File

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: nss.h,v 1.10 2001-04-11 22:42:28 nelsonb%netscape.com Exp $
* $Id: nss.h,v 1.11 2001-06-12 20:57:13 nicolson%netscape.com Exp $
*/
#ifndef __nss_h_
@ -131,6 +131,13 @@ SECStatus NSS_NoDB_Init(const char *configdir);
*/
extern void NSS_Shutdown(void);
/*
* Returns PR_TRUE if NSS has already been successfully initialized,
* PR_FALSE otherwise.
*/
PRBool NSS_IsInitialized();
SEC_END_PROTOS
#endif /* __nss_h_ */

12
mozilla/security/nss/lib/nss/nssinit.c
View File

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
# $Id: nssinit.c,v 1.18 2001-03-14 18:58:14 javi%netscape.com Exp $
# $Id: nssinit.c,v 1.19 2001-06-12 20:57:14 nicolson%netscape.com Exp $
*/
#include <ctype.h>
@ -180,6 +180,8 @@ nss_OpenSecModDB(const char * configdir,const char *dbname)
static CERTCertDBHandle certhandle = { 0 };
static PRBool isInitialized = PR_FALSE;
static SECStatus
nss_OpenVolatileCertDB() {
SECStatus rv = SECSuccess;
@ -280,7 +282,7 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
}
}
rv = SECSuccess;
isInitialized = PR_TRUE;
loser:
if (rv != SECSuccess)
@ -302,6 +304,12 @@ NSS_InitReadWrite(const char *configdir)
PR_FALSE, PR_FALSE, PR_FALSE);
}
PRBool
NSS_IsInitialized()
{
return isInitialized;
}
/*
* OK there are now lots of options here, lets go through them all:
*

63
mozilla/security/nss/lib/pk11wrap/pk11cert.c
View File

@ -842,7 +842,7 @@ typedef struct pk11TraverseSlotStr {
void *callbackArg;
CK_ATTRIBUTE *findTemplate;
int templateCount;
} pk11TraverseSlotCert;
} pk11TraverseSlot;
/*
* Extract all the certs on a card from a slot.
@ -854,7 +854,7 @@ PK11_TraverseSlot(PK11SlotInfo *slot, void *arg)
CK_OBJECT_HANDLE *objID = NULL;
int object_count = 0;
CK_ULONG returned_count = 0;
pk11TraverseSlotCert *slotcb = (pk11TraverseSlotCert *) arg;
pk11TraverseSlot *slotcb = (pk11TraverseSlot*) arg;
objID = pk11_FindObjectsByTemplate(slot,slotcb->findTemplate,
slotcb->templateCount,&object_count);
@ -982,7 +982,7 @@ pk11_UpdateSlotPQG(PK11SlotInfo *slot)
static SECStatus
pk11_ExtractCertsFromSlot(PK11SlotInfo *slot, void *arg)
{
pk11TraverseSlotCert *slotcb = (pk11TraverseSlotCert *) arg;
pk11TraverseSlot *slotcb = (pk11TraverseSlot*) arg;
int object_count;
SECStatus rv;
@ -1023,7 +1023,7 @@ PK11_ReadSlotCerts(PK11SlotInfo *slot)
/* build slot list */
pk11CertCallback caller;
pk11DoCertCallback saver;
pk11TraverseSlotCert creater;
pk11TraverseSlot creater;
CK_ATTRIBUTE theTemplate;
CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
@ -1083,7 +1083,7 @@ PK11_TraverseSlotCerts(SECStatus(* callback)(CERTCertificate*,SECItem *,void *),
void *arg, void *wincx) {
pk11CertCallback caller;
pk11DoCertCallback saver;
pk11TraverseSlotCert creater;
pk11TraverseSlot creater;
CK_ATTRIBUTE theTemplate;
CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
@ -1103,6 +1103,48 @@ PK11_TraverseSlotCerts(SECStatus(* callback)(CERTCertificate*,SECItem *,void *),
&creater, wincx);
}
/***********************************************************************
* PK11_TraversePrivateKeysInSlot
*
* Traverses all the private keys on a slot.
*
* INPUTS
* slot
* The PKCS #11 slot whose private keys you want to traverse.
* callback
* A callback function that will be called for each key.
* arg
* An argument that will be passed to the callback function.
*/
SECStatus
PK11_TraversePrivateKeysInSlot( PK11SlotInfo *slot,
SECStatus(* callback)(SECKEYPrivateKey*, void*), void *arg)
{
pk11KeyCallback perKeyCB;
pk11TraverseSlot perObjectCB;
CK_OBJECT_CLASS privkClass = CKO_PRIVATE_KEY;
CK_ATTRIBUTE theTemplate[1];
int templateSize = 1;
theTemplate[0].type = CKA_CLASS;
theTemplate[0].pValue = &privkClass;
theTemplate[0].ulValueLen = sizeof(privkClass);
if(slot==NULL) {
return SECSuccess;
}
perObjectCB.callback = pk11_DoKeys;
perObjectCB.callbackArg = &perKeyCB;
perObjectCB.findTemplate = theTemplate;
perObjectCB.templateCount = templateSize;
perKeyCB.callback = callback;
perKeyCB.callbackArg = arg;
perKeyCB.wincx = NULL;
return PK11_TraverseSlot(slot, &perObjectCB);
}
CK_OBJECT_HANDLE *
PK11_FindObjectsFromNickname(char *nickname,PK11SlotInfo **slotptr,
CK_OBJECT_CLASS objclass, int *returnCount, void *wincx) {
@ -2117,7 +2159,7 @@ PK11_TraverseCertsForSubjectInSlot(CERTCertificate *cert, PK11SlotInfo *slot,
SECStatus(* callback)(CERTCertificate*, void *), void *arg)
{
pk11DoCertCallback caller;
pk11TraverseSlotCert callarg;
pk11TraverseSlot callarg;
CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
CK_ATTRIBUTE theTemplate[] = {
{ CKA_CLASS, NULL, 0 },
@ -2148,7 +2190,7 @@ PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot,
SECStatus(* callback)(CERTCertificate*, void *), void *arg)
{
pk11DoCertCallback caller;
pk11TraverseSlotCert callarg;
pk11TraverseSlot callarg;
CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
CK_ATTRIBUTE theTemplate[] = {
{ CKA_CLASS, NULL, 0 },
@ -2184,7 +2226,7 @@ PK11_TraverseCertsInSlot(PK11SlotInfo *slot,
SECStatus(* callback)(CERTCertificate*, void *), void *arg)
{
pk11DoCertCallback caller;
pk11TraverseSlotCert callarg;
pk11TraverseSlot callarg;
CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
CK_ATTRIBUTE theTemplate[] = {
{ CKA_CLASS, NULL, 0 },
@ -2649,6 +2691,11 @@ pk11ListCertCallback(CERTCertificate *cert, SECItem *derCert, void *arg)
return SECSuccess;
}
/* if we want CA certs and it ain't one, skip it */
if( type == PK11CertListCA && (!isCACert(newCert)) ) {
CERT_DestroyCertificate(newCert);
return SECSuccess;
}
/* put slot certs at the end */
if (newCert->slot && !PK11_IsInternal(newCert->slot)) {

9
mozilla/security/nss/lib/pk11wrap/pk11func.h
View File

@ -301,6 +301,10 @@ SECStatus PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot,
SECKEYPrivateKeyInfo *pki, SECItem *nickname,
SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
unsigned int usage, void *wincx);
SECStatus PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot,
SECItem *derPKI, SECItem *nickname,
SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
unsigned int usage, void *wincx);
SECStatus PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot,
SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
SECItem *nickname, SECItem *publicValue, PRBool isPerm,
@ -329,6 +333,9 @@ PK11SymKey * pk11_CopyToSlot(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey);
SECItem *PK11_GetKeyIDFromCert(CERTCertificate *cert, void *wincx);
SECItem * PK11_GetKeyIDFromPrivateKey(SECKEYPrivateKey *key, void *wincx);
SECItem* PK11_DEREncodePublicKey(SECKEYPublicKey *pubk);
PK11SymKey* PK11_CopySymKeyForSigning(PK11SymKey *originalKey,
CK_MECHANISM_TYPE mech);
/**********************************************************************
* Certs
@ -338,6 +345,8 @@ CERTCertificate *PK11_GetCertFromPrivateKey(SECKEYPrivateKey *privKey);
SECStatus PK11_TraverseSlotCerts(
SECStatus(* callback)(CERTCertificate*,SECItem *,void *),
void *arg, void *wincx);
SECStatus PK11_TraversePrivateKeysInSlot( PK11SlotInfo *slot,
SECStatus(* callback)(SECKEYPrivateKey*, void*), void *arg);
CERTCertificate * PK11_FindCertFromNickname(char *nickname, void *wincx);
CERTCertList * PK11_FindCertsFromNickname(char *nickname, void *wincx);
SECKEYPrivateKey * PK11_FindPrivateKeyFromNickname(char *nickname, void *wincx);

75
mozilla/security/nss/lib/pk11wrap/pk11skey.c
View File

@ -4244,6 +4244,37 @@ done:
return rv;
}
SECStatus
PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot, SECItem *derPKI,
SECItem *nickname, SECItem *publicValue, PRBool isPerm,
PRBool isPrivate, unsigned int keyUsage, void *wincx)
{
SECKEYPrivateKeyInfo *pki = NULL;
PRArenaPool *temparena = NULL;
SECStatus rv = SECFailure;
temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
pki = PORT_ZNew(SECKEYPrivateKeyInfo);
rv = SEC_ASN1DecodeItem(temparena, pki, SECKEY_PrivateKeyInfoTemplate,
derPKI);
if( rv != SECSuccess ) {
goto finish;
}
rv = PK11_ImportPrivateKeyInfo(slot, pki, nickname, publicValue,
isPerm, isPrivate, keyUsage, wincx);
finish:
if( pki != NULL ) {
SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/);
}
if( temparena != NULL ) {
PORT_FreeArena(temparena, PR_TRUE);
}
return rv;
}
/*
* import a private key info into the desired slot
*/
@ -4293,9 +4324,6 @@ PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki,
keyType = CKK_RSA;
break;
case SEC_OID_ANSIX9_DSA_SIGNATURE:
if(!publicValue) {
goto loser;
}
keyTemplate = SECKEY_DSAPrivateKeyExportTemplate;
paramTemplate = SECKEY_PQGParamsTemplate;
paramDest = &(lpk->u.dsa.params);
@ -4395,6 +4423,17 @@ PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki,
* our database, we need to pass in the public key value for
* this dsa key. We have a netscape only CKA_ value to do this.
* Only send it to internal slots */
if( publicValue == NULL ) {
/*
* Try to extract the public value out of the private key.
* This might not work, since the public value is not
* required to be in the private key.
*/
publicValue = &lpk->u.dsa.publicValue;
if( publicValue->data == NULL || publicValue->len == 0) {
goto loser;
}
}
if (PK11_IsInternal(slot)) {
PK11_SETATTRS(attrs, CKA_NETSCAPE_DB,
publicValue->data, publicValue->len); attrs++;
@ -4900,3 +4939,33 @@ PK11_SetFortezzaHack(PK11SymKey *symKey) {
symKey->origin = PK11_OriginFortezzaHack;
}
SECItem*
PK11_DEREncodePublicKey(SECKEYPublicKey *pubk)
{
CERTSubjectPublicKeyInfo *spki=NULL;
SECItem *spkiDER = NULL;
if( pubk == NULL ) {
return NULL;
}
/* get the subjectpublickeyinfo */
spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
if( spki == NULL ) {
goto finish;
}
/* DER-encode the subjectpublickeyinfo */
spkiDER = SEC_ASN1EncodeItem(NULL /*arena*/, NULL/*dest*/, spki,
CERT_SubjectPublicKeyInfoTemplate);
finish:
return spkiDER;
}
PK11SymKey*
PK11_CopySymKeyForSigning(PK11SymKey *originalKey, CK_MECHANISM_TYPE mech)
{
return pk11_CopyToSlot(PK11_GetSlotFromKey(originalKey), mech, CKA_SIGN,
originalKey);
}

3
mozilla/security/nss/lib/pk11wrap/secmodt.h
View File

@ -99,7 +99,8 @@ struct PK11RSAGenParamsStr {
typedef enum {
PK11CertListUnique = 0,
PK11CertListUser = 1,
PK11CertListRootUnique = 2
PK11CertListRootUnique = 2,
PK11CertListCA = 3
} PK11CertListType;
/*

3
mozilla/security/nss/lib/smime/smime.def
View File

@ -128,9 +128,11 @@ NSS_CMSSignerInfo_IncludeCerts;
NSS_CMSUtil_VerificationStatusToString;
NSS_SMIMEUtil_FindBulkAlgForRecipients;
CERT_DecodeCertPackage;
SEC_PKCS7AddCertificate;
SEC_PKCS7AddRecipient;
SEC_PKCS7AddSigningTime;
SEC_PKCS7ContentType;
SEC_PKCS7CreateCertsOnly;
SEC_PKCS7CreateData;
SEC_PKCS7CreateEncryptedData;
SEC_PKCS7CreateEnvelopedData;
@ -141,6 +143,7 @@ SEC_PKCS7DecoderStart;
SEC_PKCS7DecoderUpdate;
SEC_PKCS7DecryptContents;
SEC_PKCS7DestroyContentInfo;
SEC_PKCS7Encode;
SEC_PKCS7EncoderFinish;
SEC_PKCS7EncoderStart;
SEC_PKCS7EncoderUpdate;