Change text in password dialogs to account for expanded set of capabilities

(beyond just certificates)


git-svn-id: svn://10.0.0.236/branches/SDR_BRANCH@72038 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/extensions/psm-glue/Makefile.in

@@ -0,0 +1,32 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+# 
+
+DEPTH		= ../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= public src res
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/extensions/psm-glue/makefile.win

@@ -0,0 +1,27 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..
+include <$(DEPTH)/config/config.mak>
+
+DIRS = public src res
+
+include <$(DEPTH)\config\rules.mak>

mozilla/extensions/psm-glue/public/MANIFEST

@@ -0,0 +1,4 @@
+nsIPSMComponent.idl
+nsIPSMUIHandler.idl
+nsISecureBrowserUI.idl
+nsISSLSocketProvider.idl

mozilla/extensions/psm-glue/public/Makefile.in

@@ -0,0 +1,45 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#   Hubbie Shaw
+#   Doug Turner <dougt@netscape.com>
+#   Terry Hayes <thayes@netscape.com>
+# 
+
+MODULE = psmglue
+
+DEPTH		= ../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+XPIDLSRCS = \
+	nsIPSMComponent.idl \
+	nsIPSMUIHandler.idl \
+	nsISecureBrowserUI.idl \
+    nsIPSMSocketInfo.idl \
+	nsISSLSocketProvider.idl \
+	nsISecretDecoderRing.idl \
+	$(NULL)
+
+PREF_JS_EXPORTS	= $(srcdir)/psm-glue.js
+
+include $(topsrcdir)/config/rules.mk

mozilla/extensions/psm-glue/public/makefile.win

@@ -0,0 +1,53 @@
+#!nmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is mozilla.org code.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+# 
+# Contributor(s):
+#   Hubbie Shaw
+#   Doug Turner <dougt@netscape.com>
+#   Terry Hayes <thayes@netscape.com>
+#
+
+MODULE = psmglue
+
+DEPTH=..\..\..
+IGNORE_MANIFEST=1
+
+DLLNAME       = psmglue
+PDBFILE       = $(DLLNAME).pdb
+MAPFILE       = $(DLLNAME).map
+DLL           = .\$(OBJDIR)\$(DLLNAME).dll
+MAKE_OBJ_TYPE = DLL
+
+include <$(DEPTH)/config/config.mak>
+
+XPIDL_INCLUDES=-I$(DEPTH)\..\mozilla\dist\idl
+
+XPIDLSRCS= \
+    .\nsIPSMComponent.idl \
+    .\nsIPSMUIHandler.idl \
+    .\nsISecureBrowserUI.idl \
+    .\nsISSLSocketProvider.idl \
+    .\nsIPSMSocketInfo.idl \
+    .\nsISecretDecoderRing.idl \
+    $(NULL)
+
+include <$(DEPTH)\config\rules.mak>
+
+install::
+    $(MAKE_INSTALL) .\psm-glue.js $(DIST)\bin\defaults\pref

mozilla/extensions/psm-glue/public/nsIPSMComponent.idl

@@ -0,0 +1,87 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+ *   Mitch Stoltz <mstoltz@netscape.com>
+*/
+
+#include "nsISupports.idl"
+interface nsIPrincipal;
+
+%{C++
+#include "cmtcmn.h"
+%}
+
+[ptr] native nsCMTControlStar(CMT_CONTROL);
+
+[scriptable, uuid(9e482670-5412-11d3-bbc8-0000861d1237)]
+interface nsIPSMComponent : nsISupports 
+{
+
+  [noscript] nsCMTControlStar getControlConnection( );
+
+  /**
+   *  Display the Security Advisor.  PickledStatus and hostName can be null. 
+   *  If they are, the "Selected Info" dialog will be empty.
+   */
+
+  void displaySecurityAdvisor(in string pickledStatus, in string hostName);
+
+  /**
+   *  This will send PSM all preferences that we know about.
+   */
+  void passPrefs();
+
+ /* Sig Verification Error Codes */
+  const long VERIFY_OK = 0;
+  const long VERIFY_NOSIG = -2;
+  const long VERIFY_ERROR_UNKNOWN_CA  = -8172;
+  
+  /* Hash Algorithms (based on cmtcmn.h) */ 
+  const short MD2  = 1;
+  const short MD5  = 2;
+  const short SHA1 = 3;
+  const unsigned long MD2_LENGTH  = 16;
+  const unsigned long MD5_LENGTH  = 16;
+  const unsigned long SHA1_LENGTH = 20;
+  const unsigned long MAX_HASH_LENGTH = SHA1_LENGTH;
+
+  /* Secure Hashing functions */
+  void hashBegin(in unsigned long alg, out unsigned long id);
+  void hashUpdate(in unsigned long id, in string buf, in unsigned long buflen);
+  void hashEnd(in unsigned long id, out string hash, out unsigned long hashlen,
+               in unsigned long maxLen);
+  
+  /* Signature Verification functions */
+  void verifyRSABegin(out unsigned long id);
+  void verifyRSAUpdate(in unsigned long id, in string buf, 
+                       in unsigned long buflen);
+  void verifyRSAEnd(in unsigned long id, in string plaintext,
+                    in unsigned long plaintextLen,
+                    in boolean keepCert, out nsIPrincipal principal, out long result);
+  nsIPrincipal CreatePrincipalFromCert(in unsigned long certID);
+};
+
+%{C++
+#define PSM_COMPONENT_PROGID "component://netscape/psm"
+#define PSM_COMPONENT_CLASSNAME "Mozilla PSM Component"
+%}
+

mozilla/extensions/psm-glue/public/nsIPSMSocketInfo.idl

@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nsISupports.idl"
+
+%{C++
+#include "cmtcmn.h"
+#include "nsPSMShimLayer.h"
+%}
+
+[ptr] native psmtControlStar(CMT_CONTROL);
+[ptr] native cmSocketStar(CMSocket);
+[ptr] native nsFileDescStar(PRFileDesc);
+
+[noscript, uuid(deeb8dfc-fb7a-11d3-ac84-00c04fa0d26b)]
+interface nsIPSMSocketInfo : nsISupports {
+    
+    readonly attribute string           hostName;
+    readonly attribute psmtControlStar  controlPtr;
+    readonly attribute cmSocketStar     socketPtr;
+    readonly attribute nsFileDescStar   fileDescPtr;
+
+    void getPickledStatus(out charStar pickledStatus);
+};
+

mozilla/extensions/psm-glue/public/nsIPSMUIHandler.idl

@@ -0,0 +1,36 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Mozilla browser.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications, Inc.  Portions created by Netscape are
+ * Copyright (C) 1999, Mozilla.  All Rights Reserved.
+ * 
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+ */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(d92be9b0-601b-11d3-8c4a-000064657374)]
+interface nsIPSMUIHandler : nsISupports
+{
+    void DisplayURI(in long width, in long height, in string urlStr);
+    void PromptForFile(in wstring prompt, in string fileRegEx, in boolean shouldFileExist, out string outFile);
+};
+
+%{C++
+#define PSM_UI_HANLDER_PROGID "component://netscape/psm/ui"
+#define PSM_UI_HANLDER_CLASSNAME "Mozilla PSM UI Handler"
+%}

mozilla/extensions/psm-glue/public/nsISSLSocketProvider.idl

@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nsISocketProvider.idl"
+
+[noscript, uuid(856a93d0-5415-11d3-bbc8-0000861d1237)]
+interface nsISSLSocketProvider : nsISocketProvider {
+};
+
+%{C++
+#define NS_ISSLSOCKETPROVIDER_PROGID     NS_NETWORK_SOCKET_PROGID_PREFIX "ssl"
+#define NS_ISSLSOCKETPROVIDER_CLASSNAME  "Mozilla SSL Socket Provider Component"
+
+%}

mozilla/extensions/psm-glue/public/nsISecretDecoderRing.idl

@@ -0,0 +1,63 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Netscape Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *  thayes@netscape.com
+ *
+ */
+
+#include "nsISupports.idl"
+
+/* Buffer type - for storing 8-bit octet values */
+[ptr] native buffer(unsigned char);
+
+[scriptable, uuid(0EC80360-075C-11d4-9FD4-00C04F1B83D8)]
+interface nsISecretDecoderRing: nsISupports {
+
+  /* Encrypt a buffer - callable only from C++ */
+  [noscript] long encrypt(in buffer data, in long dataLen, out buffer result);
+
+  /* Decrypt a buffer - callable only from C++ */
+  [noscript] long decrypt(in buffer data, in long dataLen, out buffer result);
+
+  /* Encrypt nul-terminated string to BASE64 output */
+  string encryptString(in string text);
+
+  /* Decrypt BASE64 input to nul-terminated string output */
+  /* There is no check for embedded nul values in the decrypted output */
+  string decryptString(in string crypt);
+
+  /* Prompt the user to change the password on the SDR key */
+  void changePassword();
+
+  /* Logout of the security device that protects the SDR key */
+  void logout();
+};
+
+/*
+ * Configuration interface for the Secret Decoder Ring
+ *  - this interface allows setting the window that will be
+ *    used as parent for dialog windows (such as password prompts)
+ */
+[scriptable, uuid(01D8C0F0-0CCC-11d4-9FDD-000064657374)]
+interface nsISecretDecoderRingConfig: nsISupports {
+  void setWindow(in nsISupports w);
+};
+
+

mozilla/extensions/psm-glue/public/nsISecureBrowserUI.idl

@@ -0,0 +1,44 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nsISupports.idl"
+
+interface nsIDOMWindow;
+interface nsIDOMElement;
+
+[scriptable, uuid(081e31e0-a144-11d3-8c7c-00609792278c)]
+interface nsSecureBrowserUI : nsISupports
+{
+	void init(in nsIDOMWindow window, in nsIDOMElement button);
+    void displayPageInfoUI();
+};
+
+%{C++
+#define NS_SECURE_BROWSER_UI_PROGID "component://netscape/secure_browser_ui"
+#define NS_SECURE_BROWSER_UI_CLASSNAME "Mozilla Secure Browser UI Handler"
+
+#define NS_SECURE_BROWSER_UI_CID \
+{ 0x10fe7ea0, 0xa10a, 0x11d3, {0x8c, 0x7c, 0x00, 0x60, 0x97, 0x92, 0x27, 0x8c}}
+
+%}

mozilla/extensions/psm-glue/public/psm-glue.js

@@ -0,0 +1,11 @@
+pref("general.useragent.security",       "U");
+
+pref("security.enable_ssl2",             true);
+pref("security.enable_ssl3",             true);
+pref("security.default_personal_cert",   "Select Automatically");
+pref("security.ask_for_password",        0);
+pref("security.password_lifetime",       30);
+pref("security.warn_entering_secure",    true);
+pref("security.warn_leaving_secure",     true);
+pref("security.warn_viewing_mixed",      true);
+pref("security.warn_submit_insecure",    true);

mozilla/extensions/psm-glue/res/Makefile.in

@@ -0,0 +1,32 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+# 
+
+DEPTH		= ../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= content skin locale
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/extensions/psm-glue/res/content/MANIFEST_GLOBAL

@@ -0,0 +1 @@
+PSMTaskMenu.xul

mozilla/extensions/psm-glue/res/content/MANIFEST_NAV

@@ -0,0 +1,2 @@
+NavSecurityOverlay.xul
+NavSecurityUI.js

mozilla/extensions/psm-glue/res/content/Makefile.in

@@ -0,0 +1,43 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+# 
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+include $(topsrcdir)/config/rules.mk
+
+NAVIGATOR_CONTENT_DIR = $(DIST)/bin/chrome/navigator/content/
+NAVIGATOR_EXPORT_CONTENT = \
+  $(srcdir)/NavSecurityOverlay.xul \
+  $(srcdir)/NavSecurityUI.js       \
+  $(NULL)
+
+GLOBAL_CONTENT_DIR = $(DIST)/bin/chrome/global/content/
+GLOBAL_EXPORT_CONTENT = \
+  $(srcdir)/PSMTaskMenu.xul \
+  $(NULL)
+
+install::
+	$(INSTALL) $(NAVIGATOR_EXPORT_CONTENT) $(NAVIGATOR_CONTENT_DIR)
+	$(INSTALL) $(GLOBAL_EXPORT_CONTENT) $(GLOBAL_CONTENT_DIR)

mozilla/extensions/psm-glue/res/content/NavSecurityOverlay.xul

@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+
+<overlay id="NavSecurityOverlay"
+xmlns:html="http://www.w3.org/TR/REC-html40"
+xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+
+<?xml-stylesheet href="chrome://navigator/skin/NavSecurityOverlay.css" type="text/css"?> 
+<html:script language="JavaScript" src="chrome://navigator/content/NavSecurityUI.js" />
+
+<box id="state-box">
+    <titledbutton id="security-button" class="borderless" align="left" onclick="displayPageInfo()"/>    
+</box>
+      
+</overlay>

mozilla/extensions/psm-glue/res/content/NavSecurityUI.js

@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+*/
+
+window.addEventListener("load", SetSecurityButton, false);
+
+var securityUI;
+
+function SetSecurityButton()
+{
+    dump("in SetSecurityButton\n");
+
+    var ui = Components.classes["component://netscape/secure_browser_ui"].createInstance();
+    securityUI = ui.QueryInterface(Components.interfaces.nsSecureBrowserUI);
+
+    var button  = document.getElementById('security-button');
+	if (button && window.content)
+		securityUI.init(window.content, button);
+}
+
+function displayPageInfo()
+{
+   if (securityUI)
+     securityUI.displayPageInfoUI();
+}
+
+

mozilla/extensions/psm-glue/res/content/PSMTaskMenu.xul

@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+
+<!DOCTYPE window SYSTEM "chrome://global/locale/PSMTaskMenu.dtd" >
+
+<overlay id="psmTaskMenuID"
+xmlns:html="http://www.w3.org/TR/REC-html40"
+xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+
+<html:script language="JavaScript">
+
+function displaySecurityAdvisor()
+{
+    var psm = Components.classes["component://netscape/psm"].getService();
+    psm = psm.QueryInterface(Components.interfaces.nsIPSMComponent);
+    psm.displaySecurityAdvisor( null, null );
+}
+
+</html:script>
+
+<menupopup id="personalManagers">
+    <menuitem id="PSMMentItem" position="1" value="&PSMCmd.label;" oncommand="displaySecurityAdvisor()"/>
+</menupopup>
+
+</overlay>

mozilla/extensions/psm-glue/res/content/makefile.win

@@ -0,0 +1,37 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..\..
+include <$(DEPTH)/config/config.mak>
+include <$(DEPTH)\config\rules.mak>
+
+install:: $(DLL)
+    $(MAKE_INSTALL) NavSecurityOverlay.xul     $(DIST)\bin\chrome\navigator\content
+    $(MAKE_INSTALL) NavSecurityUI.js           $(DIST)\bin\chrome\navigator\content
+
+install:: $(DLL)
+    $(MAKE_INSTALL) PSMTaskMenu.xul	$(DIST)\bin\chrome\global\content
+    
+clobber::
+    $(RM) $(DIST)\bin\chrome\navigator\content\NavSecurityOverlay.xul
+    $(RM) $(DIST)\bin\chrome\navigator\content\NavSecurityUI.js
+    $(RM) $(DIST)\bin\chrome\global\content\PSMTaskMenu.xul
+

mozilla/extensions/psm-glue/res/locale/Makefile.in

@@ -0,0 +1,32 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= en-US
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/extensions/psm-glue/res/locale/en-US/MANIFEST

@@ -0,0 +1 @@
+PSMTaskMenu.dtd

mozilla/extensions/psm-glue/res/locale/en-US/MANIFEST_NAV

@@ -0,0 +1 @@
+security.properties

mozilla/extensions/psm-glue/res/locale/en-US/Makefile.in

@@ -0,0 +1,44 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ../../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+EXPORT_RESOURCE_CONTENT = \
+	$(srcdir)/PSMTaskMenu.dtd \
+	$(NULL)
+
+EXPORT_NAV_RESOURCE_CONTENT = \
+	$(srcdir)/security.properties \
+	$(NULL)
+
+include $(topsrcdir)/config/rules.mk
+
+install:: 
+	$(INSTALL) $(EXPORT_RESOURCE_CONTENT) $(DIST)/bin/chrome/global/locale
+	$(INSTALL) $(EXPORT_NAV_RESOURCE_CONTENT) $(DIST)/bin/chrome/navigator/locale
+
+
+

mozilla/extensions/psm-glue/res/locale/en-US/PSMTaskMenu.dtd

@@ -0,0 +1 @@
+<!ENTITY PSMCmd.label     "Security Manager">

mozilla/extensions/psm-glue/res/locale/en-US/makefile.win

@@ -0,0 +1,36 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..\..\..
+
+include <$(DEPTH)\config\rules.mak>
+
+GLOBAL_DIST=$(DIST)\bin\chrome\global\locale
+NAV_DIST=$(DIST)\bin\chrome\navigator\locale
+
+
+install::
+	$(MAKE_INSTALL) PSMTaskMenu.dtd $(GLOBAL_DIST)
+	$(MAKE_INSTALL) security.properties $(NAV_DIST)
+
+clobber::
+  $(RM) -f $(DIST)\bin\chrome\global\locale\PSMTaskMenu.dtd
+  $(RM) -f $(DIST)\bin\chrome\navigator\locale\security.properties

mozilla/extensions/psm-glue/res/locale/en-US/security.properties

@@ -0,0 +1,28 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+# 
+
+Title=Security Warning
+MixedContentMessage=You have requested a secure document that contains some insecure information.
+LeaveSiteMessage=You have requested an insecure document. The document and any information you send back could be observed by a third party while in transit.
+EnterSiteMessage=You have requested a secure document. The document and any information you send back are encrypted for privacy while in transit.
+PostToInsecure=Although this document is secure, the information you have submitted is insecure and could be observed by a third party while in transit. If you are submitting passwords, credit card numbers, or other information you would like to keep private, it would be safer for you to cancel the submission.
+DontShowAgain=Show Me This Alert Next Time.
+FindText=Please find the Personal Security Manager application

mozilla/extensions/psm-glue/res/locale/makefile.win

@@ -0,0 +1,27 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..\..
+
+DIRS=en-US
+
+include <$(DEPTH)\config\rules.mak>
+

mozilla/extensions/psm-glue/res/makefile.win

@@ -0,0 +1,27 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..
+include <$(DEPTH)/config/config.mak>
+
+DIRS = skin content locale
+
+include <$(DEPTH)\config\rules.mak>

mozilla/extensions/psm-glue/res/skin/MANIFEST

@@ -0,0 +1,4 @@
+lock.gif
+unlock.gif
+broken.gif
+NavSecurityOverlay.css

mozilla/extensions/psm-glue/res/skin/Makefile.in

@@ -0,0 +1,39 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+# 
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+include $(topsrcdir)/config/rules.mk
+
+SKIN_DIR      = $(DIST)/bin/chrome/navigator/skin/
+EXPORT_SKINS  = \
+   $(srcdir)/broken.gif \
+   $(srcdir)/lock.gif   \
+   $(srcdir)/unlock.gif \
+   $(srcdir)/NavSecurityOverlay.css \
+   $(NULL)
+
+install::
+	$(INSTALL) $(EXPORT_SKINS) $(SKIN_DIR)

mozilla/extensions/psm-glue/res/skin/NavSecurityOverlay.css

@@ -0,0 +1,15 @@
+titledbutton#security-button {
+	list-style-image:url("chrome://navigator/skin/unlock.gif");
+}
+
+titledbutton#security-button[level="high"] {
+    list-style-image:url("chrome://navigator/skin/lock.gif");        
+}
+
+titledbutton#security-button[level="low"] {
+    list-style-image:url("chrome://navigator/skin/lock.gif");        
+}
+
+titledbutton#security-button[level="broken"] {
+    list-style-image:url("chrome://navigator/skin/broken.gif");        
+}

mozilla/extensions/psm-glue/res/skin/makefile.win

@@ -0,0 +1,41 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..\..
+
+include <$(DEPTH)/config/config.mak>
+
+include <$(DEPTH)\config\rules.mak>
+
+install::
+    $(MAKE_INSTALL) broken.gif                 $(DIST)\bin\chrome\navigator\skin
+    $(MAKE_INSTALL) lock.gif                   $(DIST)\bin\chrome\navigator\skin
+    $(MAKE_INSTALL) unlock.gif                 $(DIST)\bin\chrome\navigator\skin
+    $(MAKE_INSTALL) NavSecurityOverlay.css     $(DIST)\bin\chrome\navigator\skin
+    
+clobber::
+    $(RM) $(DIST)\bin\chrome\navigator\skin\broken.gif
+    $(RM) $(DIST)\bin\chrome\navigator\skin\lock.gif
+    $(RM) $(DIST)\bin\chrome\navigator\skin\unlock.gif
+    $(RM) $(DIST)\bin\chrome\navigator\skin\NavSecurityOverlay.css
+
+    
+    

mozilla/extensions/psm-glue/src/Makefile.in

@@ -0,0 +1,63 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#   Hubbie Shaw
+#   Doug Turner <dougt@netscape.com>
+# 
+
+DEPTH		= ../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+MODULE = psmglue
+
+IS_COMPONENT	= 1
+LIBRARY_NAME	= psmglue
+
+
+CPPSRCS	= \
+	nsPSMComponent.cpp \
+	nsPSMUICallbacks.cpp \
+	nsSSLSocketProvider.cpp \
+	nsPSMModule.cpp \
+	nsSSLIOLayer.cpp \
+	nsSecureBrowserUIImpl.cpp \
+	nsSDR.cpp \
+	$(NULL)
+
+CSRCS = \
+	nsPSMMutex.c	\
+	nsPSMShimLayer.c	\
+	$(NULL)
+
+EXTRA_DSO_LDOPTS = \
+	$(MOZ_COMPONENT_LIBS) \
+	-lcmt \
+	-lprotocol \
+	-lmozjs \
+	$(NULL)
+
+include $(topsrcdir)/config/rules.mk
+
+INCLUDES	+= \
+		-I$(srcdir) \
+		$(NULL)

mozilla/extensions/psm-glue/src/makefile.win

@@ -0,0 +1,68 @@
+#!nmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is mozilla.org code.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+# 
+# Contributor(s):
+#   Hubbie Shaw
+#   Doug Turner <dougt@netscape.com>
+#
+
+MODULE = psmglue
+
+DEPTH=..\..\..
+IGNORE_MANIFEST=1
+
+DLLNAME       = psmglue
+PDBFILE       = $(DLLNAME).pdb
+MAPFILE       = $(DLLNAME).map
+DLL           = .\$(OBJDIR)\$(DLLNAME).dll
+MAKE_OBJ_TYPE = DLL
+
+include <$(DEPTH)/config/config.mak>
+
+LINCS = $(LINCS)     \
+    -I$(PUBLIC)      \
+    -I$(PUBLIC)/security \
+    $(NULL)
+
+LLIBS   = \
+    $(LIBNSPR) \
+    $(DIST)\lib\neckobase_s.lib \
+    $(DIST)\lib\xpcom.lib \
+    $(DIST)\lib\js3250.lib \
+    $(DIST)\lib\cmt.lib       \
+    $(DIST)\lib\protocol.lib  \
+    $(DIST)\lib\mozreg.lib       \
+    $(NULL)
+
+OBJS = \
+    .\$(OBJDIR)\nsPSMMutex.obj \
+    .\$(OBJDIR)\nsPSMShimLayer.obj \
+    .\$(OBJDIR)\nsPSMComponent.obj \
+    .\$(OBJDIR)\nsPSMUICallbacks.obj \
+    .\$(OBJDIR)\nsPSMModule.obj \
+    .\$(OBJDIR)\nsSecureBrowserUIImpl.obj \
+    .\$(OBJDIR)\nsSSLIOLayer.obj \
+    .\$(OBJDIR)\nsSSLSocketProvider.obj \
+    .\$(OBJDIR)\nsSDR.obj \
+    $(NULL)
+
+include <$(DEPTH)\config\rules.mak>
+
+install:: $(DLL)
+    $(MAKE_INSTALL) .\$(OBJDIR)\$(DLLNAME).dll $(DIST)\bin\components

mozilla/extensions/psm-glue/src/nsPSMComponent.cpp

@@ -0,0 +1,822 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+ *   Mitch Stoltz <mstoltz@netscape.com>
+*/
+
+#include "nsProxiedService.h"
+#include "nsPSMUICallbacks.h"
+#include "VerReg.h"
+
+#include "nspr.h"
+#include "nsPSMComponent.h"
+
+#include "nsCRT.h"
+
+#include "nsIPref.h"
+#include "nsIProfile.h"
+#include "nsILocalFile.h"
+#ifdef XP_MAC
+#include "nsILocalFileMac.h"
+#endif
+#include "nsSpecialSystemDirectory.h"
+
+#include "rsrcids.h"
+
+#include "nsPSMMutex.h"
+#include "nsPSMShimLayer.h"
+#include "nsPSMUICallbacks.h"
+
+#include "nsISecureBrowserUI.h"
+#include "nsIDocumentLoaderObserver.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsICertificatePrincipal.h"
+
+#define PSM_VERSION_REG_KEY "/Netscape/Personal Security Manager"
+
+#ifdef WIN32
+#define PSM_FILE_NAME "psm.exe"
+#elif XP_UNIX
+#define PSM_FILE_NAME "start-psm"
+#define PSM_FILE_LOCATION "/opt/netscape/security/start-psm"
+#else
+#define PSM_FILE_NAME "psm"
+#endif
+
+
+static NS_DEFINE_CID(kCStringBundleServiceCID,  NS_STRINGBUNDLESERVICE_CID);
+static NS_DEFINE_CID(kProfileCID, NS_PROFILE_CID);
+static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
+
+
+nsPSMComponent* nsPSMComponent::mInstance = nsnull;
+
+nsPSMComponent::nsPSMComponent()
+{
+    NS_INIT_REFCNT();
+    mControl = nsnull;
+}
+
+nsPSMComponent::~nsPSMComponent()
+{
+    if (mControl)
+    {
+        CMT_CloseControlConnection(mControl);
+        mControl = nsnull;
+    }
+}
+
+
+NS_IMETHODIMP      
+nsPSMComponent::CreatePSMComponent(nsISupports* aOuter, REFNSIID aIID, void **aResult)
+{                                                                  
+    if (!aResult) {                                                
+        return NS_ERROR_INVALID_POINTER;                           
+    }                                                              
+    if (aOuter) {                                                  
+        *aResult = nsnull;                                         
+        return NS_ERROR_NO_AGGREGATION;                              
+    }                                                                
+    
+    if (mInstance == nsnull) 
+    {
+        mInstance = new nsPSMComponent();
+    }
+
+    if (mInstance == nsnull)
+        return NS_ERROR_OUT_OF_MEMORY;
+    
+    nsresult rv = mInstance->QueryInterface(aIID, aResult);                        
+    if (NS_FAILED(rv)) 
+    {                                             
+        *aResult = nsnull;                                           
+    }                                                                
+    return rv;                                                       
+}
+
+/* nsISupports Implementation for the class */
+NS_IMPL_THREADSAFE_ISUPPORTS1 (nsPSMComponent, nsIPSMComponent); 
+
+#define INIT_NUM_PREFS 100
+/* preference types */
+#define STRING_PREF 0
+#define BOOL_PREF 1
+#define INT_PREF 2
+
+
+/* resizable list struct that contains pref items */
+typedef struct CMSetPrefList {
+    int n; /* number of filled items */
+    int capacity; /* allocated memory */
+    CMTSetPrefElement* list; /* actual list */
+} CMSetPrefList;
+
+static void get_pack_bool_pref(nsIPref *prefManager, char* key, CMTSetPrefElement* list, int* n)
+{
+    PRBool boolpref;
+
+    list[*n].key = nsCRT::strdup(key);
+    list[*n].type = BOOL_PREF;
+
+    if ((prefManager->GetBoolPref(key, &boolpref) != 0) || boolpref) 
+    {
+        list[*n].value = nsCRT::strdup("true");
+    }
+    else 
+    {
+        list[*n].value = nsCRT::strdup("false");
+    }
+
+    (*n)++;    /* increment the counter after done packing */
+
+    return;
+}
+
+static void SaveAllPrefs(int number, CMTSetPrefElement* list)
+{
+    nsCOMPtr<nsIPref> prefManager;
+
+    nsresult res = nsServiceManager::GetService(kPrefCID, 
+                                                nsIPref::GetIID(), 
+                                                getter_AddRefs(prefManager));
+    
+    if (NS_FAILED(res)  || !prefManager)
+    {
+        return;
+    }
+
+
+    int i;
+    int intval;
+
+    for (i = 0; i < number; i++) 
+    {
+        if (list[i].key == nsnull) 
+        {
+            /* misconfigured item: next */
+            continue;
+        }
+
+        switch (list[i].type) 
+        {
+             case 0:    /* string type */
+                 prefManager->SetCharPref(list[i].key, list[i].value);
+                 break;
+             case 1:    /* boolean type */
+                 if (strcmp(list[i].value, "true") == 0) {
+                  prefManager->SetBoolPref(list[i].key, (PRBool)1);
+                 }
+                 else if (strcmp(list[i].value, "false") == 0) {
+                  prefManager->SetBoolPref(list[i].key, (PRBool)0);
+                 }
+                 break;
+             case 2:
+                 intval = atoi(list[i].value);
+                 prefManager->SetIntPref(list[i].key, intval);
+                 break;
+             default:
+                 break;
+         }
+    }
+
+    return;
+}
+
+NS_IMETHODIMP
+nsPSMComponent::PassPrefs()
+{
+    // if we have not passed anything to psm yet, this function can just return.
+
+    if (!mControl)
+        return NS_OK;
+
+    int i;
+    nsresult rv = NS_ERROR_FAILURE;
+    char* strpref = NULL;
+    int intpref;
+    PRBool boolpref;
+    CMSetPrefList prefs = {0};
+    CMTSetPrefElement* list = NULL;
+
+    char* pickAuto = "Select Automatically";
+    char* alwaysAsk = "Ask Every Time";
+    
+    nsCOMPtr<nsIPref> prefManager;
+
+    nsresult res = nsServiceManager::GetService(kPrefCID, 
+                                                nsIPref::GetIID(), 
+                                                getter_AddRefs(prefManager));
+
+    if (NS_OK != res) 
+    {
+        return NS_ERROR_FAILURE;
+    }
+
+    /* allocate memory for list */
+    prefs.n = 0; /* counter */
+    prefs.capacity = INIT_NUM_PREFS;
+    prefs.list = (CMTSetPrefElement*) new char[(INIT_NUM_PREFS * sizeof(CMTSetPrefElement))];
+    
+    if (prefs.list == NULL) 
+    {
+         return rv;
+    }
+
+    /* shorthand */
+    list = prefs.list;
+
+    /* get preferences */
+    get_pack_bool_pref(prefManager, "security.enable_ssl2", (CMTSetPrefElement*)list, &(prefs.n));
+    get_pack_bool_pref(prefManager, "security.enable_ssl3", (CMTSetPrefElement*)list, &(prefs.n));
+
+    /* this pref is a boolean pref in nature but a string pref for 
+     * historical reason
+     */
+
+    list[prefs.n].key = nsCRT::strdup("security.default_personal_cert");
+    list[prefs.n].type = STRING_PREF;
+
+    if ((prefManager->CopyCharPref(list[prefs.n].key, &strpref) == 0) && (strcmp(strpref, pickAuto) == 0)) 
+    {
+         list[prefs.n].value = nsCRT::strdup(pickAuto);
+    }
+    else 
+    {
+         /* although one could choose a specific cert for client auth in
+          * Nova, that mode is deprecated with PSM and mapped to ASK
+          */
+         list[prefs.n].value = nsCRT::strdup(alwaysAsk);
+    }
+
+    prefs.n++;
+    if (strpref != NULL) 
+    {
+         nsCRT::free(strpref);
+    }
+
+    list[prefs.n].key = nsCRT::strdup("security.default_mail_cert");
+    list[prefs.n].type = STRING_PREF;
+    if (prefManager->CopyCharPref(list[prefs.n].key, &list[prefs.n].value) != 0) 
+    {
+         list[prefs.n].value = NULL;
+    }
+    prefs.n++;
+
+    list[prefs.n].key = nsCRT::strdup("security.ask_for_password");
+    list[prefs.n].type = INT_PREF;
+    if (prefManager->GetIntPref(list[prefs.n].key, &intpref) != 0) 
+    {
+         intpref = 0;    /* default */
+    }
+
+    list[prefs.n].value = PR_smprintf("%d", intpref);
+    prefs.n++;
+
+    list[prefs.n].key = nsCRT::strdup("security.password_lifetime");
+    list[prefs.n].type = INT_PREF;
+    if (prefManager->GetIntPref(list[prefs.n].key, &intpref) != 0) 
+    {
+         intpref = 30;    /* default */
+    }
+
+    list[prefs.n].value = PR_smprintf("%d", intpref);
+    prefs.n++;
+
+    /* OCSP preferences */
+    /* XXX since these are the new ones added by PSM, we will be more
+     *     error-tolerant in fetching them
+     */
+    if (prefManager->GetBoolPref("security.OCSP.enabled", &boolpref) == 0) 
+    {
+         if (boolpref) 
+        {
+             list[prefs.n].value = nsCRT::strdup("true");
+         }
+         else 
+        {
+             list[prefs.n].value = nsCRT::strdup("false");
+         }
+         list[prefs.n].key = nsCRT::strdup("security.OCSP.enabled");
+         list[prefs.n].type = BOOL_PREF;
+         prefs.n++;
+    }
+
+    if (prefManager->GetBoolPref("security.OCSP.useDefaultResponder", &boolpref) == 0) 
+    {
+         if (boolpref) 
+        {
+             list[prefs.n].value = nsCRT::strdup("true");
+         }
+         else 
+        {
+             list[prefs.n].value = nsCRT::strdup("false");
+         }
+         list[prefs.n].key = nsCRT::strdup("security.OCSP.useDefaultResponder");
+         list[prefs.n].type = BOOL_PREF;
+         prefs.n++;
+    }
+
+    if (prefManager->CopyCharPref("security.OCSP.URL", &strpref) == 0) 
+    {
+         list[prefs.n].value = strpref;
+         list[prefs.n].key = nsCRT::strdup("security.OCSP.URL");
+         list[prefs.n].type = STRING_PREF;
+         prefs.n++;
+    }
+
+    if (prefManager->CopyCharPref("security.OCSP.signingCA", &strpref) == 0) 
+    {
+         list[prefs.n].value = strpref;
+         list[prefs.n].key = nsCRT::strdup("security.OCSP.signingCA");
+         list[prefs.n].type = STRING_PREF;
+         prefs.n++;
+    }
+
+    /* now application-specific preferences */
+    /* get navigator preferences */
+    get_pack_bool_pref(prefManager, "security.warn_entering_secure", (CMTSetPrefElement*)list, &prefs.n);
+    get_pack_bool_pref(prefManager, "security.warn_leaving_secure",  (CMTSetPrefElement*)list, &prefs.n);
+    get_pack_bool_pref(prefManager, "security.warn_viewing_mixed",   (CMTSetPrefElement*)list, &prefs.n);
+    get_pack_bool_pref(prefManager, "security.warn_submit_insecure", (CMTSetPrefElement*)list, &prefs.n);
+
+    // Add any other prefs here such as ldap or mail/news.
+     
+     CMT_SetSavePrefsCallback(mControl, (savePrefsCallback_fn)SaveAllPrefs);
+
+    if (CMT_PassAllPrefs(mControl, prefs.n, (CMTSetPrefElement*)prefs.list) !=  CMTSuccess) 
+    {
+         goto loser;
+    }
+
+    rv = NS_OK; /* success */
+loser:
+    /* clean out memory for prefs */
+    for (i = 0; i < prefs.n; i++) 
+    {
+         if (prefs.list[i].key != NULL) 
+        {
+             nsCRT::free(prefs.list[i].key);
+         }
+         
+        if (prefs.list[i].value != NULL) 
+        {
+             nsCRT::free(prefs.list[i].value);
+         }
+    }
+
+    if (prefs.list != NULL) 
+    {
+         delete(prefs.list);
+    }
+    return rv;
+}
+
+NS_IMETHODIMP
+nsPSMComponent::GetControlConnection( CMT_CONTROL * *_retval )
+{
+     nsresult rv;
+     *_retval = nsnull;
+    if (mControl) 
+    {
+        *_retval = mControl;
+        return NS_OK;
+    }
+    else      /* initialize mutex, sock table, etc. */
+    {
+            
+        if (nsPSMMutexInit() != PR_SUCCESS)
+            return NS_ERROR_FAILURE;
+
+        mControl = CMT_ControlConnect(&nsPSMMutexTbl, &nsPSMShimTbl);
+        
+        if (mControl == nsnull)
+        {
+            //Try to find it.
+            int err;
+            char filepath[MAXREGPATHLEN];
+
+            err = VR_GetPath(PSM_VERSION_REG_KEY, sizeof(filepath), filepath);
+            if ( err == REGERR_OK )
+            {
+                nsFileSpec psmSpec(filepath);
+                psmSpec += PSM_FILE_NAME;
+		
+                if (psmSpec.Exists())
+                {
+                    mControl = CMT_EstablishControlConnection((char *)psmSpec.GetNativePathCString(), &nsPSMShimTbl, &nsPSMMutexTbl);
+                }
+            }
+         }
+
+#ifndef XP_MAC
+        if (mControl == nsnull)
+        {
+            nsSpecialSystemDirectory sysDir(nsSpecialSystemDirectory::OS_CurrentProcessDirectory);
+            nsFileSpec spec = sysDir;
+
+            spec += "psm/";
+            spec += PSM_FILE_NAME;
+
+            if (spec.Exists())
+            {
+                mControl = CMT_EstablishControlConnection((char *)spec.GetNativePathCString(), &nsPSMShimTbl, &nsPSMMutexTbl);
+            }
+        }
+#else
+    if (mControl == nsnull)
+    {
+      // Attempt to locate "Personal Security Manager" in "Essential Files".
+      nsCOMPtr<nsILocalFile> aPSMApp = do_CreateInstance(NS_LOCAL_FILE_PROGID, &rv);
+      if (NS_SUCCEEDED(rv))
+      {
+        nsCOMPtr<nsILocalFileMac> psmAppMacFile = do_QueryInterface(aPSMApp, &rv);
+        if (NS_SUCCEEDED(rv))
+        {
+          rv = psmAppMacFile->InitFindingAppByCreatorCode('nPSM');
+          if (NS_SUCCEEDED(rv))
+          {
+            rv = psmAppMacFile->LaunchAppWithDoc(nsnull, PR_TRUE);
+            if (NS_SUCCEEDED(rv))
+            {
+                 const PRUint32 kMaxWaitTicks = 180;          // max 3 seconds
+              PRUint32 endTicks = ::TickCount() + kMaxWaitTicks;
+              
+              do
+              {
+                EventRecord theEvent;
+                    WaitNextEvent(0, &theEvent, 5, NULL);
+                mControl = CMT_ControlConnect(&nsPSMMutexTbl, &nsPSMShimTbl);
+              } while (!mControl && (::TickCount() < endTicks));
+
+            }
+          }
+        }
+      }
+      NS_ASSERTION(NS_SUCCEEDED(rv), "Launching Personal Security Manager failed");
+    }
+
+#endif
+
+#ifdef XP_UNIX
+        if (mControl == nsnull)
+        {
+            nsFileSpec psmSpec(PSM_FILE_LOCATION);
+            if (psmSpec.Exists())
+            {
+                mControl = CMT_EstablishControlConnection(PSM_FILE_LOCATION, &nsPSMShimTbl, &nsPSMMutexTbl);
+            }
+        }
+#endif
+
+        if (mControl == nsnull)
+        {
+            char* filePath = nsnull;
+            
+            NS_WITH_PROXIED_SERVICE(nsIPSMUIHandler, handler, nsPSMUIHandlerImpl::GetCID(), NS_UI_THREAD_EVENTQ, &rv);
+            if(NS_SUCCEEDED(rv))
+            {
+                NS_WITH_SERVICE(nsIStringBundleService, service, kCStringBundleServiceCID, &rv);
+                if (NS_FAILED(rv)) return rv;
+            
+                nsILocale* locale = nsnull;
+                nsCOMPtr<nsIStringBundle> stringBundle;
+
+                rv = service->CreateBundle(SECURITY_STRING_BUNDLE_URL, locale, getter_AddRefs(stringBundle));
+                if (NS_FAILED(rv)) return rv;
+
+                PRUnichar *ptrv = nsnull;
+                rv = stringBundle->GetStringFromName( NS_ConvertASCIItoUCS2("FindText").GetUnicode(), &ptrv);
+                if (NS_FAILED(rv)) return rv;                
+                
+                handler->PromptForFile(ptrv, PSM_FILE_NAME, PR_TRUE, &filePath);
+
+                nsAllocator::Free(ptrv);
+
+            }
+            if (! filePath)
+                return NS_ERROR_FAILURE;
+
+            mControl = CMT_EstablishControlConnection(filePath, &nsPSMShimTbl, &nsPSMMutexTbl);
+        }
+
+
+        if (!mControl || InitPSMUICallbacks(mControl) != PR_SUCCESS)
+            goto failure;
+
+        nsFileSpec profileSpec;
+        PRUnichar*      profileName;
+        
+        NS_WITH_SERVICE(nsIProfile, profile, kProfileCID, &rv);
+        if (NS_FAILED(rv)) goto failure;
+        
+        rv = profile->GetCurrentProfileDir(&profileSpec);
+        if (NS_FAILED(rv)) goto failure;;
+        
+        rv = profile->GetCurrentProfile(&profileName);
+        if (NS_FAILED(rv)) goto failure;
+          
+        CMTStatus psmStatus;
+        nsCAutoString profilenameC;
+        profilenameC.AssignWithConversion(profileName);
+        psmStatus = CMT_Hello( mControl, 
+                                   PROTOCOL_VERSION, 
+                                   profilenameC, 
+                                   (char*)profileSpec.GetNativePathCString());        
+
+        if (psmStatus == CMTFailure)
+        {  
+            PR_FREEIF(profileName);       
+            goto failure;
+        }
+        
+        if (NS_FAILED(PassPrefs()))
+        {  
+            PR_FREEIF(profileName);       
+            goto failure;
+        }
+
+        PR_FREEIF(profileName);
+        
+        *_retval = mControl;
+        return NS_OK;
+    }
+
+failure:
+#ifdef DEBUG
+    printf("*** Failure setting up Cartman! \n");
+#endif
+
+    if (mControl)
+    {
+        CMT_CloseControlConnection(mControl);
+        mControl = NULL;
+    }
+
+    // TODO we need to unregister our UI callback BEFORE destroying our mutex.
+    // nsPSMMutexDestroy();
+
+    return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsPSMComponent::DisplaySecurityAdvisor(const char *pickledStatus, const char *hostName)
+{
+    CMT_CONTROL *controlConnection;
+    GetControlConnection( &controlConnection );
+    if (DisplayPSMUIDialog(controlConnection, pickledStatus, hostName) == PR_SUCCESS)
+        return NS_OK;
+    return NS_ERROR_FAILURE;
+}
+
+//-----------------------------------------
+// Secure Hash Functions 
+//-----------------------------------------
+NS_IMETHODIMP
+nsPSMComponent::HashBegin(PRUint32 alg, PRUint32* id)
+{
+  CMT_CONTROL *controlConnection;
+  if (NS_FAILED(GetControlConnection( &controlConnection )))
+    return NS_ERROR_FAILURE;
+
+  if(CMT_HashCreate(controlConnection, alg, (CMUint32*)id) != CMTSuccess)
+    return NS_ERROR_FAILURE;
+  if(CMT_HASH_Begin(controlConnection, *id) != CMTSuccess)
+    return NS_ERROR_FAILURE;
+
+  return NS_OK;  
+}
+
+NS_IMETHODIMP
+nsPSMComponent::HashUpdate(PRUint32 id, const char* buf, PRUint32 buflen)
+{
+  CMT_CONTROL *controlConnection;
+
+  if (NS_FAILED(GetControlConnection( &controlConnection )))
+    return NS_ERROR_FAILURE;
+  if (CMT_HASH_Update(controlConnection, id, 
+      (const unsigned char*)buf, buflen) != CMTSuccess)    
+    return NS_ERROR_FAILURE;
+    
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPSMComponent::HashEnd(PRUint32 id, char** hash, PRUint32* hashlen,
+                        PRUint32 maxLen)
+{
+  if (!hash)
+    return NS_ERROR_ILLEGAL_VALUE;
+
+  CMT_CONTROL *controlConnection;
+  if (NS_FAILED(GetControlConnection( &controlConnection )))
+    return NS_ERROR_FAILURE;
+ 
+  if(CMT_HASH_End(controlConnection, id, (unsigned char*)*hash,
+                        (CMUint32*)hashlen, maxLen) != CMTSuccess)
+    return NS_ERROR_FAILURE;
+  CMT_HASH_Destroy(controlConnection, id);
+  return NS_OK;
+}
+
+//-----------------------------------------
+// Signature Verification Functions
+//-----------------------------------------
+PR_STATIC_CALLBACK(void)
+UselessPK7DataSink(void* arg, const char* buf, CMUint32 len)
+{
+}
+
+NS_IMETHODIMP
+nsPSMComponent::VerifyRSABegin(PRUint32* id)
+{
+  if (!id)
+    return NS_ERROR_ILLEGAL_VALUE;
+
+  CMT_CONTROL *controlConnection;
+  if (NS_FAILED(GetControlConnection( &controlConnection )))
+    return NS_ERROR_FAILURE;
+  
+  CMInt32* blah = nsnull;
+  CMTStatus result = CMT_PKCS7DecoderStart(controlConnection, nsnull,
+                                           (CMUint32*)id, blah,
+                                           UselessPK7DataSink, nsnull);
+  if (result == CMTSuccess)
+    return NS_OK;
+  else
+    return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsPSMComponent::VerifyRSAUpdate(PRUint32 id, const char* buf, PRUint32 buflen)
+{
+  CMT_CONTROL *controlConnection;
+  if (NS_FAILED(GetControlConnection( &controlConnection )))
+    return NS_ERROR_FAILURE;
+
+  CMTStatus result = CMT_PKCS7DecoderUpdate(controlConnection, id, buf, buflen);
+  if (result == CMTSuccess)
+    return NS_OK;
+  else
+    return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsPSMComponent::VerifyRSAEnd(PRUint32 id, const char* plaintext,
+                             PRUint32 plaintextLen,
+                             PRBool aKeepCert, 
+                             nsIPrincipal** aPrincipal,
+                             PRInt32* aVerifyError)
+{
+  *aVerifyError = -1;
+  CMT_CONTROL *controlConnection;
+  if (NS_FAILED(GetControlConnection( &controlConnection )))
+    return NS_ERROR_FAILURE;
+  
+  CMUint32 contentInfo;
+  CMTStatus result = CMT_PKCS7DecoderFinish(controlConnection, 
+                                            id, &contentInfo);
+  if (result != CMTSuccess)
+    return NS_ERROR_FAILURE;
+
+  //-- Make sure a signature is present
+  CMInt32 isSigned;
+  result = CMT_GetNumericAttribute(controlConnection, contentInfo,
+                                   SSM_FID_P7CINFO_IS_SIGNED, &isSigned);
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+  if (!isSigned)
+  {
+    *aPrincipal = nsnull;
+    *aVerifyError = nsIPSMComponent::VERIFY_NOSIG;
+    return NS_OK;
+  }
+  // SHA1 hash the plaintext to compare it to the signature
+  CMUint32 hashId;
+  CMT_HashCreate(controlConnection, nsIPSMComponent::SHA1, &hashId);
+  CMT_HASH_Begin(controlConnection, hashId);
+  result = CMT_HASH_Update(controlConnection, hashId, 
+                           (const unsigned char*)plaintext, plaintextLen);
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+
+  unsigned char* hash = (unsigned char*)PR_MALLOC(nsIPSMComponent::SHA1_LENGTH);
+  if (!hash) return NS_ERROR_OUT_OF_MEMORY;
+  CMUint32 hashLen;
+  result = CMT_HASH_End(controlConnection, hashId, hash,
+                        &hashLen, nsIPSMComponent::SHA1_LENGTH);
+  NS_ASSERTION(hashLen == nsIPSMComponent::SHA1_LENGTH,
+               "PSMComponent: Hash too short.");
+  CMT_HASH_Destroy(controlConnection, hashId);
+  if (result != CMTSuccess) 
+  {
+    PR_FREEIF(hash);
+    return NS_ERROR_FAILURE;
+  }
+  //-- Verify signature
+  CMTItemStr hashItem;
+  hashItem.data = hash;
+  hashItem.len = hashLen;
+  result = CMT_PKCS7VerifyDetachedSignature(controlConnection, contentInfo,
+                                            6 /* =Object Signing Cert */,
+                                            3 /* =SHA1 algorithm (MD5=2)*/,
+                                            (CMUint32)aKeepCert,
+                                            &hashItem, (CMInt32*)aVerifyError);
+  PR_FREEIF(hash);
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+  //-- Did it verify?
+  
+  if (*aVerifyError != 0)
+    *aPrincipal = nsnull;
+  else
+    {
+      //-- Generate a principal from the cert
+      CMUint32 certID;
+      result = CMT_GetRIDAttribute(controlConnection, contentInfo,
+                                       SSM_FID_P7CINFO_SIGNER_CERT, &certID);
+      if (result != CMTSuccess) return NS_ERROR_FAILURE;
+      if (NS_FAILED(CreatePrincipalFromCert(certID, aPrincipal))) 
+        return NS_ERROR_FAILURE;
+    }
+
+  CMT_PKCS7DestroyContentInfo(controlConnection, contentInfo);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPSMComponent::CreatePrincipalFromCert(PRUint32 aCertID, nsIPrincipal** aPrincipal)
+{
+  CMT_CONTROL *controlConnection;
+  if (NS_FAILED(GetControlConnection( &controlConnection )))
+    return NS_ERROR_FAILURE;
+
+  //-- Read cert ID
+  CMTStatus result;
+
+  CMTItem fingerprint;
+  result = CMT_GetStringAttribute(controlConnection, aCertID,
+                                  SSM_FID_CERT_FINGERPRINT, &fingerprint);
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+
+  //-- Get a principal
+  nsresult rv;
+  NS_WITH_SERVICE(nsIScriptSecurityManager, secMan,
+                  NS_SCRIPTSECURITYMANAGER_PROGID, &rv)
+    if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
+  rv = secMan->GetCertificatePrincipal((char*)fingerprint.data,
+                                       aPrincipal);
+  if (NS_FAILED(rv)) return rv;
+
+  //-- Get common name and store it in the principal.
+  //   Using common name + organizational unit as the user-visible certificate name
+  nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(*aPrincipal, &rv);
+  if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
+
+  CMTItem common;
+  result = CMT_GetStringAttribute(controlConnection, aCertID,
+                                  SSM_FID_CERT_COMMON_NAME, &common);
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+  CMTItem subject;
+  result = CMT_GetStringAttribute(controlConnection, aCertID,
+                                  SSM_FID_CERT_SUBJECT_NAME, &subject);
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+
+  nsCAutoString commonName;
+  commonName = (char*)common.data;
+  static const char orgUnitTag[] = " OU=";
+  char* orgUnitPos = PL_strstr((char*)subject.data, orgUnitTag);
+  if (orgUnitPos)
+  {
+    orgUnitPos += sizeof(orgUnitTag)-1;
+    char* orgUnitEnd = PL_strchr(orgUnitPos, ',');
+    PRInt32 orgUnitLen;
+    if(orgUnitEnd)
+      orgUnitLen = orgUnitEnd - orgUnitPos;
+    else
+      orgUnitLen = PL_strlen(orgUnitPos);
+    commonName.Append(' ');
+    commonName.Append(orgUnitPos, orgUnitLen);
+  }
+  char* commonChar = commonName.ToNewCString();
+  if (!commonChar) return NS_ERROR_OUT_OF_MEMORY;
+  rv = certificate->SetCommonName(commonChar);
+  Recycle(commonChar);
+  return rv;
+}
+ 

mozilla/extensions/psm-glue/src/nsPSMComponent.h

@@ -0,0 +1,54 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nscore.h"
+#include "nsIPSMComponent.h"
+#include "nsIStringBundle.h"
+
+#define SECURITY_STRING_BUNDLE_URL "chrome://navigator/locale/security.properties"
+
+#define NS_PSMCOMPONENT_CID {0xddcae170, 0x5412, 0x11d3, {0xbb, 0xc8, 0x00, 0x00, 0x86, 0x1d, 0x12, 0x37}}
+
+// Implementation of the PSM component interface.
+class nsPSMComponent : public nsIPSMComponent
+{
+public:
+  NS_DEFINE_STATIC_CID_ACCESSOR( NS_PSMCOMPONENT_CID );
+
+  nsPSMComponent();
+  virtual ~nsPSMComponent();
+
+  NS_DECL_ISUPPORTS
+
+  NS_DECL_NSIPSMCOMPONENT
+
+  static NS_METHOD CreatePSMComponent(nsISupports* aOuter, REFNSIID aIID, void **aResult);
+
+private:
+  
+  PCMT_CONTROL mControl;
+  
+  nsCOMPtr<nsISupports> mSecureBrowserIU;
+  static nsPSMComponent* mInstance;
+}; 

mozilla/extensions/psm-glue/src/nsPSMModule.cpp

@@ -0,0 +1,86 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nsIModule.h"
+#include "nsIGenericFactory.h"
+
+#include "nsPSMUICallbacks.h"
+#include "nsPSMComponent.h"
+
+#include "nsISecureBrowserUI.h"
+#include "nsSecureBrowserUIImpl.h"
+
+#include "nsSSLSocketProvider.h"
+
+#include "nsSDR.h"
+
+// Define SDR object constructor
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSecretDecoderRing, init)
+
+static nsModuleComponentInfo components[] =
+{
+    { 
+        PSM_COMPONENT_CLASSNAME,  
+        NS_PSMCOMPONENT_CID, 
+        PSM_COMPONENT_PROGID,   
+        nsPSMComponent::CreatePSMComponent
+    },
+
+    { 
+        PSM_UI_HANLDER_CLASSNAME, 
+        NS_PSMUIHANDLER_CID, 
+        PSM_UI_HANLDER_PROGID,  
+        nsPSMUIHandlerImpl::CreatePSMUIHandler
+    },
+
+    { 
+        NS_SECURE_BROWSER_UI_CLASSNAME, 
+        NS_SECURE_BROWSER_UI_CID, 
+        NS_SECURE_BROWSER_UI_PROGID, 
+        nsSecureBrowserUIImpl::Create 
+    },
+
+    { 
+        NS_SECURE_BROWSER_DOCOBSERVER_CLASSNAME, 
+        NS_SECURE_BROWSER_DOCOBSERVER_CID, 
+        NS_SECURE_BROWSER_DOCOBSERVER_PROGID, 
+        nsSecureBrowserUIImpl::Create
+    },
+
+    { 
+        NS_ISSLSOCKETPROVIDER_CLASSNAME,
+        NS_SSLSOCKETPROVIDER_CID,
+        NS_ISSLSOCKETPROVIDER_PROGID,
+        nsSSLSocketProvider::Create 
+    },
+
+    {
+        NS_SDR_CLASSNAME,
+        NS_SDR_CID,
+        NS_SDR_PROGID,
+        nsSecretDecoderRingConstructor
+    }
+};
+
+NS_IMPL_NSGETMODULE("PSMComponent", components);

mozilla/extensions/psm-glue/src/nsPSMMutex.c

@@ -0,0 +1,72 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "prmon.h"
+#include "prtypes.h"
+
+#include "nsPSMMutex.h"
+
+static PRMonitor *_nsPSMMutexVar;
+
+PRStatus
+nsPSMMutexInit()
+{
+  if (!_nsPSMMutexVar)
+      _nsPSMMutexVar = PR_NewMonitor();
+
+  return _nsPSMMutexVar ? PR_SUCCESS : PR_FAILURE;
+}
+
+PRStatus
+nsPSMMutexDestroy()
+{
+    if (!_nsPSMMutexVar)
+        return PR_FAILURE;
+    
+    PR_Wait(_nsPSMMutexVar, PR_INTERVAL_NO_TIMEOUT);
+
+    PR_DestroyMonitor(_nsPSMMutexVar);
+    return PR_SUCCESS;
+}
+
+static void
+nsPSMMutexLock(CMTMutexPointer *p)
+{
+  PR_EnterMonitor(*(PRMonitor **)p);
+  return;
+}
+
+static void
+nsPSMMutexUnlock(CMTMutexPointer *p)
+{
+  PR_ExitMonitor(*(PRMonitor **)p);
+  return;
+}
+
+CMT_MUTEX nsPSMMutexTbl = 
+{
+  &_nsPSMMutexVar,
+  (CMTMutexFunction)nsPSMMutexLock,
+  (CMTMutexFunction)nsPSMMutexUnlock
+};

mozilla/extensions/psm-glue/src/nsPSMMutex.h

@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#ifndef _NSPSMMUTEX_H
+#define _NSPSMMUTEX_H
+
+#include "cmtcmn.h"
+
+PR_BEGIN_EXTERN_C
+
+PR_EXTERN(CMT_MUTEX) nsPSMMutexTbl;
+
+PR_EXTERN(PRStatus) nsPSMMutexInit(void);
+PR_EXTERN(PRStatus) nsPSMMutexDestroy(void);
+
+PR_END_EXTERN_C
+
+#endif

mozilla/extensions/psm-glue/src/nsPSMShimLayer.c

@@ -0,0 +1,284 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nspr.h"
+#include "nsPSMShimLayer.h"
+
+#ifdef XP_UNIX
+#include <sys/stat.h>
+#include <unistd.h>
+#endif
+
+
+#define NSPSMSHIMMAXFD 50
+
+CMT_SocketFuncs nsPSMShimTbl =
+{
+    nsPSMShimGetSocket,
+    nsPSMShimConnect,
+    nsPSMShimVerifyUnixSocket,
+    nsPSMShimSend,
+    nsPSMShimSelect,
+    nsPSMShimReceive,
+    nsPSMShimShutdown,
+    nsPSMShimClose
+};
+
+
+CMTSocket
+nsPSMShimGetSocket(int unixSock)
+{
+    PRStatus   rv;
+    PRFileDesc *fd;
+    CMSocket   *sock;
+
+
+    if (unixSock)
+    {
+#ifndef XP_UNIX        
+        return NULL;
+#else
+        fd = PR_OpenTCPSocket(AF_UNIX);
+        PR_ASSERT(fd);
+#endif
+    }
+    else
+    {
+        PRSocketOptionData sockopt;
+
+        fd = PR_NewTCPSocket();
+        PR_ASSERT(fd);
+
+        /* disable Nagle algorithm delay for control sockets */
+        sockopt.option = PR_SockOpt_NoDelay;
+        sockopt.value.no_delay = PR_TRUE;   
+
+        rv = PR_SetSocketOption(fd, &sockopt);
+        PR_ASSERT(PR_SUCCESS == rv);
+    }
+
+    sock = (CMSocket *)PR_Malloc(sizeof(CMSocket));
+
+    if (sock == NULL)
+      return sock;
+    
+    sock->fd     = fd;
+    sock->isUnix = unixSock;
+    
+    memset(&sock->netAddr, 0, sizeof(PRNetAddr));
+    
+    return (CMTSocket)sock;
+}
+
+CMTStatus
+nsPSMShimConnect(CMTSocket sock, short port, char *path)
+{
+    PRStatus    err;
+    PRErrorCode errcode;
+    CMTStatus   rv = CMTSuccess;
+    CMSocket    *cmSock = (CMSocket *)sock;
+    
+    if (!sock) return CMTFailure;
+
+    if (cmSock->isUnix)
+    {
+#ifndef XP_UNIX
+        return CMTFailure;
+#else
+        int pathLen;
+        if (!path)
+        {
+            return CMTFailure;
+        }
+
+        /* check buffer overrun */
+        pathLen = strlen(path)+1;
+        
+        pathLen = pathLen < sizeof(cmSock->netAddr.local.path)
+                ? pathLen : sizeof(cmSock->netAddr.local.path);
+  
+        memcpy(&cmSock->netAddr.local.path, path, pathLen);
+        cmSock->netAddr.local.family = PR_AF_LOCAL;
+#endif
+    }
+    else  /* cmSock->isUnix */
+    {
+        cmSock->netAddr.inet.family = PR_AF_INET;
+        cmSock->netAddr.inet.port   = PR_htons(port);
+        cmSock->netAddr.inet.ip     = PR_htonl(PR_INADDR_LOOPBACK);
+    }
+
+    err = PR_Connect( cmSock->fd, &cmSock->netAddr, PR_INTERVAL_MAX );
+    
+    if (err == PR_FAILURE)    
+    {
+        errcode = PR_GetError();
+        
+        /* TODO: verify PR_INVALID_ARGUMENT_ERROR continue with connect */
+        
+        switch (errcode)
+        {
+            case PR_IS_CONNECTED_ERROR:
+                rv = CMTSuccess;
+                break;
+
+            case PR_IN_PROGRESS_ERROR:
+            case PR_IO_TIMEOUT_ERROR:
+#ifdef WIN32
+            case PR_WOULD_BLOCK_ERROR:            
+            case PR_INVALID_ARGUMENT_ERROR:
+#endif
+            default:
+                rv = CMTFailure;
+                break;
+        }
+    }    
+
+    return rv;
+}
+
+CMTStatus
+nsPSMShimVerifyUnixSocket(CMTSocket sock)
+{
+#ifndef XP_UNIX
+    return CMTFailure;
+#else
+
+    int  rv;
+    CMSocket  *cmSock;
+    struct stat statbuf;
+
+    cmSock = (CMSocket *)sock;
+        
+    if (!cmSock || !cmSock->isUnix) 
+        return CMTFailure;
+ 
+    rv = stat(cmSock->netAddr.local.path, &statbuf);
+    if (rv < 0 || statbuf.st_uid != geteuid() )
+    {
+        PR_Close(cmSock->fd);
+        cmSock->fd = NULL;
+        PR_Free(cmSock);
+        return CMTFailure;
+    }
+    return CMTSuccess;   
+#endif
+}
+
+size_t
+nsPSMShimSend(CMTSocket sock, void *buffer, size_t length)
+{
+    PRInt32   total;
+    CMSocket *cmSock = (CMSocket *)sock;
+
+    if (!sock) return CMTFailure;
+
+    total = PR_Send(cmSock->fd, buffer, length, 0, PR_INTERVAL_NO_TIMEOUT);
+
+    /* TODO: for now, return 0 if there's an error */
+    return (total < 0) ? 0 : total;
+}
+
+
+CMTSocket
+nsPSMShimSelect(CMTSocket *socks, int numsocks, int poll)
+{
+    CMSocket       **sockArr = (CMSocket **)socks;
+    PRPollDesc       readPDs[NSPSMSHIMMAXFD];
+    PRIntervalTime   timeout;
+    PRInt32          cnt;
+    int              i;
+
+    if (!socks) return NULL;
+
+    memset(readPDs, 0, sizeof(readPDs));
+
+    PR_ASSERT(NSPSMSHIMMAXFD >= numsocks);
+
+    for (i=0; i<numsocks; i++)
+    {
+        readPDs[i].fd       = sockArr[i]->fd;
+        readPDs[i].in_flags = PR_POLL_READ;
+    }
+
+    timeout = poll ? PR_INTERVAL_NO_WAIT : PR_INTERVAL_NO_TIMEOUT;
+
+    cnt = PR_Poll(readPDs, numsocks, timeout);
+
+    /* Figure out which socket was selected */
+    if (cnt > 0)
+    {
+        for (i=0; i<numsocks; i++)
+        {
+            if (readPDs[i].out_flags & PR_POLL_READ)
+            {
+            return (CMTSocket)sockArr[i];
+            }
+        }
+    }
+    return NULL;
+}
+
+size_t
+nsPSMShimReceive(CMTSocket sock, void *buffer, size_t bufSize)
+{
+    PRInt32   total;
+    CMSocket *cmSock = (CMSocket *)sock;
+    
+    if (!sock) return CMTFailure;
+
+    total = PR_Recv(cmSock->fd, buffer, bufSize, 0, PR_INTERVAL_NO_TIMEOUT);
+
+    /* TODO: for now, return 0 if there's an error */
+    return (total < 0) ? 0 : total;
+}
+
+CMTStatus
+nsPSMShimShutdown(CMTSocket sock)
+{
+    CMSocket *cmSock = (CMSocket*)sock;
+    PRStatus rv;
+
+    if (!sock) return CMTFailure;
+
+    rv = PR_Shutdown(cmSock->fd, PR_SHUTDOWN_SEND);
+    return (PR_SUCCESS == rv) ? CMTSuccess : CMTFailure;
+}
+
+CMTStatus
+nsPSMShimClose(CMTSocket sock)
+{
+    CMSocket *cmSock = (CMSocket*)sock;
+    PRStatus rv      = PR_SUCCESS;
+    PR_ASSERT(cmSock);
+
+    if (!sock) return CMTFailure;
+
+    rv = PR_Close(cmSock->fd);
+    cmSock->fd = NULL;
+
+    PR_Free(cmSock);
+
+    return (PR_SUCCESS == rv) ? CMTSuccess : CMTFailure;
+}

mozilla/extensions/psm-glue/src/nsPSMShimLayer.h

@@ -0,0 +1,67 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#ifndef _NSPSMSHIMLAYER_H_
+#define _NSPSMSHIMLAYER_H_
+
+#include "cmtcmn.h"
+#include "prio.h"
+
+PR_BEGIN_EXTERN_C
+
+typedef struct CMSocket {
+    PRFileDesc *fd;
+    PRBool      isUnix;
+    PRNetAddr   netAddr;
+} CMSocket; 
+
+PR_EXTERN(CMT_SocketFuncs) nsPSMShimTbl;
+
+PR_EXTERN(CMTSocket)
+nsPSMShimGetSocket(int unixSock);
+
+PR_EXTERN(CMTStatus)
+nsPSMShimConnect(CMTSocket sock, short port, char *path);
+
+PR_EXTERN(CMTStatus)
+nsPSMShimVerifyUnixSocket(CMTSocket sock);
+
+PR_EXTERN(size_t)
+nsPSMShimSend(CMTSocket sock, void *buffer, size_t length);
+
+PR_EXTERN(CMTSocket)
+nsPSMShimSelect(CMTSocket *socks, int numsocks, int poll);
+
+PR_EXTERN(size_t)
+nsPSMShimReceive(CMTSocket sock, void *buffer, size_t bufSize);
+
+PR_EXTERN(CMTStatus)
+nsPSMShimShutdown(CMTSocket sock);
+
+PR_EXTERN(CMTStatus)
+nsPSMShimClose(CMTSocket sock);
+
+PR_END_EXTERN_C
+
+#endif /* _NSPSMSHIMLAYER_H_ */

mozilla/extensions/psm-glue/src/nsPSMUICallbacks.cpp

@@ -0,0 +1,333 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nsProxiedService.h"
+#include "nsIEventQueueService.h"
+#include "nsPSMUICallbacks.h"
+#include "nsINetSupportDialogService.h"
+#include "nsIFilePicker.h"
+
+#include "nsAppShellCIDs.h"
+#include "prprf.h"
+#include "prmem.h"
+
+#include "nsSSLIOLayer.h" // for SSMSTRING_PADDED_LENGTH
+#include "ssmdefs.h"
+#include "rsrcids.h"
+
+// Interfaces Needed
+#include "nsIAppShellService.h"
+#include "nsIDocShell.h"
+#include "nsIDOMWindow.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsIPrompt.h"
+#include "nsIScriptGlobalObject.h"
+#include "nsIURL.h"
+#include "nsIXULWindow.h"
+
+static NS_DEFINE_IID(kAppShellServiceCID, NS_APPSHELL_SERVICE_CID);
+static NS_DEFINE_CID(kNetSupportDialogCID, NS_NETSUPPORTDIALOG_CID);
+
+
+// Happy callbacks
+static char * PromptUserCallback(void *arg, char *prompt, int isPasswd);
+static char * FilePathPromptCallback(void *arg, char *prompt, char *fileRegEx, CMUint32 shouldFileExist);
+static void   ApplicationFreeCallback(char *userInput);
+static void * CartmanUIHandler(uint32 resourceID, void* clientContext, uint32 width, uint32 height, PRBool isModel,
+                 char* urlStr, void *data);
+extern "C" void CARTMAN_UIEventLoop(void *data);
+
+
+/* nsISupports Implementation for the class */
+NS_IMPL_ISUPPORTS1(nsPSMUIHandlerImpl, nsIPSMUIHandler)
+
+NS_METHOD
+nsPSMUIHandlerImpl::DisplayURI(PRInt32 width, PRInt32 height, const char *urlStr)
+{
+    nsresult rv;
+    nsCOMPtr<nsIDOMWindow> hiddenWindow;
+    JSContext *jsContext;
+
+    NS_WITH_SERVICE(nsIAppShellService, appShell, kAppShellServiceCID, &rv);
+	if (NS_SUCCEEDED(rv))
+	{
+		rv = appShell->GetHiddenWindowAndJSContext( getter_AddRefs( hiddenWindow ),
+                                                    &jsContext );
+
+	     if ( NS_SUCCEEDED( rv ) ) 
+         {
+            // Set up arguments for "window.open"
+            void *stackPtr;
+
+            char buffer[256];
+            PR_snprintf(buffer,
+                        sizeof(buffer),
+                        "menubar=no,height=%d,width=%d",
+                        height,
+                        width );
+
+            jsval	*argv = JS_PushArguments(jsContext, &stackPtr, "sss", urlStr, "_blank", buffer);
+            if (argv)
+            {
+	            // open the window
+	            nsIDOMWindow	*newWindow;
+	            hiddenWindow->Open(jsContext, argv, 3, &newWindow);
+                newWindow->ResizeTo(width, height);
+	            JS_PopArguments(jsContext, stackPtr);
+            }
+        }
+    }
+    return rv;
+}
+
+NS_IMETHODIMP
+nsPSMUIHandlerImpl::PromptForFile(const PRUnichar *prompt, const char *fileRegEx, PRBool shouldFileExist, char **outFile)
+{
+    NS_ENSURE_ARG_POINTER(outFile);
+    nsCOMPtr<nsIFilePicker> fp = do_CreateInstance("component://mozilla/filepicker");
+    
+    if (!fp)
+        return NS_ERROR_NULL_POINTER;
+
+
+    fp->Init(nsnull, prompt, nsIFilePicker::modeOpen);
+    fp->SetFilters(nsIFilePicker::filterAll);
+    fp->AppendFilter(NS_ConvertASCIItoUCS2(fileRegEx).GetUnicode(), NS_ConvertASCIItoUCS2(fileRegEx).GetUnicode());  
+    PRInt16 mode;
+    nsresult rv = fp->Show(&mode);
+
+    if (NS_FAILED(rv) || (mode == nsIFilePicker::returnCancel))
+         return rv;
+
+    nsCOMPtr<nsILocalFile> file;
+    rv = fp->GetFile(getter_AddRefs(file));
+
+    if (file)
+      file->GetPath(outFile);
+
+    return rv;
+}
+
+NS_METHOD      
+nsPSMUIHandlerImpl::CreatePSMUIHandler(nsISupports* aOuter, REFNSIID aIID, void **aResult)
+{                                                                  
+    nsresult rv = NS_OK; 
+    if ( aResult ) 
+    { 
+        /* Allocate new find component object. */
+        nsPSMUIHandlerImpl *component = new nsPSMUIHandlerImpl(); 
+        if ( component ) 
+        { 
+            /* Allocated OK, do query interface to get proper */
+            /* pointer and increment refcount.                */
+            rv = component->QueryInterface( aIID, aResult ); 
+            if ( NS_FAILED( rv ) ) 
+            { 
+                /* refcount still at zero, delete it here. */
+                delete component; 
+            } 
+        } 
+        else 
+        { 
+            rv = NS_ERROR_OUT_OF_MEMORY; 
+        } 
+    } 
+    else 
+    { 
+        rv = NS_ERROR_NULL_POINTER; 
+    } 
+    return rv; 
+} 
+
+
+
+extern "C" void CARTMAN_UIEventLoop(void *data)
+{
+   CMT_EventLoop((PCMT_CONTROL)data);
+}
+
+PRStatus InitPSMUICallbacks(PCMT_CONTROL control)
+{
+    if (!control)
+        return PR_FAILURE;  
+    
+    CMT_SetPromptCallback(control, (promptCallback_fn)PromptUserCallback, nsnull);
+    CMT_SetAppFreeCallback(control, (applicationFreeCallback_fn) ApplicationFreeCallback);
+    CMT_SetFilePathPromptCallback(control, (filePathPromptCallback_fn) FilePathPromptCallback, nsnull);
+
+    if (CMT_SetUIHandlerCallback(control, (uiHandlerCallback_fn) CartmanUIHandler, NULL) != CMTSuccess) 
+            return PR_FAILURE;
+
+    PR_CreateThread(PR_USER_THREAD,
+                    CARTMAN_UIEventLoop,
+                    control, 
+                    PR_PRIORITY_NORMAL, 
+                    PR_GLOBAL_THREAD, 
+                    PR_UNJOINABLE_THREAD,
+                    0);  
+
+    return PR_SUCCESS;
+}
+
+PRStatus DisplayPSMUIDialog(PCMT_CONTROL control, const char *pickledStatus, const char *hostName)
+{
+    CMUint32 advRID = 0;
+    CMInt32 width = 0;
+    CMInt32 height = 0;
+    CMTItem urlItem = {0, NULL, 0};
+    CMTStatus rv = CMTSuccess;
+    CMTItem advisorContext = {0, NULL, 0};
+    void * pwin;
+
+    CMTSecurityAdvisorData data;
+    memset(&data, '\0', sizeof(CMTSecurityAdvisorData));
+    
+    if (hostName)
+    {
+        // if there is a hostName, than this request is about
+        // a webpage.  
+        data.hostname    = (char*) hostName;
+        data.infoContext = SSM_BROWSER;
+    
+        if (pickledStatus)
+        {
+            CMTItem pickledResource = {0, NULL, 0};
+            CMUint32 socketStatus = 0;
+    
+            pickledResource.len = *(int*)(pickledStatus);
+            pickledResource.data = (unsigned char*) PR_Malloc(SSMSTRING_PADDED_LENGTH(pickledResource.len));
+        
+            if (! pickledResource.data) return PR_FAILURE;
+
+            memcpy(pickledResource.data, pickledStatus+sizeof(int), pickledResource.len);
+        
+            /* Unpickle the SSL Socket Status */
+            if (CMT_UnpickleResource( control, 
+                                      SSM_RESTYPE_SSL_SOCKET_STATUS,
+                                      pickledResource, 
+                                      &socketStatus) == CMTSuccess)
+            {
+                data.infoContext = SSM_BROWSER;    
+                data.resID = socketStatus;
+            }
+
+            PR_FREEIF(pickledResource.data);
+        }
+    }
+
+    /* Create a Security Advisor context object. */
+    rv = CMT_SecurityAdvisor(control, &data, &advRID);
+
+    if (rv != CMTSuccess)
+        return PR_FAILURE;
+
+    /* Get the URL, width, height, etc. from the advisor context. */
+    rv = CMT_GetStringAttribute(control, 
+                                advRID, 
+                                SSM_FID_SECADVISOR_URL,
+                                &urlItem);
+
+    if ((rv != CMTSuccess) || (!urlItem.data))
+        return PR_FAILURE;
+
+    rv = CMT_GetNumericAttribute(control, 
+                                 advRID, 
+                                 SSM_FID_SECADVISOR_WIDTH,
+                                 &width);
+    if (rv != CMTSuccess)
+        return PR_FAILURE;
+
+    rv = CMT_GetNumericAttribute(control, 
+                                 advRID, 
+                                 SSM_FID_SECADVISOR_HEIGHT,
+                                 &height);
+    if (rv != CMTSuccess)
+        return PR_FAILURE;
+
+    /* Fire the URL up in a window of its own. */
+    pwin = CartmanUIHandler(advRID, nsnull, width, height, PR_FALSE, (char*)urlItem.data, NULL);
+    
+    //allocated by cmt, we can free with free:
+    free(urlItem.data);
+    
+    return PR_SUCCESS;
+}
+
+
+
+void* CartmanUIHandler(uint32 resourceID, void* clientContext, uint32 width, uint32 height, PRBool isModal, char* urlStr, void *data)
+{
+    nsresult rv = NS_OK;
+    
+    NS_WITH_PROXIED_SERVICE(nsIPSMUIHandler, handler, nsPSMUIHandlerImpl::GetCID(), NS_UI_THREAD_EVENTQ, &rv);
+    
+    if(NS_SUCCEEDED(rv))
+	    handler->DisplayURI(width, height, urlStr);
+
+    return nsnull;
+}
+
+    
+    
+char * PromptUserCallback(void *arg, char *prompt, int isPasswd)
+{
+
+    nsresult rv = NS_OK;
+    PRUnichar *password;
+    PRInt32  value;
+
+    NS_WITH_PROXIED_SERVICE(nsIPrompt, dialog, kNetSupportDialogCID, NS_UI_THREAD_EVENTQ, &rv);
+    
+    if (NS_SUCCEEDED(rv)) {
+	    rv = dialog->PromptPassword(NS_ConvertASCIItoUCS2(prompt).GetUnicode(), NS_ConvertASCIItoUCS2(" ").GetUnicode(), &password, &value);
+
+        if (NS_SUCCEEDED(rv)) {
+            nsString a(password);
+            char* str = a.ToNewCString();
+            Recycle(password);
+            return str;
+        }
+    }
+
+    return nsnull;
+}
+
+void ApplicationFreeCallback(char *userInput)
+{
+    nsAllocator::Free(userInput);
+}
+
+char * FilePathPromptCallback(void *arg, char *prompt, char *fileRegEx, CMUint32 shouldFileExist)
+{
+    nsresult rv = NS_OK;
+    
+    char* filePath = nsnull;
+    
+    NS_WITH_PROXIED_SERVICE(nsIPSMUIHandler, handler, nsPSMUIHandlerImpl::GetCID(), NS_UI_THREAD_EVENTQ, &rv);
+    
+    if(NS_SUCCEEDED(rv))
+	    handler->PromptForFile(NS_ConvertASCIItoUCS2(prompt).GetUnicode(), fileRegEx, (PRBool)shouldFileExist, &filePath);
+
+    return filePath;
+}

mozilla/extensions/psm-glue/src/nsPSMUICallbacks.h

@@ -0,0 +1,55 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#ifndef _NSPSMUICALLBACKS_H
+#define _NSPSMUICALLBACKS_H
+
+#include "prtypes.h"
+#include "cmtcmn.h"
+
+#include "nsIPSMUIHandler.h"
+
+PRStatus InitPSMUICallbacks(PCMT_CONTROL gControl);
+PRStatus DisplayPSMUIDialog(PCMT_CONTROL control, const char* pickledStatus, const char *hostName);
+
+
+#define NS_PSMUIHANDLER_CID {0x15944e30, 0x601e, 0x11d3, {0x8c, 0x4a, 0x00, 0x00, 0x64, 0x65, 0x73, 0x74}}
+
+class nsPSMUIHandlerImpl : public nsIPSMUIHandler 
+{
+    public:
+
+        NS_DEFINE_STATIC_CID_ACCESSOR( NS_PSMUIHANDLER_CID );
+    
+        /* ctor/dtor */
+        nsPSMUIHandlerImpl() { NS_INIT_REFCNT(); }
+        virtual ~nsPSMUIHandlerImpl() { }
+
+        NS_DECL_ISUPPORTS
+        NS_DECL_NSIPSMUIHANDLER
+
+        static NS_METHOD CreatePSMUIHandler(nsISupports* aOuter, REFNSIID aIID, void **aResult);
+};
+
+#endif

mozilla/extensions/psm-glue/src/nsSDR.cpp

@@ -0,0 +1,310 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * The contents of this file are subject to the Netscape Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s): 
+ *  thayes@netscape.com
+ */
+
+#include "stdlib.h"
+#include "plstr.h"
+#include "nsIAllocator.h"
+#include "nsIServiceManager.h"
+
+#include "plbase64.h"
+
+#include "nsISecretDecoderRing.h"
+
+#include "cmtcmn.h"
+#include "nsIPSMComponent.h"
+
+#include "nsSDR.h"
+
+NS_IMPL_ISUPPORTS1(nsSecretDecoderRing, nsISecretDecoderRing)
+
+nsSecretDecoderRing::nsSecretDecoderRing()
+{
+  NS_INIT_ISUPPORTS();
+
+  mPSM = NULL;
+}
+
+nsSecretDecoderRing::~nsSecretDecoderRing()
+{
+  if (mPSM) mPSM->Release();
+}
+
+/* Init the new instance */
+nsresult nsSecretDecoderRing::
+init()
+{
+  nsresult rv;
+  nsISupports *psm;
+
+  rv = nsServiceManager::GetService(kPSMComponentProgID, NS_GET_IID(nsIPSMComponent),
+                                    &psm);
+  if (rv != NS_OK) goto loser;  /* Should promote error */
+
+  mPSM = (nsIPSMComponent *)psm;
+
+loser:
+  return rv;
+}
+
+/* [noscript] long encrypt (in buffer data, in long dataLen, out buffer result); */
+NS_IMETHODIMP nsSecretDecoderRing::
+Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 *_retval)
+{
+    nsresult rv = NS_OK;
+    unsigned char *r = 0;
+    CMT_CONTROL *control;
+    CMTStatus status;
+    CMUint32 cLen;
+
+    if (data == nsnull || result == nsnull || _retval == nsnull) {
+       rv = NS_ERROR_INVALID_POINTER;
+       goto loser;
+    }
+
+    /* Check object initialization */
+    NS_ASSERTION(mPSM != nsnull, "SDR object not initialized");
+    if (mPSM == nsnull) { rv = NS_ERROR_NOT_INITIALIZED; goto loser; }
+
+    /* Get the control connect to use for the request */
+    rv = mPSM->GetControlConnection(&control);
+    if (rv != NS_OK) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+   
+    status = CMT_SDREncrypt(control, (const unsigned char *)0, 0, 
+               data, dataLen, result, &cLen);
+    if (status != CMTSuccess) { rv = NS_ERROR_FAILURE; goto loser; } /* XXX */
+
+    /* Copy returned data to nsAllocator buffer ? */
+    *_retval = cLen;
+
+loser:
+    return rv;
+}
+
+/* [noscript] long decrypt (in buffer data, in long dataLen, out buffer result); */
+NS_IMETHODIMP nsSecretDecoderRing::
+Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 *_retval)
+{
+    nsresult rv = NS_OK;
+    CMTStatus status;
+    CMT_CONTROL *control;
+    CMUint32 len;
+
+    if (data == nsnull || result == nsnull || _retval == nsnull) {
+       rv = NS_ERROR_INVALID_POINTER;
+       goto loser;
+    }
+
+    /* Check object initialization */
+    NS_ASSERTION(mPSM != nsnull, "SDR object not initialized");
+    if (mPSM == nsnull) { rv = NS_ERROR_NOT_INITIALIZED; goto loser; }
+
+    /* Get the control connection */
+    rv = mPSM->GetControlConnection(&control);
+    if (rv != NS_OK) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+    
+    /* Call PSM to decrypt the value */
+    status = CMT_SDRDecrypt(control, data, dataLen, result, &len);
+    if (status != CMTSuccess) { rv = NS_ERROR_FAILURE; goto loser; } /* Promote? */
+
+    /* Copy returned data to nsAllocator buffer ? */
+    *_retval = len;
+
+loser:
+    return rv;
+}
+
+/* string encryptString (in string text); */
+NS_IMETHODIMP nsSecretDecoderRing::
+EncryptString(const char *text, char **_retval)
+{
+    nsresult rv = NS_OK;
+    unsigned char *encrypted = 0;
+    PRInt32 eLen;
+
+    if (text == nsnull || _retval == nsnull) {
+        rv = NS_ERROR_INVALID_POINTER;
+        goto loser;
+    }
+
+    rv = Encrypt((unsigned char *)text, PL_strlen(text), &encrypted, &eLen);
+    if (rv != NS_OK) { goto loser; }
+
+    rv = encode(encrypted, eLen, _retval);
+
+loser:
+    if (encrypted) nsAllocator::Free(encrypted);
+
+    return rv;
+}
+
+/* string decryptString (in string crypt); */
+NS_IMETHODIMP nsSecretDecoderRing::
+DecryptString(const char *crypt, char **_retval)
+{
+    nsresult rv = NS_OK;
+    char *r = 0;
+    unsigned char *decoded = 0;
+    PRInt32 decodedLen;
+    unsigned char *decrypted = 0;
+    PRInt32 decryptedLen;
+
+    if (crypt == nsnull || _retval == nsnull) {
+      rv = NS_ERROR_INVALID_POINTER;
+      goto loser;
+    }
+
+    rv = decode(crypt, &decoded, &decodedLen);
+    if (rv != NS_OK) goto loser;
+
+    rv = Decrypt(decoded, decodedLen, &decrypted, &decryptedLen);
+    if (rv != NS_OK) goto loser;
+
+    // Convert to NUL-terminated string
+    r = (char *)nsAllocator::Alloc(decryptedLen+1);
+    if (!r) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
+
+    memcpy(r, decrypted, decryptedLen);
+    r[decryptedLen] = 0;
+
+    *_retval = r;
+    r = 0;
+
+loser:
+    if (r) nsAllocator::Free(r);
+    if (decrypted) nsAllocator::Free(decrypted);
+    if (decoded) nsAllocator::Free(decoded);
+ 
+    return rv;
+}
+
+/* void changePassword(); */
+NS_IMETHODIMP nsSecretDecoderRing::
+ChangePassword()
+{
+  return NS_OK;
+}
+
+/* void logout(); */
+NS_IMETHODIMP nsSecretDecoderRing::
+Logout()
+{
+    nsresult rv = NS_OK;
+    CMTStatus status;
+    CMT_CONTROL *control;
+
+    /* Check object initialization */
+    NS_ASSERTION(mPSM != nsnull, "SDR object not initialized");
+    if (mPSM == nsnull) { rv = NS_ERROR_NOT_INITIALIZED; goto loser; }
+
+    /* Get the control connection */
+    rv = mPSM->GetControlConnection(&control);
+    if (rv != NS_OK) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+    
+    /* Call PSM to decrypt the value */
+    status = CMT_LogoutAllTokens(control);
+    if (status != CMTSuccess) { rv = NS_ERROR_FAILURE; goto loser; } /* Promote? */
+
+loser:
+    return rv;
+}
+
+
+// Support routines
+
+nsresult nsSecretDecoderRing::
+encode(const unsigned char *data, PRInt32 dataLen, char **_retval)
+{
+    nsresult rv = NS_OK;
+
+    *_retval = PL_Base64Encode((const char *)data, dataLen, NULL);
+    if (!*_retval) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
+
+loser:
+    return rv;
+
+#if 0
+    nsresult rv = NS_OK;
+    char *r = 0;
+
+    // Allocate space for encoded string (with NUL)
+    r = (char *)nsAllocator::Alloc(dataLen+1);
+    if (!r) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
+
+    memcpy(r, data, dataLen);
+    r[dataLen] = 0;
+
+    *_retval = r;
+    r = 0;
+
+loser:
+    if (r) nsAllocator::Free(r);
+
+    return rv;
+#endif
+}
+
+nsresult nsSecretDecoderRing::
+decode(const char *data, unsigned char **result, PRInt32 * _retval)
+{
+    nsresult rv = NS_OK;
+    PRUint32 len = PL_strlen(data);
+    int adjust = 0;
+
+    /* Compute length adjustment */
+    if (data[len-1] == '=') {
+      adjust++;
+      if (data[len-2] == '=') adjust++;
+    }
+
+    *result = (unsigned char *)PL_Base64Decode(data, len, NULL);
+    if (!*result) { rv = NS_ERROR_ILLEGAL_VALUE; goto loser; }
+
+    *_retval = (len*3)/4 - adjust;
+
+loser:
+    return rv;
+
+#if 0
+    nsresult rv = NS_OK;
+    unsigned char *r = 0;
+    PRInt32 rLen;
+
+    // Allocate space for decoded string (missing NUL)
+    rLen = PL_strlen(data);
+    r = (unsigned char *)nsAllocator::Alloc(rLen);
+    if (!r) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
+
+    memcpy(r, data, rLen);
+
+    *result = r;
+    r = 0;
+    *_retval = rLen;
+
+loser:
+    if (r) nsAllocator::Free(r);
+
+    return rv;
+#endif
+}
+
+const char * nsSecretDecoderRing::kPSMComponentProgID = PSM_COMPONENT_PROGID;

mozilla/extensions/psm-glue/src/nsSDR.h

@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Terry Hayes <thayes@netscape.com>
+ */
+
+#ifndef _NSSDR_H_
+#define _NSSDR_H_
+
+#include "nsISecretDecoderRing.h"
+
+// ===============================================
+// nsSecretDecoderRing - implementation of nsISecretDecoderRing
+// ===============================================
+
+#define NS_SDR_CLASSNAME "Secret Decoder Ring"
+#define NS_SDR_CID \
+  { 0xd9a0341, 0xce7, 0x11d4, { 0x9f, 0xdd, 0x0, 0x0, 0x64, 0x65, 0x73, 0x74 } }
+#define NS_SDR_PROGID "netscape.security.sdr"
+
+class nsSecretDecoderRing : public nsISecretDecoderRing
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSISECRETDECODERRING
+
+  nsSecretDecoderRing();
+  virtual ~nsSecretDecoderRing();
+
+  nsresult init();
+
+private:
+  nsIPSMComponent *mPSM;
+
+  static const char *kPSMComponentProgID;
+
+  nsresult encode(const unsigned char *data, PRInt32 dataLen, char **_retval);
+  nsresult decode(const char *data, unsigned char **result, PRInt32 * _retval);
+};
+
+#endif /* _NSSDR_H_ */

mozilla/extensions/psm-glue/src/nsSSLIOLayer.cpp

@@ -0,0 +1,432 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+*/
+
+#include "nspr.h"
+#include "nsString.h"
+#include "cmtcmn.h"
+
+#include "nsIPSMComponent.h"
+#include "nsIPSMSocketInfo.h"
+#include "nsIServiceManager.h"
+#include "nsPSMShimLayer.h"
+#include "nsSSLIOLayer.h"
+
+static PRDescIdentity  nsSSLIOLayerIdentity;
+static PRIOMethods     nsSSLIOLayerMethods;
+static nsIPSMComponent* gPSMService = nsnull;
+
+
+
+class nsPSMSocketInfo : public nsIPSMSocketInfo
+{
+public:
+    nsPSMSocketInfo();
+    ~nsPSMSocketInfo();
+
+    NS_DECL_ISUPPORTS
+    NS_DECL_NSIPSMSOCKETINFO
+
+    // internal functions to psm-glue.
+    nsresult SetSocketPtr(CMSocket *socketPtr);
+    nsresult SetControlPtr(CMT_CONTROL *aControlPtr);
+    nsresult SetFileDescPtr(PRFileDesc *aControlPtr);
+    nsresult SetHostName(char *aHostName);
+
+protected:
+    CMT_CONTROL* mControl;
+    CMSocket*    mSocket;
+    PRFileDesc*  mFd;
+    nsString     mHostName;
+};
+
+
+static PRStatus PR_CALLBACK
+nsSSLIOLayerConnect(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime timeout)
+{
+    nsresult                result;
+    PRStatus                rv = PR_SUCCESS;
+    CMTStatus               status = CMTFailure;
+    char*                   hostName;
+
+    /* Set the error in case of failure. */
+
+    PR_SetError(PR_UNKNOWN_ERROR, status);
+
+    if (!fd || !addr || !fd->secret)
+        return PR_FAILURE;
+    
+    if (gPSMService == nsnull)
+    {
+        result = nsServiceManager::GetService( PSM_COMPONENT_PROGID,
+                                               NS_GET_IID(nsIPSMComponent), 
+                                               (nsISupports**)&gPSMService);  //FIX leak one per app run
+        if (NS_FAILED(result))
+            return PR_FAILURE;
+    }
+    
+    
+    // Make the socket non-blocking...
+    PRSocketOptionData opt;
+    opt.option = PR_SockOpt_Nonblocking;
+    opt.value.non_blocking = PR_FALSE;
+    rv = PR_SetSocketOption(fd->lower, &opt);
+    if (PR_SUCCESS != rv) 
+        return PR_FAILURE;
+
+    char ipBuffer[PR_NETDB_BUF_SIZE];
+    rv = PR_NetAddrToString(addr, (char*)&ipBuffer, PR_NETDB_BUF_SIZE);
+    if (rv != PR_SUCCESS)
+        return PR_FAILURE;
+    
+    if (addr->raw.family == PR_AF_INET6 && PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) 
+    {
+      /* Chop off the leading "::ffff:" */
+      strcpy(ipBuffer, ipBuffer + 7);
+    }
+
+
+    CMSocket* cmsock = (CMSocket *)PR_Malloc(sizeof(CMSocket));
+    if (!cmsock)
+        return PR_FAILURE;
+    
+    memset(cmsock, 0, sizeof(CMSocket));
+    
+    CMT_CONTROL *control;
+    result = gPSMService->GetControlConnection(&control);
+
+    if (result != PR_SUCCESS)
+    {
+        PR_FREEIF(cmsock)
+        return PR_FAILURE;
+    }
+    
+    cmsock->fd        = fd->lower;
+    cmsock->isUnix    = PR_FALSE;
+   
+    nsPSMSocketInfo *infoObject = (nsPSMSocketInfo *)fd->secret;
+    
+    infoObject->GetHostName(&hostName);
+    infoObject->SetControlPtr(control);
+    infoObject->SetSocketPtr(cmsock);
+    
+    status = CMT_OpenSSLConnection(control,
+                                   cmsock,
+                                   SSM_REQUEST_SSL_DATA_SSL,
+                                   PR_ntohs(addr->inet.port),
+                                   ipBuffer,
+                                   (hostName ? hostName : ipBuffer),
+                                   CM_FALSE, 
+                                   nsnull);
+    if (CMTSuccess == status)
+    {
+        // since our stuff can block, what we want to do is return PR_FAILURE,
+        // but set the nspr ERROR to BLOCK.  This will put us into a select
+        // q.
+        PR_SetError(PR_WOULD_BLOCK_ERROR, status);
+        return PR_FAILURE;
+    }
+
+    return PR_FAILURE;
+}
+
+  /* CMT_DestroyDataConnection(ctrl, sock); */
+  /*   need to strip our layer, pass result to DestroyDataConnection */
+  /*   which will clean up the CMT accounting of sock, then call our */
+  /*   shim layer to translate back to NSPR */
+
+static PRStatus PR_CALLBACK
+nsSSLIOLayerClose(PRFileDesc *fd)
+{
+  nsPSMSocketInfo *infoObject    = (nsPSMSocketInfo *)fd->secret;
+  PRDescIdentity          id     = PR_GetLayersIdentity(fd);
+   
+  if (infoObject && id == nsSSLIOLayerIdentity)
+  {
+    CMInt32 errorCode = PR_FAILURE;
+    CMT_CONTROL* control;
+    CMSocket*    socket;
+    
+    infoObject->GetControlPtr(&control);
+    infoObject->GetSocketPtr(&socket);
+
+    if (((PRStatus) CMT_GetSSLDataErrorCode(control, socket, &errorCode)) == PR_SUCCESS)
+    {
+        CMT_DestroyDataConnection(control, socket);
+        NS_RELEASE(infoObject);
+        fd->identity = PR_INVALID_IO_LAYER;
+    }
+    return (PRStatus)errorCode;
+  }
+
+  return PR_FAILURE;
+}
+ 
+static PRInt32 PR_CALLBACK
+nsSSLIOLayerRead( PRFileDesc *fd, void *buf, PRInt32 amount)
+{
+    if (!fd)
+        return PR_FAILURE;
+
+    PRInt32 result = PR_Recv(fd, buf, amount, 0, PR_INTERVAL_MIN);
+    
+    if (result > 0)
+        return result;
+    
+    if (result == -1)
+    {
+        PRErrorCode code = PR_GetError();
+
+        if (code == PR_IO_TIMEOUT_ERROR )
+            PR_SetError(PR_WOULD_BLOCK_ERROR, PR_WOULD_BLOCK_ERROR);
+        return PR_FAILURE;
+    }
+    
+    if (result == 0)
+    {
+        nsPSMSocketInfo *infoObject    = (nsPSMSocketInfo *)fd->secret;
+        PRDescIdentity          id     = PR_GetLayersIdentity(fd);
+
+        if (infoObject && id == nsSSLIOLayerIdentity)
+        {
+            CMInt32 errorCode = PR_FAILURE;
+            
+            CMT_CONTROL* control;
+            CMSocket*    socket;
+    
+            infoObject->GetControlPtr(&control);
+            infoObject->GetSocketPtr(&socket);
+
+            CMT_GetSSLDataErrorCode(control, socket, &errorCode);
+
+			if (errorCode == PR_IO_TIMEOUT_ERROR)
+			{
+				PR_SetError(PR_WOULD_BLOCK_ERROR, PR_WOULD_BLOCK_ERROR);
+				return PR_FAILURE;
+			}
+
+            PR_SetError(0, 0);
+            return errorCode;
+        }
+    }
+
+    return result;
+}
+
+static PRInt32 PR_CALLBACK
+nsSSLIOLayerWrite( PRFileDesc *fd, const void *buf, PRInt32 amount)
+{
+    if (!fd)
+        return PR_FAILURE;
+
+    PRInt32 result = PR_Send(fd, buf, amount, 0, PR_INTERVAL_MIN);
+    
+    if (result > 0)
+        return result;
+
+    if (result == -1)
+    {
+        PRErrorCode code = PR_GetError();
+
+        if (code == PR_IO_TIMEOUT_ERROR )
+            PR_SetError(PR_WOULD_BLOCK_ERROR, PR_WOULD_BLOCK_ERROR);
+        return PR_FAILURE;
+    }
+
+    if (result == 0)
+    {
+        nsPSMSocketInfo *infoObject    = (nsPSMSocketInfo *)fd->secret;
+        PRDescIdentity          id     = PR_GetLayersIdentity(fd);
+
+        if (infoObject && id == nsSSLIOLayerIdentity)
+        {
+            CMInt32 errorCode = PR_FAILURE;
+            CMT_CONTROL* control;
+            CMSocket*    socket;
+    
+            infoObject->GetControlPtr(&control);
+            infoObject->GetSocketPtr(&socket);
+
+            CMT_GetSSLDataErrorCode(control, socket, &errorCode);
+            PR_SetError(0, 0);
+            return errorCode;
+        }
+    }
+    return result;
+}
+
+
+
+nsPSMSocketInfo::nsPSMSocketInfo()
+{ 
+    NS_INIT_REFCNT(); 
+    mControl = nsnull; 
+    mSocket = nsnull;
+}
+
+nsPSMSocketInfo::~nsPSMSocketInfo()
+{
+}
+
+NS_IMPL_THREADSAFE_ISUPPORTS1(nsPSMSocketInfo, nsIPSMSocketInfo);
+
+NS_IMETHODIMP
+nsPSMSocketInfo::GetControlPtr(CMT_CONTROL * *aControlPtr)
+{
+    *aControlPtr = mControl;
+    return NS_OK;
+}
+
+nsresult
+nsPSMSocketInfo::SetControlPtr(CMT_CONTROL *aControlPtr)
+{
+    mControl = aControlPtr;
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPSMSocketInfo::GetSocketPtr(CMSocket * *socketPtr)
+{
+    *socketPtr = mSocket;
+    return NS_OK;
+}
+
+nsresult
+nsPSMSocketInfo::SetSocketPtr(CMSocket *socketPtr)
+{
+    mSocket = socketPtr;
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPSMSocketInfo::GetFileDescPtr(PRFileDesc * *aFilePtr)
+{
+    *aFilePtr = mFd;
+    return NS_OK;
+}
+
+
+nsresult
+nsPSMSocketInfo::SetFileDescPtr(PRFileDesc *aFilePtr)
+{
+    mFd = aFilePtr;
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsPSMSocketInfo::GetHostName(char * *aHostName)
+{
+    *aHostName = mHostName.ToNewCString();
+    return NS_OK;
+}
+
+
+nsresult 
+nsPSMSocketInfo::SetHostName(char *aHostName)
+{
+    mHostName.AssignWithConversion(aHostName);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPSMSocketInfo::GetPickledStatus(char * *pickledStatusString)
+{
+    *pickledStatusString = nsnull;
+
+    if (mSocket && mControl)
+    {
+        long level;
+        CMTItem pickledStatus = {0, nsnull, 0};
+        unsigned char* ret    = nsnull;
+
+        if (CMT_GetSSLSocketStatus(mControl, mSocket, &pickledStatus, &level) == PR_FAILURE)
+            return nsnull;
+        
+        ret = (unsigned char*) PR_Malloc( (SSMSTRING_PADDED_LENGTH(pickledStatus.len) + sizeof(int)) );
+        if (!ret) 
+            return NS_ERROR_OUT_OF_MEMORY;
+
+        *(int*)ret = pickledStatus.len;
+        memcpy(ret+sizeof(int), pickledStatus.data, *(int*)ret);
+    
+        PR_FREEIF(pickledStatus.data);
+    
+        *pickledStatusString = (char*) ret;
+    }
+    return NS_OK;
+}
+
+nsresult
+nsSSLIOLayerNewSocket(const char* hostName, PRFileDesc **fd, nsISupports** info)
+{
+    static PRBool  firstTime = PR_TRUE;
+    if (firstTime)
+    {
+        nsSSLIOLayerIdentity        = PR_GetUniqueIdentity("Cartman layer");
+        nsSSLIOLayerMethods         = *PR_GetDefaultIOMethods();
+
+        nsSSLIOLayerMethods.connect = nsSSLIOLayerConnect;
+        nsSSLIOLayerMethods.close   = nsSSLIOLayerClose;
+        nsSSLIOLayerMethods.read    = nsSSLIOLayerRead;
+        nsSSLIOLayerMethods.write   = nsSSLIOLayerWrite;
+        firstTime                   = PR_FALSE;
+    }
+    
+
+    PRFileDesc *   sock;
+    PRFileDesc *   layer;
+    PRStatus       rv;
+
+    /* Get a normal NSPR socket */
+    sock = PR_NewTCPSocket();  
+    if (! sock) return NS_ERROR_OUT_OF_MEMORY;
+
+    layer = PR_CreateIOLayerStub(nsSSLIOLayerIdentity, &nsSSLIOLayerMethods);
+    if (! layer)
+    {
+        PR_Close(sock);
+        return NS_ERROR_FAILURE;
+    }
+        
+    nsPSMSocketInfo *infoObject = new nsPSMSocketInfo();
+    if (!infoObject)
+    {
+        PR_Close(sock);
+        // clean up IOLayerStub.
+        return NS_ERROR_FAILURE;
+    }
+    
+    NS_ADDREF(infoObject);
+    infoObject->SetHostName((char*)hostName);
+    layer->secret = (PRFilePrivate*) infoObject;
+    rv = PR_PushIOLayer(sock, PR_GetLayersIdentity(sock), layer);
+    
+    if (rv == PR_SUCCESS)
+    {
+        *fd   = sock;
+        *info = infoObject;
+        NS_ADDREF(*info);
+        return NS_OK;
+    }
+    
+    PR_Close(sock);
+    return NS_ERROR_FAILURE;
+}

mozilla/extensions/psm-glue/src/nsSSLIOLayer.h

@@ -0,0 +1,37 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+*/
+
+#ifndef _NSSSLIOLAYER_H
+#define _NSSSLIOLAYER_H
+
+#include "prtypes.h"
+#include "prio.h"
+#include "nsIPSMSocketInfo.h"
+
+// define taken from 4.x cartman glue code.  
+#define SSMSTRING_PADDED_LENGTH(x) ((((x)+3)/4)*4)
+
+nsresult nsSSLIOLayerNewSocket(const char* hostName, PRFileDesc **fd, nsISupports **securityInfo);
+
+
+
+#endif /* _NSSSLIOLAYER_H */

mozilla/extensions/psm-glue/src/nsSSLSocketProvider.cpp

@@ -0,0 +1,83 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+*/
+
+#include "nsIComponentManager.h"
+#include "nsIServiceManager.h"
+#include "nsSSLSocketProvider.h"
+#include "nsSSLIOLayer.h"
+
+////////////////////////////////////////////////////////////////////////////////
+
+nsSSLSocketProvider::nsSSLSocketProvider()
+{
+  NS_INIT_REFCNT();
+}
+
+nsresult
+nsSSLSocketProvider::Init()
+{
+  nsresult rv = NS_OK;
+  return rv;
+}
+
+nsSSLSocketProvider::~nsSSLSocketProvider()
+{
+}
+
+NS_IMPL_THREADSAFE_ISUPPORTS2(nsSSLSocketProvider, nsISocketProvider, nsISSLSocketProvider);
+
+NS_METHOD
+nsSSLSocketProvider::Create(nsISupports *aOuter, REFNSIID aIID, void **aResult)
+{                                                                               
+    nsresult rv;                                                                
+                                                                                
+    nsSSLSocketProvider * inst;                                                      
+                                                                                
+    if (NULL == aResult) {                                                      
+        rv = NS_ERROR_NULL_POINTER;                                             
+        return rv;                                                              
+    }                                                                           
+    *aResult = NULL;                                                            
+    if (NULL != aOuter) {                                                       
+        rv = NS_ERROR_NO_AGGREGATION;                                           
+        return rv;                                                              
+    }                                                                           
+                                                                                
+    NS_NEWXPCOM(inst, nsSSLSocketProvider);                                          
+    if (NULL == inst) {                                                         
+        rv = NS_ERROR_OUT_OF_MEMORY;                                            
+        return rv;                                                              
+    }                                                                           
+    NS_ADDREF(inst);                                                            
+    rv = inst->QueryInterface(aIID, aResult);                                   
+    NS_RELEASE(inst);                                                           
+                                                                                
+    return rv;                                                                  
+}                                                                               
+
+
+NS_IMETHODIMP
+nsSSLSocketProvider::NewSocket(const char *hostName, PRFileDesc **_result, nsISupports **securityInfo)
+{
+  nsresult rv = nsSSLIOLayerNewSocket(hostName, _result, securityInfo);
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}

mozilla/extensions/psm-glue/src/nsSSLSocketProvider.h

@@ -0,0 +1,54 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+*/
+
+#ifndef _NSSSLSOCKETPROVIDER_H_
+#define _NSSSLSOCKETPROVIDER_H_
+
+#include "nsISSLSocketProvider.h"
+
+
+/* 274418d0-5437-11d3-bbc8-0000861d1237 */         
+#define NS_SSLSOCKETPROVIDER_CID   { 0x274418d0, 0x5437, 0x11d3, {0xbb, 0xc8, 0x00, 0x00, 0x86, 0x1d, 0x12, 0x37}}
+
+
+class nsSSLSocketProvider : public nsISSLSocketProvider
+{
+public:
+  NS_DECL_ISUPPORTS
+
+  NS_DECL_NSISOCKETPROVIDER
+
+  NS_DECL_NSISSLSOCKETPROVIDER
+
+  // nsSSLSocketProvider methods:
+  nsSSLSocketProvider();
+  virtual ~nsSSLSocketProvider();
+
+  static NS_METHOD
+  Create(nsISupports *aOuter, REFNSIID aIID, void **aResult);
+
+  nsresult Init();
+
+protected:
+};
+
+#endif /* _NSSSLSOCKETPROVIDER_H_ */

mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.cpp

@@ -0,0 +1,619 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nspr.h"
+#include "prlog.h"
+
+#include "nsISecureBrowserUI.h"
+#include "nsSecureBrowserUIImpl.h"
+#include "nsIPSMComponent.h"
+#include "nsPSMComponent.h"
+#include "nsCOMPtr.h"
+#include "nsIServiceManager.h"
+
+#include "nsIScriptGlobalObject.h"
+#include "nsIObserverService.h"
+#include "nsIDocumentLoader.h"
+#include "nsCURILoader.h"
+#include "nsIDocShell.h"
+#include "nsIDocumentViewer.h"
+#include "nsCURILoader.h"
+#include "nsIDocument.h"
+#include "nsIDOMHTMLDocument.h"
+#include "nsIDOMXULDocument.h"
+#include "nsIDOMElement.h"
+#include "nsIDOMWindow.h"
+#include "nsIWebProgress.h"
+#include "nsIChannel.h"
+#include "nsIPSMSocketInfo.h"
+
+#include "nsIURI.h"
+
+#include "prmem.h"
+
+#include "nsINetSupportDialogService.h"
+#include "nsIPrompt.h"
+#include "nsICommonDialogs.h"
+#include "nsIPref.h"
+
+#include "nsIFormSubmitObserver.h"
+
+static NS_DEFINE_CID(kCStringBundleServiceCID,  NS_STRINGBUNDLESERVICE_CID);
+static NS_DEFINE_CID(kCommonDialogsCID,         NS_CommonDialog_CID );
+static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
+
+#define ENTER_SITE_PREF      "security.warn_entering_secure"
+#define LEAVE_SITE_PREF      "security.warn_leaving_secure"
+#define MIXEDCONTENT_PREF    "security.warn_viewing_mixed"
+#define INSECURE_SUBMIT_PREF "security.warn_submit_insecure"
+
+#if defined(PR_LOGGING)
+//
+// Log module for nsSecureBroswerUI logging...
+//
+// To enable logging (see prlog.h for full details):
+//
+//    set NSPR_LOG_MODULES=nsSecureBroswerUI:5
+//    set NSPR_LOG_FILE=nspr.log
+//
+// this enables PR_LOG_DEBUG level information and places all output in
+// the file nspr.log
+//
+PRLogModuleInfo* gSecureDocLog = nsnull;
+#endif /* PR_LOGGING */
+
+ 
+NS_IMETHODIMP                                                            
+nsSecureBrowserUIImpl::Create(nsISupports *aOuter, REFNSIID aIID, void **aResult) 
+{                                                                               
+    nsresult rv;                                                                
+                                                                                
+    nsSecureBrowserUIImpl * inst;                                                      
+                                                                                
+    if (NULL == aResult) {                                                      
+        rv = NS_ERROR_NULL_POINTER;                                             
+        return rv;                                                              
+    }                                                                           
+    *aResult = NULL;                                                            
+    if (NULL != aOuter) {                                                       
+        rv = NS_ERROR_NO_AGGREGATION;                                           
+        return rv;                                                              
+    }                                                                           
+                                                                                
+    NS_NEWXPCOM(inst, nsSecureBrowserUIImpl);                                          
+    if (NULL == inst) {                                                         
+        rv = NS_ERROR_OUT_OF_MEMORY;                                            
+        return rv;                                                              
+    }                                                                           
+    NS_ADDREF(inst);                                                            
+    rv = inst->QueryInterface(aIID, aResult);                                   
+    NS_RELEASE(inst);                                                           
+                                                                                
+    return rv;                                                                  
+}                                                                               
+
+nsSecureBrowserUIImpl::nsSecureBrowserUIImpl()
+{
+	NS_INIT_REFCNT();
+
+#if defined(PR_LOGGING)
+  if (nsnull == gSecureDocLog) {
+      gSecureDocLog = PR_NewLogModule("nsSecureBroswerUI");
+  }
+#endif /* PR_LOGGING */
+
+
+	mIsSecureDocument = mMixContentAlertShown = mIsDocumentBroken = PR_FALSE;
+    mLastPSMStatus    = nsnull;
+    mCurrentURI       = nsnull;
+    mSecurityButton   = nsnull;
+}
+
+nsSecureBrowserUIImpl::~nsSecureBrowserUIImpl()
+{
+    PR_FREEIF(mLastPSMStatus);
+}
+
+NS_IMPL_ISUPPORTS4(nsSecureBrowserUIImpl, 
+                   nsSecureBrowserUI, 
+                   nsIWebProgressListener, 
+                   nsIFormSubmitObserver,
+                   nsIObserver); 
+
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::Init(nsIDOMWindow *window, nsIDOMElement *button)
+{
+    mSecurityButton = button;
+    mWindow         = window;
+    
+    nsresult rv = nsServiceManager::GetService( kPrefCID, 
+                                                NS_GET_IID(nsIPref), 
+                                                getter_AddRefs(mPref));  
+    if (NS_FAILED(rv)) return rv;
+    
+    NS_WITH_SERVICE(nsIStringBundleService, service, kCStringBundleServiceCID, &rv);
+    if (NS_FAILED(rv)) return rv;
+    
+    nsILocale* locale = nsnull;
+    rv = service->CreateBundle(SECURITY_STRING_BUNDLE_URL, locale, getter_AddRefs(mStringBundle));
+    if (NS_FAILED(rv)) return rv;
+
+    // hook up to the form post notifications:
+    nsIObserverService *svc = 0;
+    rv = nsServiceManager::GetService(NS_OBSERVERSERVICE_PROGID, 
+                                      NS_GET_IID(nsIObserverService), 
+                                      (nsISupports**)&svc );
+    if ( NS_SUCCEEDED( rv ) && svc )
+    {
+        nsString  topic; topic.AssignWithConversion(NS_FORMSUBMIT_SUBJECT);
+        rv = svc->AddObserver( this, topic.GetUnicode());
+        nsServiceManager::ReleaseService( NS_OBSERVERSERVICE_PROGID, svc );
+    }
+
+    // hook up to the webprogress notifications.
+    nsCOMPtr<nsIDocShell> docShell;
+	
+    nsCOMPtr<nsIScriptGlobalObject> sgo = do_QueryInterface(window);
+	if (!sgo) return NS_ERROR_NULL_POINTER;
+    
+    sgo->GetDocShell(getter_AddRefs(docShell));
+    if (!docShell) return NS_ERROR_NULL_POINTER;
+    
+    nsCOMPtr<nsIWebProgress> wp = do_QueryInterface(docShell);
+    if (!wp) return NS_ERROR_NULL_POINTER;
+
+    wp->AddProgressListener(NS_STATIC_CAST(nsIWebProgressListener*,this));
+
+    // Set up stuff the first time the window loads:
+    docShell->GetCurrentURI(getter_AddRefs(mCurrentURI));
+
+    return IsURLHTTPS(mCurrentURI, &mIsSecureDocument);
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::DisplayPageInfoUI()
+{
+    nsresult res;
+    NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &res);
+	if (NS_FAILED(res)) 
+		return res;
+    
+    nsXPIDLCString temp;
+    mCurrentURI->GetHost(getter_Copies(temp));
+    return psm->DisplaySecurityAdvisor(mLastPSMStatus, temp);
+}
+
+
+
+
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::Observe(nsISupports*, const PRUnichar*, const PRUnichar*) 
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::Notify(nsIContent* formNode, nsIDOMWindow* window, nsIURI* actionURL)
+{
+    // Return NS_OK unless we want to prevent this form from submitting.
+    if (!window || (mWindow.get() != window) || !actionURL) {
+      return NS_OK;
+    }
+    PRBool okayToPost;
+    nsresult res = CheckPost(actionURL, &okayToPost);
+
+    // Return NS_OK unless we want to prevent this form from submitting.
+    if (NS_SUCCEEDED(res) && okayToPost)
+        return NS_OK;
+    
+    return NS_ERROR_FAILURE;
+}
+
+//  nsIWebProgressListener
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::OnProgressChange(nsIChannel* aChannel, 
+                                        PRInt32 aCurSelfProgress, 
+                                        PRInt32 aMaxSelfProgress, 
+                                        PRInt32 aCurTotalProgress, 
+                                        PRInt32 aMaxTotalProgress)
+{
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::OnChildProgressChange(nsIChannel* aChannel, 
+                                             PRInt32 aCurSelfProgress, 
+                                             PRInt32 aMaxSelfProgress)
+{
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::OnStatusChange(nsIChannel* aChannel, 
+                                      PRInt32 aProgressStatusFlags)
+{
+    nsresult res;
+
+    if (aChannel == nsnull || !mSecurityButton || !mPref)
+        return NS_ERROR_NULL_POINTER;
+    
+    nsCOMPtr<nsIURI> loadingURI;
+    aChannel->GetURI(getter_AddRefs(loadingURI));
+    
+#if defined(DEBUG)
+        nsXPIDLCString temp;
+        loadingURI->GetSpec(getter_Copies(temp));
+        PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: OnStatusChange: %x :%s\n", this, aProgressStatusFlags,(const char*)temp));
+#endif
+
+    if (aProgressStatusFlags & nsIWebProgress::flag_net_start)
+    {
+        // starting to load a webpage
+        PR_FREEIF(mLastPSMStatus); mLastPSMStatus = nsnull;
+
+        mIsSecureDocument = mMixContentAlertShown = mIsDocumentBroken = PR_FALSE;
+        
+        res = CheckProtocolContextSwitch( loadingURI, mCurrentURI);    
+
+    } 
+    else if ((aProgressStatusFlags & nsIWebProgress::flag_net_stop)  && mIsSecureDocument)
+    {
+        if (!mIsDocumentBroken) // and status is okay  FIX
+        {
+            // qi for the psm information about this channel load.
+            nsCOMPtr<nsISupports> info;
+	        aChannel->GetSecurityInfo(getter_AddRefs(info));
+	        nsCOMPtr<nsIPSMSocketInfo> psmInfo = do_QueryInterface(info);
+            if ( psmInfo )
+            {
+                // Everything looks okay.  Lets stash the picked status.
+                PR_FREEIF(mLastPSMStatus);
+                res = psmInfo->GetPickledStatus(&mLastPSMStatus);
+    
+                if (NS_SUCCEEDED(res))
+                {
+                    PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: Icon set to lock\n", this));
+                    res = mSecurityButton->SetAttribute( NS_ConvertASCIItoUCS2("level"), NS_ConvertASCIItoUCS2("high") );
+                }
+	        }
+        }
+        else
+        {
+
+            PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: Icon set to broken\n", this));
+            mIsDocumentBroken = PR_TRUE;
+            res = mSecurityButton->SetAttribute( NS_ConvertASCIItoUCS2("level"), NS_ConvertASCIItoUCS2("broken") );
+        }
+    }
+    else // if (aProgressStatusFlags == nsIWebProgress::flag_net_redirecting)
+    {
+        res = NS_ERROR_NOT_IMPLEMENTED;
+        // xxx need to fix.
+    }
+
+    return res;
+}
+
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::OnChildStatusChange(nsIChannel* aChannel, PRInt32 aProgressStatusFlags)
+{
+    nsresult rv;
+    if (aChannel == nsnull || !mSecurityButton || !mPref)
+        return NS_ERROR_NULL_POINTER;
+    
+    nsCOMPtr<nsIURI> uri;
+    rv = aChannel->GetURI(getter_AddRefs(uri));
+    if (NS_FAILED(rv)) return rv;
+    
+#if defined(DEBUG)
+        nsXPIDLCString temp;
+        uri->GetSpec(getter_Copies(temp));
+        PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: OnChildStatusChange: %x :%s\n", this, aProgressStatusFlags,(const char*)temp));
+#endif
+    
+    // don't need to do anything more if the page is broken or not secure...
+
+    if (!mIsSecureDocument || mIsDocumentBroken)
+        return NS_OK;
+
+    if (aProgressStatusFlags & nsIWebProgress::flag_net_start)
+    {   // check to see if we are going to mix content.
+        return CheckMixedContext(uri);
+    }
+    
+    if (aProgressStatusFlags & nsIWebProgress::flag_net_stop)
+    {
+        if (1)  // FIX status from the flag...
+        {
+            nsCOMPtr<nsISupports> info;
+	        aChannel->GetSecurityInfo(getter_AddRefs(info));
+	        nsCOMPtr<nsIPSMSocketInfo> psmInfo = do_QueryInterface(info, &rv);
+        
+            // qi for the psm information about this channel load.
+            if ( psmInfo )
+            {
+                return NS_OK;    
+	        }
+        }
+
+        PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: OnChildStatusChange - Icon set to broken\n", this));
+        mSecurityButton->SetAttribute( NS_ConvertASCIItoUCS2("level"), NS_ConvertASCIItoUCS2("broken") );
+	    mIsDocumentBroken = PR_TRUE;
+    }    
+    
+    
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::OnLocationChange(nsIURI* aLocation)
+{
+    mCurrentURI = aLocation;
+    return NS_OK;
+}
+
+
+nsresult
+nsSecureBrowserUIImpl::IsURLHTTPS(nsIURI* aURL, PRBool* value)
+{
+	*value = PR_FALSE;
+
+	if (!aURL)
+		return NS_OK;
+
+    char* scheme;
+	aURL->GetScheme(&scheme);
+
+	if (scheme == nsnull)
+		return NS_ERROR_NULL_POINTER;
+
+    if ( PL_strncasecmp(scheme, "https",  5) == 0 )
+		*value = PR_TRUE;
+	
+	nsAllocator::Free(scheme);
+	return NS_OK;
+}
+
+
+
+void nsSecureBrowserUIImpl::GetBundleString(const nsString& name, nsString &outString)
+{
+  if (mStringBundle && name.Length() > 0)
+  {
+    PRUnichar *ptrv = nsnull;
+    if (NS_SUCCEEDED(mStringBundle->GetStringFromName(name.GetUnicode(), &ptrv)))
+      outString = ptrv;
+    else
+      outString.SetLength(0);;
+    
+    nsAllocator::Free(ptrv);
+  }
+  else
+  {
+    outString.SetLength(0);;
+  }
+}
+
+nsresult 
+nsSecureBrowserUIImpl::CheckProtocolContextSwitch( nsIURI* newURI, nsIURI* oldURI)
+{
+    nsresult res;
+    PRBool isNewSchemeSecure, isOldSchemeSecure, boolpref;
+
+    res = IsURLHTTPS(oldURI, &isOldSchemeSecure);
+	if (NS_FAILED(res)) 
+		return res;
+    res = IsURLHTTPS(newURI, &isNewSchemeSecure);
+	if (NS_FAILED(res)) 
+		return res;
+    
+// Check to see if we are going from a secure page to and insecure page
+	if ( !isNewSchemeSecure && isOldSchemeSecure)
+	{
+		mSecurityButton->RemoveAttribute( NS_ConvertASCIItoUCS2("level") );
+	
+        if ((mPref->GetBoolPref(LEAVE_SITE_PREF, &boolpref) != 0))
+			boolpref = PR_TRUE;
+		
+		if (boolpref) 
+		{
+			NS_WITH_SERVICE(nsICommonDialogs, dialog, kCommonDialogsCID, &res);
+			if (NS_FAILED(res)) 
+				return res;
+            
+            nsAutoString windowTitle, message, dontShowAgain;
+            
+            GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
+            GetBundleString(NS_ConvertASCIItoUCS2("LeaveSiteMessage"), message);
+            GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
+
+            PRBool outCheckValue = PR_TRUE;
+			dialog->AlertCheck(mWindow, 
+                               windowTitle.GetUnicode(), 
+                               message.GetUnicode(), 
+                               dontShowAgain.GetUnicode(), 
+                               &outCheckValue);
+            
+            if (!outCheckValue)
+            {
+                mPref->SetBoolPref(LEAVE_SITE_PREF, PR_FALSE);
+		        NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &res);
+            	if (NS_FAILED(res)) 
+		            return res;
+                psm->PassPrefs();
+            }
+        }
+	}
+	// check to see if we are going from an insecure page to a secure one.
+	else if (isNewSchemeSecure && !isOldSchemeSecure)
+	{
+    
+		if ((mPref->GetBoolPref(ENTER_SITE_PREF, &boolpref) != 0))
+			boolpref = PR_TRUE;
+		
+		if (boolpref) 
+		{
+            NS_WITH_SERVICE(nsICommonDialogs, dialog, kCommonDialogsCID, &res);
+			if (NS_FAILED(res)) 
+				return res;
+            
+            nsAutoString windowTitle, message, dontShowAgain;
+            
+            GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
+            GetBundleString(NS_ConvertASCIItoUCS2("EnterSiteMessage"), message);
+            GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
+
+            PRBool outCheckValue = PR_TRUE;
+			dialog->AlertCheck(mWindow, 
+                               windowTitle.GetUnicode(), 
+                               message.GetUnicode(), 
+                               dontShowAgain.GetUnicode(), 
+                               &outCheckValue);
+            
+            if (!outCheckValue)
+            {
+                mPref->SetBoolPref(ENTER_SITE_PREF, PR_FALSE);
+                NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &res);
+            	if (NS_FAILED(res)) 
+		            return res;
+                psm->PassPrefs();
+            }
+		}
+    }
+
+    mIsSecureDocument = isNewSchemeSecure;
+    return NS_OK;
+}
+
+
+nsresult
+nsSecureBrowserUIImpl::CheckMixedContext(nsIURI* nextURI)
+{
+    PRBool secure;
+
+    nsresult rv = IsURLHTTPS(nextURI, &secure);
+    if (NS_FAILED(rv))
+	    return rv;
+    
+    if (!secure  && mIsSecureDocument)
+    {
+        mIsDocumentBroken = PR_TRUE;
+        mSecurityButton->SetAttribute( NS_ConvertASCIItoUCS2("level"), NS_ConvertASCIItoUCS2("broken") );
+
+        if (!mPref) return NS_ERROR_NULL_POINTER;
+	    
+        PRBool boolpref;
+	    if ((mPref->GetBoolPref(MIXEDCONTENT_PREF, &boolpref) != 0))
+		    boolpref = PR_TRUE;
+
+	    if (boolpref && !mMixContentAlertShown) 
+	    {
+		    NS_WITH_SERVICE(nsICommonDialogs, dialog, kCommonDialogsCID, &rv);
+		    if (NS_FAILED(rv)) 
+			    return rv;
+        
+            nsAutoString windowTitle, message, dontShowAgain;
+
+            GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
+            GetBundleString(NS_ConvertASCIItoUCS2("MixedContentMessage"), message);
+            GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
+
+            PRBool outCheckValue = PR_TRUE;
+		    
+            dialog->AlertCheck(mWindow, 
+                               windowTitle.GetUnicode(), 
+                               message.GetUnicode(), 
+                               dontShowAgain.GetUnicode(), 
+                               &outCheckValue);
+        
+            if (!outCheckValue)
+            {
+                mPref->SetBoolPref(MIXEDCONTENT_PREF, PR_FALSE);
+                NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &rv);
+                if (NS_FAILED(rv)) 
+		            return rv;
+                psm->PassPrefs();
+            }
+        
+        
+            mMixContentAlertShown = PR_TRUE;
+        }
+    }
+    
+    return NS_OK;
+}
+
+nsresult
+nsSecureBrowserUIImpl::CheckPost(nsIURI *actionURL, PRBool *okayToPost)
+{
+    PRBool secure;
+
+    nsresult rv = IsURLHTTPS(actionURL, &secure);
+    if (NS_FAILED(rv))
+	    return rv;
+    
+    if (!secure  && mIsSecureDocument)
+    {
+        PRBool boolpref;    
+
+        // posting to a non https URL.
+        if ((mPref->GetBoolPref(INSECURE_SUBMIT_PREF, &boolpref) != 0))
+			boolpref = PR_TRUE;
+		
+		if (boolpref) 
+		{
+            NS_WITH_SERVICE(nsICommonDialogs, dialog, kCommonDialogsCID, &rv);
+			if (NS_FAILED(rv)) 
+				return rv;
+
+            nsAutoString windowTitle, message, dontShowAgain;
+            
+            GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
+            GetBundleString(NS_ConvertASCIItoUCS2("PostToInsecure"), message);
+            GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
+
+            PRBool outCheckValue = PR_TRUE;
+			dialog->ConfirmCheck(mWindow, 
+                                 windowTitle.GetUnicode(), 
+                                 message.GetUnicode(), 
+                                 dontShowAgain.GetUnicode(), 
+                                 &outCheckValue, 
+                                 okayToPost);
+            
+            if (!outCheckValue)
+            {
+                mPref->SetBoolPref(INSECURE_SUBMIT_PREF, PR_FALSE);
+                NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &rv);
+            	if (NS_FAILED(rv)) 
+		            return rv;
+                psm->PassPrefs();
+            }
+        }
+    }
+    return NS_OK;
+}
+
+
+

mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.h

@@ -0,0 +1,99 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#ifndef nsSecureBrowserUIImpl_h_
+#define nsSecureBrowserUIImpl_h_
+
+#include "nsCOMPtr.h"
+#include "nsXPIDLString.h"
+#include "nsString.h"
+#include "nsIObserver.h"
+#include "nsIDocumentLoaderObserver.h"
+#include "nsIDOMElement.h"
+#include "nsIDOMWindow.h"
+#include "nsIStringBundle.h"
+#include "nsISecureBrowserUI.h"
+#include "nsIDocShell.h"
+#include "nsIPref.h"
+#include "nsIWebProgressListener.h"
+#include "nsIFormSubmitObserver.h"
+#include "nsIURI.h"
+
+#define NS_SECURE_BROWSER_DOCOBSERVER_CLASSNAME "Mozilla Secure Browser Doc Observer"
+
+#define NS_SECURE_BROWSER_DOCOBSERVER_CID \
+{0x97c06c30, 0xa145, 0x11d3, \
+{0x8c, 0x7c, 0x00, 0x60, 0x97, 0x92, 0x27, 0x8c}}
+
+#define NS_SECURE_BROWSER_DOCOBSERVER_PROGID "component://netscape/secure_browser_docobserver"
+
+
+class nsSecureBrowserUIImpl : public nsSecureBrowserUI, 
+                              public nsIWebProgressListener, 
+                              public nsIFormSubmitObserver,
+                              public nsIObserver
+{
+public:
+
+	nsSecureBrowserUIImpl();
+	virtual ~nsSecureBrowserUIImpl();
+    
+    static NS_METHOD Create(nsISupports *aOuter, REFNSIID aIID, void **aResult);
+
+	NS_DECL_ISUPPORTS    
+    NS_DECL_NSIWEBPROGRESSLISTENER
+    NS_DECL_NSSECUREBROWSERUI
+
+
+    // nsIObserver
+    NS_DECL_NSIOBSERVER
+    NS_IMETHOD Notify(nsIContent* formNode, nsIDOMWindow* window, nsIURI *actionURL);
+
+protected:
+
+	nsCOMPtr<nsIDOMWindow>              mWindow;
+    nsCOMPtr<nsIDOMElement>             mSecurityButton;
+	nsCOMPtr<nsIDocumentLoaderObserver> mOldWebShellObserver;
+    nsCOMPtr<nsIPref>                   mPref;
+    nsCOMPtr<nsIStringBundle>           mStringBundle;
+    
+    nsCOMPtr<nsIURI>                    mCurrentURI;
+
+	PRBool					mIsSecureDocument;  // is https loaded
+	PRBool					mIsDocumentBroken;  // 
+	PRBool					mMixContentAlertShown;
+    
+    char*                   mLastPSMStatus;
+    
+
+    void GetBundleString(const nsString& name, nsString &outString);
+    
+    nsresult CheckProtocolContextSwitch( nsIURI* newURI, nsIURI* oldURI);
+    nsresult CheckMixedContext(nsIURI* nextURI);
+    nsresult CheckPost(nsIURI *actionURL, PRBool *okayToPost);
+    nsresult IsURLHTTPS(nsIURI* aURL, PRBool *value);
+};
+
+
+#endif /* nsSecureBrowserUIImpl_h_ */

mozilla/security/Makefile.in

@@ -0,0 +1,31 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= psm
+
+include $(topsrcdir)/config/rules.mk

mozilla/security/makefile.win

@@ -0,0 +1,27 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..
+include <$(DEPTH)/config/config.mak>
+
+DIRS = psm
+
+include <$(DEPTH)\config\rules.mak>

mozilla/security/psm/Makefile.in

@@ -0,0 +1,31 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= lib
+
+include $(topsrcdir)/config/rules.mk

mozilla/security/psm/doc/cmcjavascriptapi.html

@@ -0,0 +1,502 @@
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<head>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+   <meta name="GENERATOR" content="Mozilla/4.7 [en] (WinNT; U) [Netscape]">
+   <title>Javascript API for Client Certificate Management</title>
+</head>
+<body>
+&nbsp;
+<table WIDTH="100%" >
+<tr>
+<td>
+<h1>
+<font face="Arial,Helvetica">Personal Security Manager 1.0</font></h1>
+
+<h2>
+<font face="Arial,Helvetica">JavaScript API for Client Certificate Management</font></h2>
+</td>
+</tr>
+</table>
+Version 0.3 - 10/27/1999
+<br>Comments to: <a href="mailto:psmfeedback@netscape.com?subject=JavaScript%20API%20Feedback">psmfeedback@netscape.com</a>
+<p>This document describes a new JavaScript API for performing user certificate
+management operations within a client. The JavaScript runs in the context
+of a web page operated by a Certificate Authority (CA) or Registration
+Authority (RA). The API allows the CA or RA to instruct the client to perform
+PKI operations such as key generation, certificate request generation,
+key escrow, import of user certificates, key recovery, and revocation requests.
+<p>These properties and methods reflect behavior currently implemented
+in Personal Security Manager 1.0.
+<p>The messages imported by or generated by these JavaScript methods are
+defined in the CRMF, CMMF, and CMC internet drafts.
+<h2>
+<font face="Arial,Helvetica">Overview of New Cert Issuing Process</font></h2>
+
+<ol>
+<li>
+User fills out enrollment form</li>
+
+<li>
+User action initiates script</li>
+
+<li>
+Script calls key generation method</li>
+
+<li>
+Signing and Encryption keys are generated</li>
+
+<li>
+Encryption Private Key is wrapped with public key of Key Recovery Authority
+(KRA) (passed in in the form of a certificate as part of the script, and
+checked against a pre-installed certificate copy in the local certificate
+database)</li>
+
+<li>
+The public keys, wrapped encryption private key, and text string from the
+script (possibly containing naming or enrollment info) are signed by the
+user</li>
+
+<li>
+Signed blob is returned to the script</li>
+
+<li>
+Script submits signed blob and any other necessary info to the CA/RA</li>
+
+<li>
+CA/RA verifies signature on signed blob</li>
+
+<li>
+CA/RA validates identity of user</li>
+
+<li>
+CA/RA sends wrapped encryption private key to KRA</li>
+
+<li>
+KRA sends escrow verification back to CA</li>
+
+<li>
+CA creates and signs certificates</li>
+
+<li>
+CA sends certificates back to Communicator</li>
+</ol>
+
+<h2>
+<font face="Arial,Helvetica">JavaScript API</font></h2>
+
+<h3>
+<font face="Arial,Helvetica">Properties</font></h3>
+<tt>crypto.algorithms.dh.keySizes</tt>
+<br><tt>crypto.algorithms.dsa.keySizes</tt>
+<br><tt>crypto.algorithms.rsa.signing.keySizes</tt>
+<br><tt>crypto.algorithms.rsa.keyEx.keySizes</tt>
+<p><tt>keySizes</tt> is an an array that describes the available key sizes
+for the particular algorithms and operations.
+<p>The table below describes the key sizes that will be supported in the
+US and Export versions of Communicator.
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Algorithm</b></td>
+
+<td ALIGN=CENTER><b>US Version Key Sizes</b></td>
+
+<td ALIGN=CENTER><b>Export Version Key Sizes</b></td>
+</tr>
+
+<tr>
+<td>DSA Signing Only</td>
+
+<td>1024, 2048</td>
+
+<td>1024, 2048</td>
+</tr>
+
+<tr>
+<td>RSA Signing Only</td>
+
+<td>1024, 2048</td>
+
+<td>1024, 2048</td>
+</tr>
+
+<tr>
+<td>RSA Encryption Only</td>
+
+<td>1024, 2048</td>
+
+<td>512,1024</td>
+</tr>
+
+<tr>
+<td>RSA Dual Use Signing And Encryption</td>
+
+<td>1024, 2048</td>
+
+<td>512,1024</td>
+</tr>
+
+<tr>
+<td>DH Key Exchange</td>
+
+<td>1024, 2048</td>
+
+<td>512,1024</td>
+</tr>
+</table>
+
+<h3>
+<font face="Arial,Helvetica">Methods</font></h3>
+
+<h4>
+<font face="Arial,Helvetica">generateCRMFRequest()</font></h4>
+<tt>crmfObject = crypto.generateCRMFRequest(<i>"requestedDN", "regToken",
+"authenticator","escrowAuthorityCert", "KeyGen Done Code",keySize1, "keyParams1",
+"keyGenAlg1",..., keySizeN, "keyParamsN", "keyGenAlgN");</i></tt>
+<p>This method will generate a sequence of CRMF requests that has N requests.&nbsp;
+One request for each key pair that is generated.&nbsp; The first three
+parameters will be applied to every request.&nbsp; the "escrowAuthorityCert"
+parameter will only be used for requests that pertain to a key that is
+being escrowed.&nbsp; After the "escrowAuthorityCert" parameter, the method
+takes some JavaScript code that&nbsp; is invoked when the CRMF request
+is ready. Finally, there are 1 or more sets of key generation arguments.&nbsp;
+Each key generation will be associated with its own request.&nbsp; All
+the requests will have the same DN.
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER VALIGN=TOP><b>Argument</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td><i><tt>"requestedDN"</tt></i></td>
+
+<td>An RFC1485 formatted DN to include in the certificate request.</td>
+</tr>
+
+<tr>
+<td><i><tt>"regToken"</tt></i></td>
+
+<td>A value used to authenticate the user to the RA/CA.</td>
+</tr>
+
+<tr>
+<td><i><tt>"authenticator"</tt></i></td>
+
+<td>A value that the user can authenticate with in the future when their
+private key is not available. Can be used for key recovery or revocation
+requests.</td>
+</tr>
+
+<tr>
+<td><i><tt>"escrowAuthorityCert"</tt></i></td>
+
+<td>If this value is NULL, then no key escrow will be performed. This value
+specifies which KRA certificate should be used to wrap the private key
+being escrowed. The user will be prompted for confirmation whenever a key
+will be escrowed.&nbsp; Only key exchange keys will be escrowed. If a dual
+use key is being generated, it will not be escrowed.&nbsp; The value of
+this argument is a base-64 encoded certificate.</td>
+</tr>
+
+<tr>
+<td><i><tt>"CRMF Generation Done Code"</tt></i></td>
+
+<td>This parameter is JavaScript to execute when the CRMF generation is
+complete.&nbsp;</td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>keySizeN</tt></i></td>
+
+<td>The size in bits of the Nth key to generate</td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"keyParamsN"</tt></i></td>
+
+<td>This string is an optional algorithm dependent parameter value. For
+Diffie-Hellman it is used to specify p and g parameters.&nbsp; For DSA,
+it will be used to specify pqg. If the key generation requires parameters
+and the value passed in is NULL, then the client will generate the parameters
+on its own. Currently, this value is ignored.</td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"keyGenAlgN"</tt></i></td>
+
+<td>Which algorithm the generated key will support. Acceptable values are
+(the mentioned values for keyUsage pertain to the keyUsage value of the
+Certificate Extension that will ultimately be in the issued certificate):&nbsp;
+<ul>
+<li>
+"rsa-ex" - generate an RSA key for key exchange only (This will have keyEncipherment
+set for keyUsage.)</li>
+
+<li>
+"rsa-dual-use" - generate a single RSA key for both signing and encryption.&nbsp;
+(This will have digitalSignature, keyEncipherment, and nonRepudiation set
+for keyUsage.)</li>
+
+<li>
+"rsa-sign" - generate an RSA key for signing only. (This will have digitalSignature
+set for keyUsage.)</li>
+
+<li>
+"rsa-nonrepudiation" - generate a single RSA key for nonRepudiation only.
+(This will have non-repudiation set for keyUsage.)</li>
+
+<li>
+"rsa-sign-nonrepudiation" - generate a single RSA key use for both signing
+and nonRepudiation. (This will have both digitalSignature and nonRepudiation
+set for keyUsage.)</li>
+
+<li>
+"dsa-sign" - generate a single DSA key for signing only. (This will have
+digitalSignature set for keyUsage.)</li>
+
+<li>
+"dsa-nonrepudiation" - generate a single DSA key for nonRepudiation. (This
+will have nonRepudiation set for keyUsage.)</li>
+
+<li>
+"dsa-sign-nonrepudiation" - generate a single DSA key for signing and non-repudiation.
+(This will have digitalSignature and nonRepudiation set for keyUsage.)</li>
+</ul>
+</td>
+</tr>
+</table>
+
+<p>The <b>generateCRMFRequest()</b> method will cause the user to be presented
+with a key generation dialog. The dialog describes the key generation process
+and gives the user the opportunity to cancel the operation.
+<p>The method <b>generateCRMFRequest() </b>will return an instance of a
+CRMF object. The JavaScript passed in as the <i><tt>"CRMF Generation Done
+Code"</tt></i> parameter should look at the attribute <i>request </i>of
+the returned object to get the result of the CRMF generation.
+<p>The string found by accessing <i><tt>crmfObject.request</tt></i> is
+the base-64 encoded CRMF message to be sent to the CA/RA, or an error string.
+The possible error strings are:
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Error String</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td>"error:invalidParameter:XXX"</td>
+
+<td>The parameter XXX was an invalid value.</td>
+</tr>
+
+<tr>
+<td>"error:userCancel"</td>
+
+<td>the user has canceled the key generation operation</td>
+</tr>
+
+<tr>
+<td>"error:internalError"</td>
+
+<td>the software encountered some internal error, such as out of memory</td>
+</tr>
+</table>
+
+<h4>
+<font face="Arial,Helvetica">importUserCertificates()</font></h4>
+<tt><i>resultString</i> = crypto.importUserCertificates(<i>"nicknameString"</i>,
+<i>"certString"</i>,
+<i>allowBackup</i>)</tt>
+<br>&nbsp;
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Argument</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"nicknameString"</tt></i></td>
+
+<td>This is the nickname that will be used to describe the certificate
+in the client's certificate management UI.&nbsp; It should serve to uniquely
+identify the certificate to the user. For example, "John Smith's VeriSign
+Class 3 Digital ID" or "John Smith's Ford ID Certificate". However, if
+this certificate has the same DN as one or more certificates that already
+exist in the user's certificate store, the nickname associated with the
+certificate(s) of the same DN in the certificate store is used, and the
+<tt>"nicknameString"</tt> parameter is ignored. If the string is null and
+no certificate with the same DN exists in the user's certificate store,
+Personal Security Manager uses the following pattern to derive the nickname:
+<tt>&lt;Common Name>'s &lt;Issuer Name> ID</tt>.</td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"certRepString"</tt></i></td>
+
+<td>This string is the CMMF Certification Response from the CA that contains
+the user's certificate(s). The response is base-64 encoded.</td>
+</tr>
+
+<tr>
+<td><i><tt>allowBackup</tt></i></td>
+
+<td>This is a Boolean argument. It allows the CA or RA to indicate to the
+client whether to force the user to back up a newly issued certificate
+(PKCS #12).</td>
+</tr>
+</table>
+
+<p>The <b>importUserCertificates()</b> method is used to import newly issued
+certificates for the user. The private key for the certificates must already
+reside in the user's personal private key database.
+<p>The request ID in the response being imported must match the request
+ID in the associated Certification Request or Recovery Request.
+<p>If the import operation succeeds, an empty string will be returned.&nbsp;
+If it fails, one of the following error strings will be returned:
+<br>&nbsp;
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Error String</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td>"error:userCancel"</td>
+
+<td>The user canceled the import operation</td>
+</tr>
+
+<tr>
+<td>"error:invalidCertificate"</td>
+
+<td>One of the certificate packages was incorrectly formatted</td>
+</tr>
+
+<tr>
+<td>"error:internalError"</td>
+
+<td>The software encountered some internal error, such as out of memory</td>
+</tr>
+
+<tr>
+<td>"error:invalidRequestID"</td>
+
+<td>The request ID in the response message does not match any outstanding
+request</td>
+</tr>
+</table>
+
+<h4>
+<font face="Arial,Helvetica">popChallengeResponse()</font></h4>
+<tt><i>resultString</i> = crypto.popChallengeResponse(<i>"challengeString"</i>);</tt>
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER VALIGN=TOP><b>Argument</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"challengeString"</tt></i></td>
+
+<td>A base-64 encoded CMMF POPODecKeyChallContent message. The current
+implementation does not conform to that defined in the CMMF draft, and
+we intend to change this implementation to that defined in the CMC RFC..
+See below for the current implementation.</td>
+</tr>
+</table>
+
+<p>The resultString will either be a base-64 encoded POPODecKeyRespContent
+message, or one of the following error strings:
+<br>&nbsp;
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Error String</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td>"error:invalidParameter:XXX"</td>
+
+<td>The parameter XXX was an invalid value.</td>
+</tr>
+
+<tr>
+<td>"error:internalError"</td>
+
+<td>the software encountered some internal error, such as out of memory</td>
+</tr>
+</table>
+
+<p><b>Challenge-Response Proof Of Possession</b>
+<p><tt>Expected Input:</tt>
+<p><tt>POPODecKeyChallContent ::= SEQUENCE OF Challenge</tt>
+<br><tt>&nbsp;&nbsp;&nbsp; -- One Challenge per encryption key certification
+request (in the</tt>
+<br><tt>&nbsp;&nbsp;&nbsp; -- same order as these requests appear in FullCertTemplates).</tt>
+<p><tt>Challenge ::= SEQUENCE {</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; owf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+AlgorithmIdentifier&nbsp; OPTIONAL,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- MUST be present in the first
+Challenge; MAY be omitted in any</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- subsequent Challenge in POPODecKeyChallContent
+(if omitted,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- then the owf used in the immediately
+preceding Challenge is</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- to be used).</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; witness&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+OCTET STRING,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the result of applying the one-way
+function (owf) to a</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- randomly-generated INTEGER, A.&nbsp;
+[Note that a different</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- INTEGER MUST be used for each
+Challenge.]</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sender&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+GeneralName,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the name of the sender.</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; key&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+OCTET STRING,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the public key used to encrypt
+the challenge.&nbsp; This will allow</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the client to find the appropriate
+key to do the decryption.</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; challenge&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+OCTET STRING</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the encryption (under the public
+key for which the cert.</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- request is being made) of Rand,
+where Rand is specified as</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp; Rand ::= SEQUENCE
+{</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; INTEGER,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+- the randomly-generated INTEGER A (above)</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+senderHash&nbsp; OCTET STRING</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+- the result of applying the one-way function (owf) to</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+- the sender's general name</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp; }</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the size of "int" must be small
+enough such that "Rand" can be</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- contained within a single PKCS
+#1 encryption block.</tt>
+<br><tt>&nbsp; }</tt>
+<p>&copy; Copyright 1999 Netscape Communications Corporation
+</body>
+</html>

mozilla/security/psm/doc/contents.htm

@@ -0,0 +1,171 @@
+<html><head>
+<title></title>
+
+</HEAD>
+
+
+<FONT FACE="arial, helvetica, sans-serif"  size="-1">
+<a name="TOP">
+<IMG SRC="cartbanner.gif" WIDTH="432" HEIGHT="36" HSPACE="0" VSPACE="0">
+<table bgcolor="#cccccc" width="100%">
+<tr><td><IMG SRC="w.gif" WIDTH=1 HEIGHT=3 BORDER=0></td></tr>
+</table>
+<BR><BR>
+
+
+
+<TABLE CELLPADDING=5 CELLSPACING=2 border=0>
+<TR>
+
+<TD> <a href="help.htm">Next<IMG SRC="next.gif" WIDTH=16 
+
+HEIGHT=14 ALIGN="texttop" BORDER=0></a></FONT></TD>   
+<TD BGCOLOR="#FFFFFF"><a href="contents.htm">Topics</a></FONT></TD>
+
+
+</TR>
+</TABLE>
+</TD></TR> 
+</TABLE>
+
+<BR> <BR>
+
+</a>
+</DIV>
+
+</P>
+<h1>Contents</h1>
+
+<B><a href="help.htm#1024926"> 	
+</B> </A> <p>
+<p><b>
+<a href="help.htm#1044151">
+ Introduction to Personal Security Manager 	
+</a></b><br><DD>
+
+<a href="help.htm#1044573">
+ About Personal Security Manager Help 	
+</a><br><DD>
+
+<a href="help.htm#1043598">
+ What You Can Do with Personal Security Manager 	
+</a><br><DD>
+
+<a href="help.htm#1026014">
+ Understanding Network Security 	
+</a><br>
+<p><b>
+<a href="help.htm#1045279">
+ Information Tab 	
+</a></b><br><DD>
+
+<a href="help.htm#1041627">
+ Information About Web Pages 	
+</a><br><DD>
+
+<a href="help.htm#1046060">
+ Information About Stored Email Messages 	
+</a><br><DD>
+
+<a href="help.htm#1046671">
+ Information About Email Messages You Are Composing 	
+</a><br>
+<p><b>
+<a href="help.htm#1030083">
+ Applications Tab 	
+</a></b><br><DD>
+
+<a href="help.htm#1030967">
+ Navigator 	
+</a><br><DD>
+
+<a href="help.htm#1031452">
+ Messenger 	
+</a><br><DD>
+
+<a href="help.htm#1031152">
+ Java/JavaScript 	
+</a><br>
+<p><b>
+<a href="help.htm#1030743">
+ Certificates Tab 	
+</a></b><br><DD>
+
+<a href="help.htm#1047547">
+ Certificates&#151;Mine 	
+</a><br><DD>
+
+<a href="help.htm#1031428">
+ Certificates&#151;Others 	
+</a><br><DD>
+
+<a href="help.htm#1031432">
+ Certificates&#151;Web Sites 	
+</a><br><DD>
+
+<a href="help.htm#1031434">
+ Certificates&#151;Authorities 	
+</a><br>
+<p><b>
+<a href="help.htm#1036138">
+ Advanced Tab 	
+</a></b><br><DD>
+
+<a href="help.htm#1036162">
+ Modules 	
+</a><br><DD>
+
+<a href="help.htm#1036164">
+ Options 	
+</a><br>
+<p><b>
+<a href="help.htm#1031657">
+ Other Personal Security Manager Windows 	
+</a></b><br><DD>
+
+<a href="help.htm#1049021">
+ View Security Certificate 	
+</a><br><DD>
+
+<a href="help.htm#1035650">
+ Choose Security Device 	
+</a><br><DD>
+
+<a href="help.htm#1041171">
+ Enrollment Information 	
+</a><br><DD>
+
+<a href="help.htm#1055232">
+ Certificate Renewal 	
+</a><br><DD>
+
+<a href="help.htm#1041200">
+ Choosing a Certificate 	
+</a><br><DD>
+
+<a href="help.htm#1036401">
+ New Certificate Authority 	
+</a><br><DD>
+
+<a href="help.htm#1041248">
+ Web Site Certificates 	
+</a><br><DD>
+
+<a href="help.htm#1036488">
+ Request for Signature 	
+</a><br><FONT FACE="sans-Serif" SIZE=+1>&nbsp;<BR>
+<a href="glossary.htm#996904">
+Glossary 	
+</a>
+</A> </FONT>
+
+<BR><BR><BR>
+
+&copy; Copyright 1999 Netscape Communications Corporation
+</FONT> </CENTER>
+
+<BR>
+
+</BODY>
+
+</HTML>

mozilla/security/psm/doc/glossary.htm

@@ -0,0 +1,412 @@
+<html><head>
+<title></title>
+
+<script languag=javascript> 
+
+  <!-- 
+  if (typeof(crypto.disableRightClick) == "function") { 
+      crypto.disableRightClick(); 
+  } 
+  // --> 
+
+</script>
+</HEAD>
+
+<FONT FACE="arial, helvetica, sans-serif" size="-1">
+<a name="TOP">
+
+<IMG SRC="cartbanner.gif" WIDTH="432" HEIGHT="36" HSPACE="0" VSPACE="0">
+<table bgcolor="#cccccc" width="100%">
+<tr><td><IMG SRC="w.gif" WIDTH=1 HEIGHT=3 BORDER=0></td></tr>
+</table>
+
+<BR><BR>
+<TABLE CELLPADDING=5 CELLSPACING=2 border=0>
+<TR><TD BGCOLOR="#FFFFFF"><a href="help.htm"><IMG SRC="prev.gif" WIDTH=16 
+
+HEIGHT=14 ALIGN="texttop" BORDER=0>Previous</a>
+  </TD>
+
+ 
+<TD BGCOLOR="#FFFFFF"><a href="contents.htm">Topics</a></TD>
+
+
+</TR>
+</TABLE>
+
+<BR> <BR>
+
+</a>
+</DIV>
+
+</P>
+<h1><A NAME="
+"></A><A NAME="996904">
+Glossary 
+</A></h1><dl>
+<A NAME="authentication"></A><A NAME="998782">
+<B>authentication.</B>&nbsp;
+</A><A NAME="1013907">
+Assurance that a party to a computerized transaction is not an impostor. Authentication typically involves the use of a password, certificate, personal identification number (PIN), or other information that can be used to validate identity over a computer network. See also <a href="glossary.htm#1014123">password-based authentication</a>, <a href="glossary.htm#1018581">certificate-based authentication</a>, <a href="glossary.htm#1021054">client authentication</a>, <a href="glossary.htm#1031070">server authentication</a>.<P>
+</A>
+<A NAME="CA"></A><A NAME="1021395">
+<B>CA.</B>&nbsp;
+</A><A NAME="1021418">
+See <a href="glossary.htm#1020903"></a><a href="glossary.htm#1020903">certificate authority (CA)</a>.<P>
+</A>
+<A NAME="CA certificate"></A><A NAME="1017503">
+<B>CA certificate.</B>&nbsp;
+</A><A NAME="1017507">
+A certificate that identifies a certificate authority. See also <a href="glossary.htm#1020903">certificate authority (CA)</a>, <a href="glossary.htm#999541">subordinate CA</a>, <a href="glossary.htm#1015631">root CA</a>.<P>
+</A>
+<A NAME="certificate"></A><A NAME="1018895">
+<B>certificate.</B>&nbsp;
+</A><A NAME="1018896">
+The digital equivalent of an ID card. A certificate specifies the name of an individual, company, or other entity and certifies that a public key, which is included in the certificate, belongs to that entity. When you digitally sign a message or other data, the digital signature for that message is created with the aid of the private key that corresponds to the public key in your certificate. A certificate is issued and digitally signed by a <a href="glossary.htm#1020903">certificate authority (CA)</a>. A certificate's validity can be verified by checking the CA's <a href="glossary.htm#1013995">digital signature</a>. Also called digital ID, digital passport, public-key certificate X.509 certificate, and security certificate. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="certificate authority (CA)"></A><A NAME="1020903">
+<B>certificate authority (CA).</B>&nbsp;
+</A><A NAME="1020904">
+A service that issues a certificate after verifying the identity of the person or entity the certificate is intended to identify. A CA also renews and revokes certificates and generates a list of revoked certificates at regular intervals. CAs can be independent vendors (such as the CAs listed at <a href= "https://certs.netscape.com/client.html" TARGET="_blank">Certificate Authority Services</a>) or a person or organization using certificate-issuing server software (such as Netscape Certificate Management System). See also <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1019940">certificate revocation list (CRL)</a>.<P>
+</A>
+<A NAME="certificate-based authentication"></A><A NAME="1018581">
+<B>certificate-based authentication.</B>&nbsp;
+</A><A NAME="1018582">
+Verification of identity based on certificates and public-key cryptography. See also <a href="glossary.htm#1014123">password-based authentication</a>.<P>
+</A>
+<A NAME="certificate chain"></A><A NAME="1018500">
+<B>certificate chain.</B>&nbsp;
+</A><A NAME="1019929">
+A hierarchical series of certificates signed by successive certificate authorities. A CA certificate identifies a <a href="glossary.htm#1020903">certificate authority (CA)</a> and is used to sign certificates issued by that authority. A CA certificate can in turn be signed by the CA certificate of a parent CA and so on up to a <a href="glossary.htm#1015631">root CA</a>. <P>
+</A>
+<A NAME="certificate fingerprint"></A><A NAME="1020297">
+<B>certificate fingerprint.</B>&nbsp;
+</A><A NAME="1020326">
+A unique number associated with a certificate. The number is not part of the certificate itself but is produced by applying a mathematical function to the contents of the certificate. If the contents of the certificate change, even by a single character, the function produces a different number. Certificate fingerprints can therefore be used to verify that certificates have not been tampered with.<P>
+</A>
+<A NAME="certificate renewal"></A><A NAME="1031319">
+<B>certificate renewal.</B>&nbsp;
+</A><A NAME="1031323">
+The process of renewing a <a href="glossary.htm#1018895">certificate</a> that is about to expire.<P>
+</A>
+<A NAME="certificate revocation list (CRL)"></A><A NAME="1019940">
+<B>certificate revocation list (CRL).</B>&nbsp;
+</A><A NAME="1021047">
+A list of revoked certificates that is generated and signed by a <a href="glossary.htm#1020903">certificate authority (CA)</a>. You can download the latest CRL to your browser or to a server, then check against it to make sure that certificates are still valid before permitting their use for authentication. <P>
+</A>
+<A NAME="certificate store"></A><A NAME="1023462">
+<B>certificate store.</B>&nbsp;
+</A><A NAME="1023463">
+The collection of certificates, or electronic IDs, maintained by Personal Security Manager on your behalf. These include your own certificates stored on one or more security devices, other people's certificates, web site certificates, and <a href="glossary.htm#1020903"></a>CA certificates. See also <a href="glossary.htm#1020903">certificate authority (CA)</a>, <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1028962">security device</a>.<P>
+</A>
+<A NAME="certificate verification"></A><A NAME="1025527">
+<B>certificate verification.</B>&nbsp;
+</A><A NAME="1025531">
+When Personal Security Manager verifies a certificate, it confirms that the digital signature was created by a CA whose own CA certificate is both present in the certificate store and marked as trusted for issuing that kind of certificate. It also confirms that the certificate being verified has not been marked as untrusted in the certificate store. Finally, if the <a href="glossary.htm#1029304">Online Certificate Status Protocol (OCSP)</a> has been activated (from the Options panel under the Advanced tab), Personal Security Manager also performs an on-line check. It does so by looking up the certificate in a list of valid certificates maintained at a URL that is specified either in the certificate itself or in the OCSP Settings window. If any of these checks fail, Personal Security Manager marks the certificate as unverified and won't recognize the identity it certifies.<P>
+</A>
+<A NAME="cipher"></A><A NAME="1021048">
+<B>cipher.</B>&nbsp;
+</A><A NAME="1021052">
+See <a href="glossary.htm#1019976">cryptographic algorithm</a>.<P>
+</A>
+<A NAME="client"></A><A NAME="1029510">
+<B>client.</B>&nbsp;
+</A><A NAME="1029547">
+Software (such as browser software) that sends requests to and receives information from a <a href="glossary.htm#1029749">server</a>, which is usually running on a different computer. A computer on which client software runs is also described as a client.<P>
+</A>
+<A NAME="client authentication"></A><A NAME="1021054">
+<B>client authentication.</B>&nbsp;
+</A><A NAME="1014557">
+The process of identifying a <a href="glossary.htm#1029510">client</a> to a <a href="glossary.htm#1029749">server</a>, for example with a name and password or with a <a href="glossary.htm#1014561">client SSL certificate</a> and some digitally signed data. See also <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>, <a href="glossary.htm#1031070">server authentication</a>.<P>
+</A>
+<A NAME="client SSL certificate"></A><A NAME="1014561">
+<B>client SSL certificate.</B>&nbsp;
+</A><A NAME="1014562">
+A certificate that a <a href="glossary.htm#1029510">client</a> (for example, browser software such as Netscape Communicator) presents to a <a href="glossary.htm#1029749">server</a> to authenticate the identity of the client (or the identity of the person using the client) using the <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a> protocol. See also <a href="glossary.htm#1021054">client authentication</a>.<P>
+</A>
+<A NAME="cryptographic algorithm"></A><A NAME="1019976">
+<B>cryptographic algorithm.</B>&nbsp;
+</A><A NAME="1019985">
+A set of rules or directions used to perform cryptographic operations such as <a href="glossary.htm#999078">encryption</a> and <a href="glossary.htm#998999">decryption</a>. Sometimes called a <I>cipher.</I><P>
+</A>
+<A NAME="cryptography"></A><A NAME="1026002">
+<B>cryptography.</B>&nbsp;
+</A><A NAME="1026018">
+The art and practice of scrambling (encrypting) and unscrambling (decrypting) information. For example, cryptographic techniques are used to scramble an unscramble information flowing between commercial web sites and your browser. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="decryption"></A><A NAME="998999">
+<B>decryption.</B>&nbsp;
+</A><A NAME="999005">
+The process of unscrambling data that has been encrypted. See also <a href="glossary.htm#999078">encryption</a>.<P>
+</A>
+<A NAME="digital ID"></A><A NAME="999011">
+<B>digital ID.</B>&nbsp;
+</A><A NAME="999017">
+See <a href="glossary.htm#1018895">certificate</a>.<P>
+</A>
+<A NAME="digital signature"></A><A NAME="1013995">
+<B>digital signature.</B>&nbsp;
+</A><A NAME="1013996">
+A code created from both the data to be signed and the private key of the signer. This code is unique for each new piece of data. Even a single comma added to a message changes the digital signature for that message. Successful validation of your digital signature by appropriate software not only provides evidence that you approved the transaction or message, but also provides evidence that the data has not changed since you digitally signed it. A digital signature has nothing to do with a handwritten signature, although it can sometimes be used for similar legal purposes. See also <a href="glossary.htm#999248">nonrepudiation</a>, <a href="glossary.htm#999618">tamper detection</a>.<P>
+</A>
+<A NAME="distinguished name (DN)"></A><A NAME="1022191">
+<B>distinguished name (DN).</B>&nbsp;
+</A><A NAME="1022194">
+A specially formatted name that uniquely identifies the subject of a certificate.<P>
+</A>
+<A NAME="dual key pairs"></A><A NAME="1020489">
+<B>dual key pairs.</B>&nbsp;
+</A><A NAME="1020619">
+Two public-private key pairs--four keys altogether--corresponding to two separate certificates. The private key of one pair is used for signing operations, and the public and private keys of the other pair are used for encryption and decryption operations. Each pair corresponds to a separate <a href="glossary.htm#1018895">certificate</a>. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="eavesdropping"></A><A NAME="1020620">
+<B>eavesdropping.</B>&nbsp;
+</A><A NAME="1013975">
+Surreptitious interception of information sent over a network by an entity for which the information is not intended.<P>
+</A>
+<A NAME="encryption"></A><A NAME="999078">
+<B>encryption.</B>&nbsp;
+</A><A NAME="1024038">
+The process of scrambling information in a way that disguises its meaning. For example, encrypted connections between computers make it very difficult for third-parties to unscramble, or <I>decrypt,</I> information flowing over the connection. Encrypted information can be decrypted only by someone who possesses the appropriate key. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="encryption certificate"></A><A NAME="1024953">
+<B>encryption certificate.</B>&nbsp;
+</A><A NAME="1024978">
+A certificate whose public key corresponds to a private key used for encryption only. Encryption certificates are not used for signing operations. See also <a href="glossary.htm#1020489">dual key pairs</a>, <a href="glossary.htm#999493">signing certificate</a>.<P>
+</A>
+<A NAME="encryption key"></A><A NAME="1021254">
+<B>encryption key.</B>&nbsp;
+</A><A NAME="1021255">
+A private key used for encryption only. An encryption key and its equivalent public key, plus a <a href="glossary.htm#1021282">signing key</a> and its equivalent public key, constitute a <a href="glossary.htm#1020489">dual key pairs</a>.<P>
+</A>
+<A NAME="fingerprint"></A><A NAME="1020434">
+<B>fingerprint.</B>&nbsp;
+</A><A NAME="1020450">
+See <a href="glossary.htm#1020297">certificate fingerprint</a>.<P>
+</A>
+<A NAME="FIPS PUBS 140-1"></A><A NAME="1025742">
+<B>FIPS PUBS 140-1.</B>&nbsp;
+</A><A NAME="1025743">
+Federal Information Processing Standards Publications (FIPS PUBS) 140-1 is a US government standard for implementations of cryptographic modules--that is, hardware or software that encrypts and decrypts data or performs other cryptographic operations (such as creating or verifying digital signatures). Many products sold to the US government must comply with one or more of the FIPS standards.<P>
+</A>
+<A NAME="key"></A><A NAME="999203">
+<B>key.</B>&nbsp;
+</A><A NAME="999212">
+A large number used by a <a href="glossary.htm#1019976">cryptographic algorithm</a> to encrypt or decrypt data. A person's public key, for example, allows other people to encrypt messages to that person. The encrypted messages must be decrypted with the corresponding private key. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="Lightweight Directory Access Protocol (LDAP)"></A><A NAME="1022286">
+<B>Lightweight Directory Access Protocol (LDAP).</B>&nbsp;
+</A><A NAME="1022287">
+A protocol for accessing directory services across multiple platforms. LDAP is a simplified version of Directory Access Protocol (DAP), used to access X.500 directories. <P>
+</A>
+<A NAME="misrepresentation"></A><A NAME="1014057">
+<B>misrepresentation.</B>&nbsp;
+</A><A NAME="1014058">
+Presentation of an entity as a person or organization that it is not. For example, a web site might pretend to be a furniture store when it is really just a site that takes credit card payments but never sends any goods. See also <a href="glossary.htm#1014366">spoofing</a>.<P>
+</A>
+<A NAME="Netscape Certificate Management System"></A><A NAME="1018306">
+<B>Netscape Certificate Management System.</B>&nbsp;
+</A><A NAME="1018308">
+A highly configurable set of software components and tools for creating, deploying, and managing certificates. You enroll with the system to obtain certificates of all kinds; the system maintains information about the certificates it issues.<P>
+</A>
+<A NAME="nonrepudiation"></A><A NAME="999248">
+<B>nonrepudiation.</B>&nbsp;
+</A><A NAME="999254">
+The inability, of the sender of a message, to deny having sent the message. A regular hand-written signature provides one form of nonrepudiation. A <a href="glossary.htm#1013995">digital signature</a> provides another.<P>
+</A>
+<A NAME="object signing"></A><A NAME="1014095">
+<B>object signing.</B>&nbsp;
+</A><A NAME="1014096">
+A technology that allows software developers to sign Java code, JavaScript scripts, or any kind of file, and that allows users to identify the signers and control access by signed code to local system resources.<P>
+</A>
+<A NAME="object-signing certificate"></A><A NAME="1014097">
+<B>object-signing certificate.</B>&nbsp;
+</A><A NAME="1014098">
+A certificate whose corresponding private key is used to sign objects such as code files. See also <a href="glossary.htm#1014095">object signing</a>.<P>
+</A>
+<A NAME="Online Certificate Status Protocol (OCSP)"></A><A NAME="1029304">
+<B>Online Certificate Status Protocol (OCSP).</B>&nbsp;
+</A><A NAME="1029312">
+A set of rules that Personal Security Manager follows to perform an online check of an email certificate's validity each time the certificate is used. This process involves checking the certificate against a list of valid certificates maintained at a specified web site. Your computer must be online for OCSP to work.<P>
+</A>
+<A NAME="password-based authentication"></A><A NAME="1014123">
+<B>password-based authentication.</B>&nbsp;
+</A><A NAME="1014124">
+Confident identification by means of a name and password. See also <a href="glossary.htm#998782">authentication</a>.<P>
+</A>
+<A NAME="personal security password"></A><A NAME="1024355">
+<B>personal security password.</B>&nbsp;
+</A><A NAME="1024372">
+A password used by Personal Security Manager to protect private keys stored on a <a href="glossary.htm#1028962">security device</a>. Personal Security Manager needs to access your private keys, for example, when you sign email messages or use one of your own certificates to identify yourself to a web site. You can set or change the password from the Certificates tab in Personal Security Manager. You can also control when you will be asked for the password: the first time Personal Security Manager starts up, every time one of your certificates is requested, or after a specified period of inactivity while you are visiting a site that supports encryption. Each security device requires a separate personal security password.<P>
+</A>
+<A NAME="PKCS #11"></A><A NAME="1025194">
+<B>PKCS #11.</B>&nbsp;
+</A><A NAME="1025195">
+The public-key cryptography standard that governs security devices such as smart cards. See also <a href="glossary.htm#1028962">security device</a>, <a href="glossary.htm#1027625">smart card</a>.<P>
+</A>
+<A NAME="PKCS #11 module"></A><A NAME="1025197">
+<B>PKCS #11 module.</B>&nbsp;
+</A><A NAME="1025271">
+A program on your computer that manages cryptographic services such as encryption and decryption using the PKCS #11 standard. PKCS #11 modules (also called <I>cryptographic modules</I>, <I>cryptographic service providers,</I> or <I>security modules</I>) can be thought of as drivers for cryptographic devices that can be implemented in either hardware or software. A PKCS #11 module always controls one or more slots<B>,</B> which may be implemented as physical hardware slots in some form of physical reader (for example, for smart cards) or as conceptual slots in software. Each slot for a PKCS #11 module can in turn contain a <a href="glossary.htm#1028962">security device</a> (also called <I>token</I>)<B>,</B> which is the hardware or software device that actually provides cryptographic services and optionally stores certificates and keys. Personal Security Manager provides a built-in PKCS #11 module. You may install additional modules on your computer to control smart card readers or other hardware devices.<P>
+</A>
+<A NAME="portable security password"></A><A NAME="1024655">
+<B>portable security password.</B>&nbsp;
+</A><A NAME="1024670">
+A password that protects a certificate that you are backing up or have previously backed up. Personal Security Manager asks you to set this password when you back up a certificate, and requests it when you attempt to restore a certificate that has previously been backed up. <P>
+</A>
+<A NAME="private key"></A><A NAME="1015387">
+<B>private key.</B>&nbsp;
+</A><A NAME="1015391">
+One of a pair of keys used in public-key cryptography. The private key is kept secret and is used to decrypt data that has been encrypted with the corresponding public key.<P>
+</A>
+<A NAME="PSM Private Keys security device"></A><A NAME="1032045">
+<B>PSM Private Keys security device.</B>&nbsp;
+</A><A NAME="1032110">
+The default <a href="glossary.htm#1028962">security device</a> used by Personal Security Manager to store certificates and private keys.<P>
+</A>
+<A NAME="public key"></A><A NAME="1019172">
+<B>public key.</B>&nbsp;
+</A><A NAME="1019173">
+One of a pair of keys used in public-key cryptography. The public key is distributed freely and published as part of a <a href="glossary.htm#1018895">certificate</a>. It is typically used to encrypt data sent to the public key's owner, who then decrypts the data with the corresponding private key.<P>
+</A>
+<A NAME="public-key cryptography"></A><A NAME="1019178">
+<B>public-key cryptography.</B>&nbsp;
+</A><A NAME="1023765">
+A set of well-established techniques and standards that allow an entity (such as a person, an organization, or hardware such as a router) to verify its identity electronically or to sign and encrypt electronic data. Two keys are involved: a <a href="glossary.htm#1019172">public key</a> and a <a href="glossary.htm#1015387">private key</a>. The public key is published as part of a <a href="glossary.htm#1018895">certificate</a>, which associates that key with a particular identity. The corresponding private key is kept secret. Data encrypted with the public key can be decrypted only with the private key. <P>
+</A>
+<A NAME="public-key infrastructure (PKI)"></A><A NAME="999412">
+<B>public-key infrastructure (PKI).</B>&nbsp;
+</A><A NAME="1014263">
+The standards and services that facilitate the use of public-key cryptography and certificates in a networked environment.<P>
+</A>
+<A NAME="root CA"></A><A NAME="1015631">
+<B>root CA.</B>&nbsp;
+</A><A NAME="1015635">
+The <a href="glossary.htm#1020903">certificate authority (CA)</a> with a self-signed certificate at the top of a <a href="glossary.htm#1018500">certificate chain</a>. See also <a href="glossary.htm#999541">subordinate CA</a>.<P>
+</A>
+<A NAME="Secure Sockets Layer (SSL)"></A><A NAME="999463">
+<B>Secure Sockets Layer (SSL).</B>&nbsp;
+</A><A NAME="999472">
+A protocol that allows mutual authentication between a <a href="glossary.htm#1029510">client</a> and a <a href="glossary.htm#1029749">server</a> for the purpose of establishing an authenticated and encrypted connection. SSL runs above TCP/IP and below HTTP, LDAP, IMAP, NNTP, and other high-level network protocols. The new Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL. See also <a href="glossary.htm#998782">authentication</a>, <a href="glossary.htm#999078">encryption</a>.<P>
+</A>
+<A NAME="security certificate"></A><A NAME="1028900">
+<B>security certificate.</B>&nbsp;
+</A><A NAME="1028904">
+See <a href="glossary.htm#1018895">certificate</a>.<P>
+</A>
+<A NAME="security device"></A><A NAME="1028962">
+<B>security device.</B>&nbsp;
+</A><A NAME="1028963">
+A hardware or software device that provides cryptographic services such as encryption and decryption and can store certificates and keys. A smart card is one example of a hardware security device. Personal Security Manager contains its own internal security device, called the <a href="glossary.htm#1032045">PSM Private Keys security device</a>, that is implemented in software. Each security device is protected by its own <a href="glossary.htm#1024355">personal security password</a>.<P>
+</A>
+<A NAME="security module"></A><A NAME="1029083">
+<B>security module.</B>&nbsp;
+</A><A NAME="1029097">
+See <a href="glossary.htm#1025197">PKCS #11 module</a>.<P>
+</A>
+<A NAME="security token"></A><A NAME="1028905">
+<B>security token.</B>&nbsp;
+</A><A NAME="1028909">
+See <a href="glossary.htm#1028962">security device</a>.<P>
+</A>
+<A NAME="server"></A><A NAME="1029749">
+<B>server.</B>&nbsp;
+</A><A NAME="1029869">
+Software (such as software that serves up web pages) that receives requests from and sends information to a <a href="glossary.htm#1029510">client</a>, which is usually running on a different computer. A computer on which server software runs is also described as a server.<P>
+</A>
+<A NAME="server authentication"></A><A NAME="1031070">
+<B>server authentication.</B>&nbsp;
+</A><A NAME="1031080">
+The process of identifying a <a href="glossary.htm#1029749">server</a> to a <a href="glossary.htm#1029510">client</a> by using a <a href="glossary.htm#1029874">server SSL certificate</a>. See also <a href="glossary.htm#1021054">client authentication</a>, <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>.<P>
+</A>
+<A NAME="server SSL certificate"></A><A NAME="1029874">
+<B>server SSL certificate.</B>&nbsp;
+</A><A NAME="999500">
+A certificate that a <a href="glossary.htm#1029749">server</a> presents to a <a href="glossary.htm#1029510">client</a> to authenticate the server's identity using the <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a> protocol.<P>
+</A>
+<A NAME="signing certificate"></A><A NAME="999493">
+<B>signing certificate.</B>&nbsp;
+</A><A NAME="999507">
+A certificate whose corresponding <a href="glossary.htm#1015387">private key</a> is used to sign transmitted data, so that the receiver can verify the identity of the sender. Certificate authorities (CAs) often issue a signing certificate that will be used to sign email messages at the same time as an <a href="glossary.htm#1024953">encryption certificate</a> that will be used to encrypt email messages. See also <a href="glossary.htm#1020489">dual key pairs</a>, <a href="glossary.htm#1013995">digital signature</a>.<P>
+</A>
+<A NAME="signing key"></A><A NAME="1021282">
+<B>signing key.</B>&nbsp;
+</A><A NAME="1021283">
+A private key used for signing only. A signing key and its equivalent public key, together with an <a href="glossary.htm#1021254">encryption key</a> and its equivalent public key, constitute <a href="glossary.htm#1020489">dual key pairs</a>.<P>
+</A>
+<A NAME="slot"></A><A NAME="1025218">
+<B>slot.</B>&nbsp;
+</A><A NAME="1025222">
+A piece of hardware, or its equivalent in software, that is controlled by a <a href="glossary.htm#1025197">PKCS #11 module</a> and designed to contain a <a href="glossary.htm#1028962">security device</a>. <P>
+</A>
+<A NAME="smart card"></A><A NAME="1027625">
+<B>smart card.</B>&nbsp;
+</A><A NAME="1027626">
+A small device, typically about the size of a credit card, that contains a microprocessor and is capable of storing cryptographic information (such as keys and certificates) and performing cryptographic operations. Smart cards use the <a href="glossary.htm#1025194">PKCS #11</a> standard. A smart card is one kind of <a href="glossary.htm#1028962">security device</a>. <P>
+</A>
+<A NAME="spoofing"></A><A NAME="1014366">
+<B>spoofing.</B>&nbsp;
+</A><A NAME="1014367">
+Pretending to be someone else. For example, a person can pretend to have the email address <FONT FACE="courier, courier new, monospace">jdoe@mozilla.com</FONT>, or a computer can identify itself as a site called <FONT FACE="courier, courier new, monospace">www.mozilla.com</FONT> when it is not. Spoofing is one form of <a href="glossary.htm#1014057">misrepresentation</a>.<P>
+</A>
+<A NAME="SSL"></A><A NAME="999533">
+<B>SSL.</B>&nbsp;
+</A><A NAME="999539">
+See <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>. <P>
+</A>
+<A NAME="subject"></A><A NAME="1013880">
+<B>subject.</B>&nbsp;
+</A><A NAME="1013881">
+The entity (such as a person, organization, or router) identified by a <a href="glossary.htm#1018895">certificate</a>. In particular, the subject field of a certificate contains the certified entity's <a href="glossary.htm#1021328">subject name</a> and other characteristics.<P>
+</A>
+<A NAME="subject name"></A><A NAME="1021328">
+<B>subject name.</B>&nbsp;
+</A><A NAME="1021338">
+A <a href="glossary.htm#1022191">distinguished name (DN)</a> that uniquely describes the <a href="glossary.htm#1013880">subject</a> of a <a href="glossary.htm#1018895">certificate</a>.<P>
+</A>
+<A NAME="subordinate CA"></A><A NAME="999541">
+<B>subordinate CA.</B>&nbsp;
+</A><A NAME="999591">
+A <a href="glossary.htm#1020903">certificate authority (CA)</a> whose certificate is signed by another subordinate CA or by the root CA. See also <a href="glossary.htm#1018500">certificate chain</a>, <a href="glossary.htm#1015631">root CA</a>.<P>
+</A>
+<A NAME="symmetric encryption"></A><A NAME="999604">
+<B>symmetric encryption.</B>&nbsp;
+</A><A NAME="999625">
+An encryption method that uses a single cryptographic key to both encrypt and decrypt a given message.<P>
+</A>
+<A NAME="tamper detection"></A><A NAME="999618">
+<B>tamper detection.</B>&nbsp;
+</A><A NAME="999631">
+A mechanism ensuring that data received in electronic form has not been tampered with; that is, that the data received corresponds entirely with the original version of the same data.<P>
+</A>
+<A NAME="TLS"></A><A NAME="1027427">
+<B>TLS.</B>&nbsp;
+</A><A NAME="1027428">
+See <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>.<P>
+</A>
+<A NAME="token"></A><A NAME="1024528">
+<B>token.</B>&nbsp;
+</A><A NAME="1024586">
+See <a href="glossary.htm#1028962">security device</a>.<P>
+</A>
+<A NAME="trust"></A><A NAME="1019748">
+<B>trust.</B>&nbsp;
+</A><A NAME="1020186">
+Confident reliance on a person or other entity. In the context of <a href="glossary.htm#999412">public-key infrastructure (PKI)</a>, trust usually refers to the relationship between the user of a certificate and the <a href="glossary.htm#1020903">certificate authority (CA)</a> that issued the certificate. If you use Personal Security Manager to specify that you trust a CA, Personal Security Manager trusts valid certificates issued by that CA unless you specify otherwise in the settings for individual certificates. You use the Authorities panel of the Certificates tab in Personal Security Manager to specify the kinds of certificates you trust or don't trust different CAs to issue. <P>
+</A>
+<A NAME="1028719">
+<B></B><a href="glossary.htm#1028962"></a><P>
+</A>
+</dl>
+
+
+<BR>
+
+&copy; Copyright 2000 Netscape Communications Corporation
+</FONT> </CENTER>
+
+<BR>
+
+</BODY>
+
+</HTML>

mozilla/security/psm/doc/psmtest.html

@@ -0,0 +1,29 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<head>
+  <title>Personal Security Manager Detection Page</title>
+  <script language=javascript>
+
+    function init_title()
+    {
+      with(window.frames.the_frame) {
+        document.write('<BODY><H1>Personal Security Manager Detection Page</H1><P><P>');
+        if (typeof(crypto.version) == "undefined") {
+          document.write('<FONT color="#ff0000">Personal Security Manager not loaded</FONT>');
+        } else {
+          document.write('<FONT color="#007700">Personal Security Manager&nbsp;Running&nbsp;(version ', crypto.version); 
+          document.write(')</FONT>'); 
+        }
+        document.write('</BODY>');
+        document.close();
+      }
+    }
+  
+
+
+</script>
+</head>
+
+<frameset rows="*,1" border=0 onload="init_title()">
+  <frame src="about:blank" name="the_frame">
+  <frame src="about:blank">
+</frameset>

mozilla/security/psm/lib/Makefile.in

@@ -0,0 +1,32 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= protocol client
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/security/psm/lib/client/MANIFEST

@@ -0,0 +1,3 @@
+cmtclist.h
+cmtcmn.h
+cmtjs.h

mozilla/security/psm/lib/client/Makefile.in

@@ -1,4 +1,4 @@
-# -*- Mode: perl; indent-tabs-mode: nil -*-
+#! gmake
 # 
 # The contents of this file are subject to the Mozilla Public
 # License Version 1.1 (the "License"); you may not use this file
@@ -10,14 +10,14 @@
 # implied. See the License for the specific language governing
 # rights and limitations under the License.
 # 
-# The Original Code are the Bugzilla Tests.
+# The Original Code is the Netscape security libraries.
 # 
-# The Initial Developer of the Original Code is Zach Lipton
-# Portions created by Zach Lipton are 
-# Copyright (C) 2001 Zach Lipton.  All
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 # Rights Reserved.
 # 
-# Contributor(s): Zach Lipton <zach@zachlipton.com>
+# Contributor(s):
 # 
 # Alternatively, the contents of this file may be used under the
 # terms of the GNU General Public License Version 2 or later (the
@@ -32,36 +32,39 @@
 # GPL.
 # 
 
-package Support::Files;
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
 
-@additional_files = ('syncshadowdb','processmail');
-@exclude_files    = ('importxml.pl');
+include $(DEPTH)/config/autoconf.mk
 
-$file = '*';
-@files = glob($file);
+LIBRARY_NAME	= cmt
 
-sub isTestingFile {
-  my ($file) = @_;
-  my $exclude;
-  foreach $exclude (@exclude_files) {
-        if ($file eq $exclude) { return undef; } # get rid of excluded files.
-  }
+EXPORTS = \
+	cmtcmn.h \
+	cmtjs.h  \
+	cmtclist.h \
+	$(NULL)
 
-  if ($file =~ /\.cgi$|\.pl$|\.pm$/) {
-    return 1;
-  }
-  my $additional;
-  foreach $additional (@additional_files) {
-    if ($file eq $additional) { return 1; }
-  }
-  return undef;
-}
+MODULE = security
 
-foreach $currentfile (@files) {
-        if (isTestingFile($currentfile)) {
-                push(@testitems,$currentfile);
-        }
-}
+CSRCS = cmtinit.c  \
+	cmtssl.c   \
+	cmtutils.c \
+	cmtcert.c  \
+	cmthash.c  \
+	cmtpkcs7.c \
+	cmtres.c   \
+	cmtjs.c    \
+	cmtevent.c \
+        cmtpasswd.c \
+	cmtadvisor.c \
+	cmtrng.c \
+	cmtsdr.c \
+	$(NULL)
 
+EXTRA_DSO_LDOPTS	+= -L$(DIST)/bin -lprotocol
+
+include $(topsrcdir)/config/rules.mk
 
-1;

mozilla/security/psm/lib/client/cmtadvisor.c

@@ -0,0 +1,100 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "obscure.h"
+#include "messages.h"
+#ifdef XP_MAC
+#include "cmtmac.h"
+#endif
+
+CMTStatus CMT_SecurityAdvisor(PCMT_CONTROL control, CMTSecurityAdvisorData* data, CMUint32 *resID)
+{
+    CMTItem message = {0, NULL, 0};
+    SecurityAdvisorRequest request;
+    SingleNumMessage reply;
+
+    if (!control) {
+        return CMTFailure;
+    }
+
+    if (!data) {
+        return CMTFailure;
+    }
+
+    request.infoContext = data->infoContext;
+    request.resID = data->resID;
+    request.hostname = data->hostname;
+	request.senderAddr = data->senderAddr;
+	request.encryptedP7CInfo = data->encryptedP7CInfo;
+	request.signedP7CInfo = data->signedP7CInfo;
+	request.decodeError = data->decodeError;
+	request.verifyError = data->verifyError;
+	request.encryptthis = data->encryptthis;
+	request.signthis = data->signthis;
+	request.numRecipients = data->numRecipients;
+	request.recipients = data->recipients;
+    message.type = SSM_REQUEST_MESSAGE | SSM_SECURITY_ADVISOR;
+
+    if (CMT_EncodeMessage(SecurityAdvisorRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Send the message and get the response */
+	if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+	}
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_SECURITY_ADVISOR)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *resID = reply.value;
+
+    return CMTSuccess;
+loser:
+
+    if (message.data) {
+        free(message.data);
+    }
+    return CMTFailure;
+}
+
+
+
+

mozilla/security/psm/lib/client/cmtclist.h

@@ -0,0 +1,111 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef cmtclist_h___
+#define cmtclist_h___
+
+typedef struct CMTCListStr CMTCList;
+/*
+** Circular linked list
+*/
+struct CMTCListStr {
+    CMTCList	*next;
+    CMTCList	*prev;
+};
+
+/*
+** Insert element "_e" into the list, before "_l".
+*/
+#define CMT_INSERT_BEFORE(_e,_l)	 \
+	(_e)->next = (_l);	 \
+	(_e)->prev = (_l)->prev; \
+	(_l)->prev->next = (_e); \
+	(_l)->prev = (_e);	 \
+
+/*
+** Insert element "_e" into the list, after "_l".
+*/
+#define CMT_INSERT_AFTER(_e,_l)	 \
+	(_e)->next = (_l)->next; \
+	(_e)->prev = (_l);	 \
+	(_l)->next->prev = (_e); \
+	(_l)->next = (_e);	 \
+
+/*
+** Append an element "_e" to the end of the list "_l"
+*/
+#define CMT_APPEND_LINK(_e,_l) CMT_INSERT_BEFORE(_e,_l)
+
+/*
+** Insert an element "_e" at the head of the list "_l"
+*/
+#define CMT_INSERT_LINK(_e,_l) CMT_INSERT_AFTER(_e,_l)
+
+/* Return the head/tail of the list */
+#define CMT_LIST_HEAD(_l) (_l)->next
+#define CMT_LIST_TAIL(_l) (_l)->prev
+
+/*
+** Remove the element "_e" from it's circular list.
+*/
+#define CMT_REMOVE_LINK(_e)	       \
+	(_e)->prev->next = (_e)->next; \
+	(_e)->next->prev = (_e)->prev; \
+
+/*
+** Remove the element "_e" from it's circular list. Also initializes the
+** linkage.
+*/
+#define CMT_REMOVE_AND_INIT_LINK(_e)    \
+	(_e)->prev->next = (_e)->next; \
+	(_e)->next->prev = (_e)->prev; \
+	(_e)->next = (_e);	       \
+	(_e)->prev = (_e);	       \
+
+/*
+** Return non-zero if the given circular list "_l" is empty, zero if the
+** circular list is not empty
+*/
+#define CMT_CLIST_IS_EMPTY(_l) \
+    ((_l)->next == (_l))
+
+/*
+** Initialize a circular list
+*/
+#define CMT_INIT_CLIST(_l)  \
+	(_l)->next = (_l); \
+	(_l)->prev = (_l); \
+
+#define CMT_INIT_STATIC_CLIST(_l) \
+    {(_l), (_l)}
+
+#endif /* cmtclist_h___ */

mozilla/security/psm/lib/client/cmtevent.c

@@ -0,0 +1,480 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include <string.h>
+#ifdef XP_UNIX
+#include <sys/time.h>
+#endif
+
+/* Typedefs */
+typedef void (*taskcompleted_handler_fn)(CMUint32 resourceID, CMUint32 numReqProcessed, CMUint32 resultCode, void* data);
+
+CMTStatus CMT_SetUIHandlerCallback(PCMT_CONTROL control, 
+                                   uiHandlerCallback_fn f, void *data)
+{
+    return CMT_RegisterEventHandler(control, SSM_UI_EVENT, 0,
+                                    (void_fun)f, data);
+}
+
+void CMT_SetFilePathPromptCallback(PCMT_CONTROL control,
+                                   filePathPromptCallback_fn f, void* arg)
+{
+    control->userFuncs.promptFilePath = f;
+    control->userFuncs.filePromptArg  = arg;
+}
+
+void CMT_SetPromptCallback(PCMT_CONTROL control, 
+                           promptCallback_fn f, void *arg)
+{
+    control->userFuncs.promptCallback = f;
+    control->userFuncs.promptArg      = arg;
+}
+
+void CMT_SetSavePrefsCallback(PCMT_CONTROL control, savePrefsCallback_fn f)
+{
+    control->userFuncs.savePrefs = f;
+}
+
+CMTStatus CMT_RegisterEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                                   CMUint32 resourceID, void_fun handler, 
+                                   void* data)
+{
+    PCMT_EVENT ptr;
+
+    /* This is the first connection */
+    if (control->cmtEventHandlers == NULL) {
+        control->cmtEventHandlers = ptr = 
+            (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+        if (!ptr) {
+            goto loser;
+        }
+    } else {
+        /* Look for another event handler of the same type.  Make sure the
+           event handler with a rsrcid of 0 is farther down the list so
+	   that it doesn't get chosen when there's an event handler for
+	   a specific rsrcid.
+	 */
+	for (ptr=control->cmtEventHandlers; ptr != NULL; ptr = ptr->next) {
+            if (ptr->type == type && resourceID != 0) {
+                /* So we've got an event handler that wants to over-ride
+                   an existing event handler.  We'll put it before the one
+                   that's already here.
+                 */
+                if (ptr->previous == NULL) {
+                    /* We're going to insert at the front of the list*/
+                    control->cmtEventHandlers = ptr->previous = 
+                        (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+                    if (ptr->previous == NULL) {
+                        goto loser;
+		    }
+		    ptr->previous->next = ptr;
+		    ptr = control->cmtEventHandlers;
+		} else {
+		    /* We want to insert in the middle of the list */
+		    PCMT_EVENT tmpEvent;
+		    
+		    tmpEvent = (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+		    if (tmpEvent == NULL) {
+		        goto loser;
+		    }
+		    tmpEvent->previous  = ptr->previous;
+		    ptr->previous->next = tmpEvent;
+		    tmpEvent->next      = ptr;
+		    ptr->previous       = tmpEvent;
+		    ptr = tmpEvent;
+		}
+		break;
+	    }
+	    if (ptr->next == NULL) break;
+	}
+	if (ptr == NULL) {
+	    goto loser;	
+	}
+	if (ptr->next == NULL) {
+	    /* We're adding the event handler at the end of the list. */
+	    ptr->next = (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+	    if (!ptr->next) {
+	        goto loser;
+	    } 
+	    /* Fix up the pointers */
+	    ptr->next->previous = ptr;
+	    ptr = ptr->next;
+	}
+    }
+
+    /* Fill in the data */
+    ptr->type = type;
+    ptr->resourceID = resourceID;
+    ptr->handler = handler;
+    ptr->data = data;
+    
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_UnregisterEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                                     CMUint32 resourceID) 
+{
+    PCMT_EVENT ptr, pptr = NULL;
+    
+    for (ptr = control->cmtEventHandlers; ptr != NULL;
+	 pptr = ptr, ptr = ptr->next) {
+        if ((ptr->type == type) && (ptr->resourceID == resourceID)) {
+	    if (pptr == NULL) {
+	        /* node is at head */
+	        control->cmtEventHandlers = ptr->next;
+            if (control->cmtEventHandlers != NULL) {
+                control->cmtEventHandlers->previous = NULL;
+            }
+            free(ptr);
+            return CMTSuccess;
+	    }
+	    /* node is elsewhere */
+	    pptr->next = ptr->next;
+        if (ptr->next != NULL) {
+            ptr->next->previous = pptr;
+        }
+	    free(ptr);
+	    return CMTSuccess;
+        }
+    }
+    return CMTFailure;
+}
+
+PCMT_EVENT CMT_GetEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                               CMUint32 resourceID)
+{
+    PCMT_EVENT ptr;
+    
+    for (ptr = control->cmtEventHandlers; ptr != NULL; ptr = ptr->next) {
+        if ((ptr->type == type) && ((ptr->resourceID == resourceID) || 
+                                    !ptr->resourceID)) {
+            return ptr;
+        }
+    }
+    return NULL;
+}
+
+PCMT_EVENT CMT_GetFirstEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                                    CMUint32 resourceID)
+{
+    PCMT_EVENT ptr;
+
+    for (ptr = control->cmtEventHandlers; ptr != NULL; ptr = ptr->next) {
+        if ((ptr->type == type) && ((ptr->resourceID == resourceID) || 
+                                    !ptr->resourceID)) {
+            return ptr;
+        }
+    }
+    return NULL;
+}
+
+PCMT_EVENT CMT_GetNextEventHandler(PCMT_CONTROL control, PCMT_EVENT e)
+{
+    PCMT_EVENT ptr;
+
+    for (ptr = control->cmtEventHandlers; ptr != NULL || ptr == e; 
+         ptr = ptr->next) {
+    }
+
+    for (; ptr != NULL; ptr = ptr->next) {
+        if ((ptr->type == e->type) && ((ptr->resourceID == e->resourceID) || 
+                                       !ptr->resourceID)) {
+            return ptr;
+        }
+    }
+    return NULL;
+}
+
+void CMT_ProcessEvent(PCMT_CONTROL cm_control)
+{
+    CMTSocket sock; 
+    CMTItem eventData={ 0, NULL, 0 };
+
+    /* Get the control socket */
+    sock = cm_control->sock;
+
+    /* Acquire a lock on the control connection */
+    CMT_LOCK(cm_control->mutex);
+    /* Do another select here to be sure 
+       that the socket is readable */
+    if (cm_control->sockFuncs.select(&sock, 1, 1) != sock) {
+        /* There's no event. */
+        goto done;
+    }
+
+    /* Read the event */
+    if (CMT_ReceiveMessage(cm_control, &eventData) == CMTFailure) {
+        goto done;
+    }
+    CMT_UNLOCK(cm_control->mutex);
+    /* Dispatch the event */
+    CMT_DispatchEvent(cm_control, &eventData);
+    return;
+done:
+    /* Release the lock on the control connection */
+    CMT_UNLOCK(cm_control->mutex);
+}
+
+void CMT_EventLoop(PCMT_CONTROL cm_control)
+{
+    CMTSocket sock;
+
+    /* Get the control socket */
+    sock = cm_control->sock;
+    CMT_ReferenceControlConnection(cm_control);
+    /* Select on the control socket to see if it's readable */
+    while(cm_control->sockFuncs.select(&sock, 1, 0)) {
+      CMT_ProcessEvent(cm_control);
+    }
+    CMT_CloseControlConnection(cm_control);
+    return;
+}
+
+void
+CMT_PromptUser(PCMT_CONTROL cm_control, CMTItem *eventData)
+{
+    char *promptReply  = NULL;
+    CMTItem   response={ 0, NULL, 0 };
+    PromptRequest request;
+    PromptReply reply;
+    void * clientContext;
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(PromptRequestTemplate, &request, eventData) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Copy the client context to a pointer */
+    clientContext = CMT_CopyItemToPtr(request.clientContext);
+
+    if (cm_control->userFuncs.promptCallback == NULL) {
+        goto loser;
+    }
+    promptReply = 
+        cm_control->userFuncs.promptCallback(cm_control->userFuncs.promptArg, 
+                                             request.prompt, clientContext, 1);
+
+    response.type = SSM_EVENT_MESSAGE | SSM_PROMPT_EVENT;
+    if (!promptReply) {
+        /* the user canceled the prompt or other errors occurred */
+        reply.cancel = CM_TRUE;
+    }
+    else {
+        /* note that this includes an empty string (zero length) password */
+        reply.cancel = CM_FALSE;
+    }
+    reply.resID = request.resID;
+    reply.promptReply = promptReply;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(PromptReplyTemplate, &response, &reply) != CMTSuccess) {
+        goto loser;
+    }
+
+    CMT_TransmitMessage(cm_control, &response);
+ loser:
+    if (promptReply != NULL) {
+      cm_control->userFuncs.userFree(promptReply);
+    }
+    return;
+}
+
+void CMT_GetFilePath(PCMT_CONTROL cm_control, CMTItem * eventData)
+{
+    char *fileName=NULL;
+    CMTItem response = { 0, NULL, 0 };
+    FilePathRequest request;
+    FilePathReply reply;
+
+    /* Decode the request */
+    if (CMT_DecodeMessage(FilePathRequestTemplate, &request, eventData) != CMTSuccess) {
+        goto loser;
+    }
+
+    if (cm_control->userFuncs.promptFilePath == NULL) {
+        goto loser;
+    }
+    fileName = 
+     cm_control->userFuncs.promptFilePath(cm_control->userFuncs.filePromptArg,
+                                          request.prompt, request.fileRegEx, 
+                                          request.getExistingFile);
+
+    response.type = SSM_EVENT_MESSAGE | SSM_FILE_PATH_EVENT;
+    reply.resID = request.resID;
+    reply.filePath = fileName;
+
+    /* Encode the reply */
+    if (CMT_EncodeMessage(FilePathReplyTemplate, &response, &reply) != CMTSuccess) {
+        goto loser;
+    }
+
+    CMT_TransmitMessage(cm_control, &response);
+    cm_control->userFuncs.userFree(fileName); 
+loser:
+   return;
+}
+
+void CMT_SavePrefs(PCMT_CONTROL cm_control, CMTItem* eventData)
+{
+    SetPrefListMessage request;
+    int i;
+
+    /* decode the request */
+    if (CMT_DecodeMessage(SetPrefListMessageTemplate, &request, eventData) !=
+        CMTSuccess) {
+        return;
+    }
+
+    if (cm_control->userFuncs.savePrefs == NULL) {
+        /* callback was not registered: bail */
+        return;
+    }
+    cm_control->userFuncs.savePrefs(request.length, 
+                                    (CMTSetPrefElement*)request.list);
+
+    for (i = 0; i < request.length; i++) {
+        if (request.list[i].key != NULL) {
+            free(request.list[i].key);
+        }
+        if (request.list[i].value != NULL) {
+            free(request.list[i].value);
+        }
+    }
+    return;
+}
+
+void CMT_DispatchEvent(PCMT_CONTROL cm_control, CMTItem * eventData)
+{
+    CMUint32 eventType;
+    CMTItem msgCopy;
+
+    /* Init the msgCopy */
+    msgCopy.data = 0;    
+
+    /* Get the event type */
+    if ((eventData->type & SSM_CATEGORY_MASK) != SSM_EVENT_MESSAGE) {
+        /* Somehow there was a message on the socket that was not 
+         * an event message.  Dropping it on the floor.
+         */
+        goto loser;
+    }
+    eventType = (eventData->type & SSM_TYPE_MASK);
+
+    /* We must now dispatch the event based on it's type */
+    switch (eventType) {
+        case SSM_UI_EVENT:
+        {
+            PCMT_EVENT p;
+            UIEvent event;
+            void * clientContext = NULL;
+
+	    /* Copy the message to allow a second try with the old format */
+	    msgCopy.len = eventData->len;
+	    msgCopy.data = calloc(msgCopy.len, 1);
+	    if (msgCopy.data) {
+              memcpy(msgCopy.data, eventData->data, eventData->len);
+	    }
+
+            /* Get the event data first */
+            if (CMT_DecodeMessage(UIEventTemplate, &event, eventData) != CMTSuccess) {
+		/* Attempt to decode using the old format.  Modal is True */
+		if (!msgCopy.data || 
+		    CMT_DecodeMessage(OldUIEventTemplate, &event, &msgCopy) != CMTSuccess) {
+                  goto loser;
+                }
+
+                /* Set default modal value */
+                event.isModal = CM_TRUE;
+            }
+
+            /* Convert the client context to a pointer */
+            clientContext = CMT_CopyItemToPtr(event.clientContext);
+
+            /* Call any handlers for this event */
+            p = CMT_GetEventHandler(cm_control, eventType, event.resourceID);
+            if (!p) {
+                goto loser;
+            }
+            (*(uiHandlerCallback_fn)(p->handler))(event.resourceID, 
+                                                  clientContext, event.width,
+                                                  event.height, event.isModal, event.url, 
+                                                  p->data);
+            break;
+        }
+
+        case SSM_TASK_COMPLETED_EVENT:
+        {
+           PCMT_EVENT p;
+           TaskCompletedEvent event;
+
+            /* Get the event data */
+            if (CMT_DecodeMessage(TaskCompletedEventTemplate, &event, eventData) != CMTSuccess) {
+                goto loser;
+            }
+
+            /* Call handler for this event */
+            p = CMT_GetEventHandler(cm_control, eventType, event.resourceID);
+            if (!p) {
+                goto loser;
+            }
+            (*(taskcompleted_handler_fn)(p->handler))(event.resourceID, 
+                                                      event.numTasks, 
+                                                      event.result, p->data);
+            break;
+        }
+        case SSM_AUTH_EVENT: 
+             CMT_ServicePasswordRequest(cm_control, eventData);
+             break;
+        case SSM_FILE_PATH_EVENT:
+    	     CMT_GetFilePath(cm_control, eventData);
+             break;
+        case SSM_PROMPT_EVENT:
+	         CMT_PromptUser(cm_control, eventData);
+	         break;
+        case SSM_SAVE_PREF_EVENT:
+            CMT_SavePrefs(cm_control, eventData);
+            break;
+        default:
+            break;
+    }
+loser:
+    free(eventData->data);
+    free(msgCopy.data);
+    return;
+}
+

mozilla/security/psm/lib/client/cmthash.c

@@ -0,0 +1,216 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifdef XP_UNIX
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#include "string.h"
+#else
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+
+CMTStatus CMT_HashCreate(PCMT_CONTROL control, CMUint32 algID, 
+                         CMUint32 * connID)
+{
+    CMTItem message;
+    SingleNumMessage request;
+    DataConnectionReply reply;
+
+    /* Check passed in parameters */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.value = algID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_HASH_STREAM;
+
+    /* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the response */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_HASH_STREAM)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        CMTSocket sock;
+
+        sock = control->sockFuncs.socket(0);
+        if(sock == NULL) {
+            goto loser;
+        }
+        
+        if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+        }
+        /* Send the hello message */
+		control->sockFuncs.send(sock, control->nonce.data, control->nonce.len);
+
+        /* Save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID)
+		    != CMTSuccess) {
+            goto loser;
+        }
+
+        /* Set the connection ID */
+        *connID = reply.connID;
+        return CMTSuccess;
+	} 
+loser:
+    *connID = 0;
+	return CMTFailure;
+}
+
+CMTStatus CMT_HASH_Destroy(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    if (!control) {
+        goto loser;
+    }
+
+    /* Get the cotext implementation data */
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+
+    return CMTFailure;
+}
+
+CMTStatus CMT_HASH_Begin(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    return CMTSuccess;
+}
+
+CMTStatus CMT_HASH_Update(PCMT_CONTROL control, CMUint32 connectionID, const unsigned char * buf, CMUint32 len)
+{
+    CMTSocket sock;
+    CMUint32 sent;
+
+    /* Do some parameter checking */
+    if (!control || !buf) {
+        goto loser;
+    }
+
+    /* Get the data socket */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Write the data to the socket */
+    sent = CMT_WriteThisMany(control, sock, (void*)buf, len);
+    if (sent != len) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+
+    return CMTFailure;
+}
+
+CMTStatus CMT_HASH_End(PCMT_CONTROL control, CMUint32 connectionID, 
+                       unsigned char * result, CMUint32 * resultlen, 
+                       CMUint32 maxLen)
+{
+    CMTItem hash = { 0, NULL, 0 };
+
+    /* Do some parameter checking */
+    if (!control || !result || !resultlen) {
+        goto loser;
+    }
+
+    /* Close the connection */
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Get the context info */
+    if (CMT_GetStringAttribute(control, connectionID, SSM_FID_HASHCONN_RESULT,
+                               &hash) == CMTFailure) {
+        goto loser;
+    }
+    if (!hash.data) {
+        goto loser;
+    }
+
+    *resultlen = hash.len;
+    if (hash.len > maxLen) {
+        memcpy(result, hash.data, maxLen);
+    } else {
+        memcpy(result, hash.data, hash.len);
+    }   
+
+    if (hash.data) {
+        free(hash.data);
+    }
+
+    return CMTSuccess;
+
+loser:
+    if (hash.data) {
+        free(hash.data);
+    }
+
+    return CMTFailure;
+}

mozilla/security/psm/lib/client/cmtimpl.h

@@ -0,0 +1,56 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __CMTIMPL_H_
+#define __CMTIMPL_H_
+
+typedef unsigned long CMT_HANDLE;
+
+struct _CMTControl {
+  CMT_HANDLE channelID;
+  int socketID;
+  CMTStatus (* cmtEventCallback)(struct _CMTControl * control, 
+				 CMTItem * event,  void * arg);
+  void * cmtEventCallbackArg;
+  struct _CMTData * cmtDataConnection;
+} _CMTControl;
+
+
+
+struct _CMTData {
+  CMT_HANDLE channelID;
+  int socketID;
+  struct _CMTData * next;
+  struct _CMTData * previous;
+};
+
+#endif /*__CMTIMPL_H_*/

mozilla/security/psm/lib/client/cmtinit.c

@@ -0,0 +1,588 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifdef XP_UNIX
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/stat.h>
+#include <netinet/tcp.h>
+#else
+#ifdef XP_MAC
+#include <Events.h> // for WaitNextEvent
+#else /* Windows */
+#include <windows.h>
+#include <winsock.h>
+#include <direct.h>
+#include <sys/stat.h>
+#endif
+#endif
+
+#include "messages.h"
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "obscure.h"
+#include <string.h>
+
+#ifdef XP_UNIX
+#define DIRECTORY_SEPARATOR '/'
+#elif defined WIN32
+#define DIRECTORY_SEPARATOR '\\'
+#elif defined XP_MAC
+#define DIRECTORY_SEPARATOR ':'
+#endif
+
+/* Local defines */
+#define CARTMAN_PORT	11111
+#define MAX_PATH_LEN    256
+
+/* write to the cmnav.log */
+#if 0
+#define LOG(x); do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, x); fclose(f); } } while(0);
+#define LOG_S(x); do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, "%s", x); fclose(f); } } while(0);
+#define ASSERT(x); if (!(x)) { LOG("ASSERT:"); LOG(#x); LOG("\n"); exit(-1); }
+#else
+#define LOG(x); ;
+#define LOG_S(x); ;
+#define ASSERT(x); ;
+#endif
+
+/* On error, returns -1.
+** On success, returns non-negative number of unobscured bytes in buf 
+*/
+int
+RecvInitObscureData(CMT_SocketFuncs *sockFuncs, CMTSocket sock, 
+                    SSMObscureObject * obj, void * buf, int bufSize )
+{
+    SSMObscureBool done = 0;
+    int rv = -1;
+
+    do {
+        int cc;
+        cc = sockFuncs->recv(sock, buf, bufSize);
+        if (cc <= 0)
+            return -1;
+	    rv = SSMObscure_RecvInit(obj, buf, cc, &done);
+    } while (!done);
+    return rv;
+}
+
+
+/* returns -1 on error, 0 on success. */
+int
+SendInitObscureData(CMT_SocketFuncs *sockFuncs, CMTSocket sock, 
+                    SSMObscureObject * obj)
+{
+    unsigned char * initBuf = NULL;
+    int             rv      = -1;
+
+    do {
+	int bufLen;
+	int len;
+	int cc;
+
+	bufLen = SSMObscure_SendInit(obj, NULL);
+	if (bufLen <= 0)
+	    break;
+
+	initBuf = (unsigned char *) malloc(bufLen);
+	if (!initBuf)
+	    break;
+
+	len = SSMObscure_SendInit(obj, initBuf);
+	if (len != bufLen)
+	    break;
+
+	cc = sockFuncs->send(sock, initBuf, len);
+
+	/* Note, this code assumes a blocking socket, 
+	** and hence doesn't deal with short writes.
+	*/
+	if (cc < len) 
+	    break;
+
+    	rv = 0;
+
+    } while (0);
+
+    if (initBuf) {
+	free(initBuf);
+    	initBuf = NULL;
+    }
+    return rv;
+}
+
+SSMObscureObject * InitClientObscureObject(CMT_SocketFuncs *sockFuncs, 
+                                           CMTSocket sock)
+{
+    SSMObscureObject * sobj = NULL;
+    unsigned char buf[512];
+    int rv = -1;
+
+    /* Create the obscuring object */
+    sobj = SSMObscure_Create(0);
+    if (!sobj) {
+        goto loser;
+    }
+
+    /* Send the initialization data */
+    rv = SendInitObscureData(sockFuncs, sock, sobj);
+    if (rv < 0) {
+        goto loser;
+    }
+
+    /* Receive the obscuring initialization data */
+    rv = RecvInitObscureData(sockFuncs, sock, sobj, buf, sizeof(buf));
+    if (rv < 0) {
+        goto loser;
+    }
+
+    return sobj;
+loser:
+    if (sobj) {
+        SSMObscure_Destroy(sobj);
+    }
+    return NULL;
+}
+
+static char*
+getCurrWorkDir(char *buf, int maxLen)
+{
+#if defined WIN32
+    return _getcwd(buf, maxLen);
+#elif defined XP_UNIX
+    return getcwd(buf, maxLen);
+#else
+    return NULL;
+#endif
+}
+
+static void
+setWorkingDir(char *path)
+{
+#if defined WIN32
+    _chdir(path);
+#elif defined XP_UNIX
+    chdir(path);
+#else
+    return;
+#endif
+}
+
+static CMTStatus
+launch_psm(char *executable)
+{
+    char command[MAX_PATH_LEN];
+#ifdef WIN32
+    STARTUPINFO sui;
+    PROCESS_INFORMATION pi;
+    UNALIGNED long *posfhnd;
+    int i;
+    char *posfile;
+
+    sprintf(command,"%s > psmlog", executable);
+    ZeroMemory( &sui, sizeof(sui) );
+    sui.cb = sizeof(sui);
+    sui.cbReserved2 = (WORD)(sizeof( int ) + (3 * (sizeof( char ) + 
+                                                   sizeof( long ))));
+    sui.lpReserved2 = calloc( sui.cbReserved2, 1 );
+    *((UNALIGNED int *)(sui.lpReserved2)) = 3;
+    posfile = (char *)(sui.lpReserved2 + sizeof( int ));
+    posfhnd = (UNALIGNED long *)(sui.lpReserved2 + sizeof( int ) + 
+                                 (3 * sizeof( char )));
+    
+    for ( i = 0, posfile = (char *)(sui.lpReserved2 + sizeof( int )),
+              posfhnd = (UNALIGNED long *)(sui.lpReserved2 + sizeof( int ) + (3 * sizeof( char ))) ;
+          i < 3 ; i++, posfile++, posfhnd++ ) {
+        
+        *posfile = 0;
+        *posfhnd = (long)INVALID_HANDLE_VALUE;
+    }
+    /* Now, fire up PSM */
+    if (!CreateProcess(NULL, command, NULL, NULL, TRUE, DETACHED_PROCESS, 
+                       NULL, NULL, &sui, &pi)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+#elif defined XP_UNIX
+    sprintf(command,"./%s &", executable);
+    if (system(command) == -1) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+#else
+    return CMTFailure;
+#endif
+}
+
+PCMT_CONTROL CMT_EstablishControlConnection(char            *inPath, 
+                                            CMT_SocketFuncs *sockFuncs,
+                                            CMT_MUTEX       *mutex)
+{
+    PCMT_CONTROL control;
+    char *executable;
+    char *newWorkingDir;
+    char oldWorkingDir[MAX_PATH_LEN];
+    int i;
+    char *path = NULL;
+    size_t stringLen;
+
+    /*	On the Mac, we do special magic in the Seamonkey PSM component, so
+    	if PSM isn't launched by the time we reach this point, we're not doing well. */
+#ifndef XP_MAC
+
+    struct stat stbuf;
+    
+    /*
+     * Create our own copy of path.
+     * I'd like to do a straight strdup here, but that caused problems
+     * for https.
+     */
+    stringLen = strlen(inPath);
+
+    path = (char*) malloc(stringLen+1);
+    memcpy(path, inPath, stringLen);
+    path[stringLen] = '\0';
+
+    control = CMT_ControlConnect(mutex, sockFuncs);
+    if (control != NULL) {
+        return control;
+    }
+    /*
+     * We have to try to launch it now, so it better be a valid 
+     * path.
+     */
+    if (stat(path, &stbuf) == -1) {
+        goto loser;
+    }
+    /*
+     * Now we have to parse the path and launch the psm server.
+     */
+    executable = strrchr(path, DIRECTORY_SEPARATOR);
+    if (executable != NULL) {
+        *executable = '\0';
+        executable ++;
+        newWorkingDir = path;
+    } else {
+        executable = path;
+        newWorkingDir = NULL;
+    }
+    if (getCurrWorkDir(oldWorkingDir, MAX_PATH_LEN) == NULL) {
+        goto loser;
+    }
+    setWorkingDir(newWorkingDir);
+    if (launch_psm(executable) != CMTSuccess) {
+        goto loser;
+    }
+    setWorkingDir(oldWorkingDir);
+#endif
+
+    /*
+     * Now try to connect to the psm server.  We will try to connect
+     * a maximum of 30 times and then give up.
+     */
+#ifdef WIN32
+    for (i=0; i<30; i++) {
+        Sleep(1000);
+        control = CMT_ControlConnect(mutex, sockFuncs);
+        if (control != NULL) {
+            break;
+        }
+    }
+#elif defined XP_UNIX
+    i = 0;
+    while (i<1000) {
+        i += sleep(10);
+	control = CMT_ControlConnect(mutex, sockFuncs);
+	if (control != NULL) {
+	  break;
+	}
+    }
+#elif defined(XP_MAC)
+	for (i=0; i<30; i++) 
+	{
+		EventRecord theEvent;
+		WaitNextEvent(0, &theEvent, 30, NULL);
+		control = CMT_ControlConnect(mutex, sockFuncs);
+		if (control != NULL) 
+			break;
+	}
+
+#else
+    /*
+     * Figure out how to sleep for a while first
+     */
+    for (i=0; i<30; i++) {
+      control = CMT_ControlConnect(mutex, sockFuncs);
+      if (control!= NULL) {
+	break;
+      }
+    }
+#endif
+    if (control == NULL) {
+        goto loser;
+    }
+    if (path) {
+        free (path);
+    }
+    return control;
+ loser:
+    if (control != NULL) {
+        CMT_CloseControlConnection(control);
+    }
+    if (path) {
+        free(path);
+    }
+    return NULL;
+}
+
+
+PCMT_CONTROL CMT_ControlConnect(CMT_MUTEX *mutex, CMT_SocketFuncs *sockFuncs)
+{
+    PCMT_CONTROL control = NULL; 
+    CMTSocket sock=NULL;
+    SSMObscureObject * obscureObj = NULL;
+#ifdef XP_UNIX
+    int unixSock = 1;
+    char path[20];
+#else
+    int unixSock = 0;
+    char *path=NULL;
+#endif
+
+    if (sockFuncs == NULL) {
+        return NULL;
+    }
+#ifdef XP_UNIX
+    sprintf(path, "/tmp/.nsmc-%d", (int)geteuid());
+#endif    
+
+    sock = sockFuncs->socket(unixSock);
+    if (sock == NULL) {
+        LOG("Could not create a socket to connect to Control Connection.\n");
+        goto loser;
+    }
+    /* Connect to the psm process */
+    if (sockFuncs->connect(sock, CARTMAN_PORT, path)) {
+	  LOG("Could not connect to Cartman\n");
+	  goto loser;
+    }
+
+#ifdef XP_UNIX
+    if (sockFuncs->verify(sock) != CMTSuccess) {
+        goto loser;
+    }
+#endif
+
+	LOG("Connected to Cartman\n");
+	
+	/* fill in the CMTControl struct */
+	control = (PCMT_CONTROL)calloc(sizeof(CMT_CONTROL), 1);
+	if (control == NULL ) {
+		goto loser;
+	}
+	control->sock = sock;
+    control->obscureObj = obscureObj;
+    if (mutex != NULL) {
+        control->mutex = (CMT_MUTEX*)calloc(sizeof(CMT_MUTEX),1);
+        if (control->mutex == NULL) {
+            goto loser;
+        }
+        *control->mutex = *mutex;
+    }
+    memcpy(&control->sockFuncs, sockFuncs, sizeof(CMT_SocketFuncs));
+    control->refCount = 1;
+	goto done;
+    
+ loser:
+	if (control != NULL) {
+		free(control);
+    }
+    if (sock != NULL) {
+        sockFuncs->close(sock);
+    }
+	control = NULL;
+    
+ done:
+	return control;
+}
+
+CMTStatus CMT_CloseControlConnection(PCMT_CONTROL control)
+{
+	/* XXX Don't know what to do here yet */
+    if (control != NULL) {
+        CMInt32 refCount;
+        CMT_LOCK(control->mutex);
+        control->refCount--;
+        refCount = control->refCount;
+        CMT_UNLOCK(control->mutex);
+        if (refCount <= 0) {
+            if (control->mutex != NULL) {
+                free (control->mutex);
+            }
+            if (control->obscureObj) {
+                SSMObscure_Destroy(control->obscureObj);
+            }
+            control->sockFuncs.close(control->sock);
+            free(control);
+        }
+    }
+    
+	return CMTSuccess;
+}
+
+CMTStatus CMT_Hello(PCMT_CONTROL control, CMUint32 version, char* profile, 
+                    char* profileDir)
+{
+	CMTItem message;
+    PCMT_EVENT eventHandler;
+    CMBool doesUI;
+    HelloRequest request;
+    HelloReply reply;
+
+	/* Check the passed parameters */
+	if (!control) {
+		return CMTFailure;
+	}
+	if (!profile) {
+		return CMTFailure;
+	}
+    if (!profileDir) {
+        return CMTFailure;
+    }
+    
+	/* Create the hello message */
+    eventHandler = CMT_GetEventHandler(control, SSM_UI_EVENT, 0);
+    doesUI = (eventHandler == NULL) ? CM_FALSE : CM_TRUE;
+
+    /* Setup the request struct */
+    request.version = version;
+    request.policy = 0; /* no more policy */
+    request.doesUI = doesUI;
+    request.profile = profile;
+    request.profileDir = profileDir;
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_HELLO_MESSAGE;
+
+    if (CMT_EncodeMessage(HelloRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+	/* Send the message and get the response */
+	if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+	}
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_HELLO_MESSAGE)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(HelloReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+	/* Successful response */
+	if (reply.result == 0) {
+            /* Save the nonce value */
+            control->sessionID = reply.sessionID;
+            control->protocolVersion = reply.version;
+            control->port = reply.httpPort;
+            control->nonce = reply.nonce;
+            control->policy = reply.policy;
+            control->serverStringVersion = reply.stringVersion;
+
+            /* XXX Free the messages */
+            return CMTSuccess;
+	}
+loser:
+	/* XXX Free the messages */
+	return CMTFailure;
+}
+
+CMTStatus CMT_PassAllPrefs(PCMT_CONTROL control, int num,
+                           CMTSetPrefElement* list)
+{
+    SetPrefListMessage request;
+    SingleNumMessage reply;
+    CMTItem message;
+
+    if ((control == NULL) || (list == NULL)) {
+        return CMTFailure;
+    }
+
+    /* pack the request */
+    request.length = num;
+    request.list = (SetPrefElement*)list;
+
+    if (CMT_EncodeMessage(SetPrefListMessageTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+    message.type = SSM_REQUEST_MESSAGE | SSM_PREF_ACTION;
+
+    /* send the message */
+    if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PREF_ACTION)) {
+        goto loser;
+    }
+
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* don't really need to check the return value */
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+char* CMT_GetServerStringVersion(PCMT_CONTROL control)
+{
+    if (control == NULL) {
+        return NULL;
+    }
+    return control->serverStringVersion;
+}

mozilla/security/psm/lib/client/cmtjs.c

@@ -0,0 +1,556 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtutils.h"
+#include "cmtjs.h"
+#include "messages.h"
+
+CMTStatus
+CMT_GenerateKeyPair(PCMT_CONTROL control, CMUint32 keyGenContext, 
+		    CMUint32 mechType, CMTItem *param, CMUint32 keySize, 
+		    CMUint32 *keyPairId)
+{
+    CMTItem message;
+    CMTStatus rv;
+    KeyPairGenRequest request = {0, 0, 0, {0, NULL, 0}};
+    SingleNumMessage reply;
+
+    if (!control) {
+        return CMTFailure;
+    }
+
+    request.keyGenCtxtID = keyGenContext;
+    request.genMechanism = mechType;
+    if (param) {
+        request.params = *param;
+    }
+    request.keySize = keySize;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(KeyPairGenRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_CREATE_KEY_PAIR;
+
+    /* Send the message and get the response */
+    rv = CMT_SendMessage(control, &message); 
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_CREATE_KEY_PAIR)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+    *keyPairId = reply.value;
+    return CMTSuccess;
+    
+loser:
+    *keyPairId = 0;
+    return CMTFailure;
+}
+
+
+CMTStatus
+CMT_CreateNewCRMFRequest(PCMT_CONTROL control, CMUint32 keyPairID, 
+			 SSMKeyGenType keyGenType, CMUint32 *reqID)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleNumMessage request;
+    SingleNumMessage reply;
+    
+    if (!control) {
+        return CMTFailure;
+    }
+
+    request.value = keyPairID;
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | 
+                    SSM_CREATE_CRMF_REQ;
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+  
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_CREATE_CRMF_REQ)) {
+        goto loser;
+    }
+
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *reqID = reply.value;
+
+    rv = CMT_SetNumericAttribute(control, *reqID, SSM_FID_CRMFREQ_KEY_TYPE,
+				 keyGenType);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_EncodeCRMFRequest(PCMT_CONTROL control, CMUint32 *crmfReqID, 
+		      CMUint32 numRequests, char ** der)
+{
+    CMTItem   message;
+    CMTStatus  rv;
+    EncodeCRMFReqRequest request;
+    SingleItemMessage reply;
+
+    if (!control) {
+        return CMTFailure;
+    }
+
+    request.numRequests = numRequests;
+    request.reqIDs = (long *) crmfReqID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(EncodeCRMFReqRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | SSM_DER_ENCODE_REQ;
+
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_DER_ENCODE_REQ)) {
+        goto loser;
+    }
+
+    /* XXX Should this be a string? Decode the message */
+    if (CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *der = (char *) reply.item.data;
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_ProcessCMMFResponse(PCMT_CONTROL control, char *nickname,
+			char *certRepString, CMBool doBackup,
+			void *clientContext)
+{
+    CMTItem   message;
+    CMTStatus  rv;
+    CMMFCertResponseRequest request;
+
+    if(!control) {
+        return CMTFailure;
+    }
+
+    request.nickname = nickname;
+    request.base64Der = certRepString;
+    request.doBackup = doBackup;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CMMFCertResponseRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type =  SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | SSM_PROCESS_CMMF_RESP;
+
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_PROCESS_CMMF_RESP)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_CreateResource(PCMT_CONTROL control, SSMResourceType resType,
+		   CMTItem *params, CMUint32 *rsrcId, CMUint32 *errorCode)
+{
+    CMTItem message;
+    CMTStatus rv;
+    CreateResourceRequest request = {0, {0, NULL, 0}};
+    CreateResourceReply reply;
+
+    request.type = resType;
+    if (params) {
+        request.params = *params;
+    } 
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CreateResourceRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_CREATE_RESOURCE;
+    
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_CREATE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(CreateResourceReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *rsrcId = reply.resID;
+    *errorCode = reply.result;
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_SignText(PCMT_CONTROL control, CMUint32 resID, char* stringToSign, char* hostName, char* caOption, CMInt32 numCAs, char** caNames)
+{
+    CMTItem message;
+    SignTextRequest request;
+
+    
+    /* So some basic parameter checking */
+    if (!control || !stringToSign) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resID;
+    request.stringToSign = stringToSign;
+    request.hostName = hostName;
+    request.caOption = caOption;
+    request.numCAs = numCAs;
+    request.caNames = caNames;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(SignTextRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_FORMSIGN_ACTION | SSM_SIGN_TEXT;
+
+    /* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_FORMSIGN_ACTION | SSM_SIGN_TEXT)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_ProcessChallengeResponse(PCMT_CONTROL control, char *challengeString,
+			     char **responseString)
+{
+    CMTItem   message;
+    CMTStatus  rv;
+    SingleStringMessage request;
+    SingleStringMessage reply;
+
+    /* Set the request */
+    request.string = challengeString;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleStringMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | SSM_CHALLENGE;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+    
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_CHALLENGE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleStringMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *responseString = reply.string;
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_FinishGeneratingKeys(PCMT_CONTROL control, CMUint32 keyGenContext)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleNumMessage request;
+
+    /* Set up the request */
+    request.value = keyGenContext;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_FINISH_KEY_GEN;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the reply */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_FINISH_KEY_GEN)) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_GetLocalizedString(PCMT_CONTROL        control,
+                       SSMLocalizedString  whichString,
+                       char              **localizedString)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleNumMessage request;
+    GetLocalizedTextReply reply;
+
+    /* Set up the request */
+    request.value = whichString;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_LOCALIZED_TEXT;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_LOCALIZED_TEXT)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(GetLocalizedTextReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    if (reply.whichString != whichString) {
+        goto loser;
+    }
+    *localizedString = reply.localizedString;
+    return CMTSuccess;
+ loser:
+    *localizedString = NULL;
+    return rv; 
+}
+
+CMTStatus
+CMT_AddNewModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 char         *libraryPath,
+                 unsigned long pubMechFlags,
+                 unsigned long pubCipherFlags)
+{
+    CMTItem message;
+    CMTStatus rv;
+    AddNewSecurityModuleRequest request;
+    SingleNumMessage reply;
+
+    /* Set up the request */
+    request.moduleName = moduleName;
+    request.libraryPath = libraryPath;
+    request.pubMechFlags = pubMechFlags;
+    request.pubCipherFlags = pubCipherFlags;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(AddNewSecurityModuleRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_ADD_NEW_MODULE;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_ADD_NEW_MODULE)) {
+        goto loser;
+    }
+
+    /* Decode the response */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    return (CMTStatus) reply.value;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_DeleteModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 int          *moduleType)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleStringMessage request;
+    SingleNumMessage reply;
+
+    /* Set up the request */
+    request.string = moduleName;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleStringMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_DEL_MODULE;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_DEL_MODULE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *moduleType = reply.value;
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_LogoutAllTokens(PCMT_CONTROL control)
+{
+  CMTItem message;
+  CMTStatus rv;
+
+  message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_LOGOUT_ALL;
+  message.data = NULL;
+  message.len  = 0;
+
+  rv = CMT_SendMessage(control, &message);
+  if (rv != CMTSuccess) {
+    return rv;
+  }
+  if (message.type !=  (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | 
+			SSM_LOGOUT_ALL)) {
+    return CMTFailure;
+  }
+  return CMTSuccess;
+}
+
+CMTStatus CMT_GetSSLCapabilities(PCMT_CONTROL control, CMInt32 *capabilites)
+{
+    SingleNumMessage reply;
+    CMTItem message;
+    CMTStatus rv;
+
+    message.type = (SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | 
+                    SSM_ENABLED_CIPHERS);
+    message.data = NULL;
+    message.len  = 0;
+
+    rv = CMT_SendMessage(control, &message);
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION |
+			 SSM_ENABLED_CIPHERS)) {
+        goto loser;
+    }
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, 
+                          &message) != CMTSuccess) {
+        goto loser;
+    }
+    *capabilites = reply.value;
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}

mozilla/security/psm/lib/client/cmtjs.h

@@ -0,0 +1,555 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef _CMTJS_H_
+#define _CMTJS_H_
+#include "cmtcmn.h"
+#include "ssmdefs.h"
+#include "rsrcids.h"
+/*
+ * Define some constants.
+ */
+
+/*
+ * These defines are used in conjuction with the function
+ * CMT_AddNewModule.
+ */
+#define PUBLIC_MECH_RSA_FLAG         0x00000001ul
+#define PUBLIC_MECH_DSA_FLAG         0x00000002ul
+#define PUBLIC_MECH_RC2_FLAG         0x00000004ul
+#define PUBLIC_MECH_RC4_FLAG         0x00000008ul
+#define PUBLIC_MECH_DES_FLAG         0x00000010ul
+#define PUBLIC_MECH_DH_FLAG          0x00000020ul
+#define PUBLIC_MECH_FORTEZZA_FLAG    0x00000040ul
+#define PUBLIC_MECH_RC5_FLAG         0x00000080ul
+#define PUBLIC_MECH_SHA1_FLAG        0x00000100ul
+#define PUBLIC_MECH_MD5_FLAG         0x00000200ul
+#define PUBLIC_MECH_MD2_FLAG         0x00000400ul
+ 
+#define PUBLIC_MECH_RANDOM_FLAG      0x08000000ul
+#define PUBLIC_MECH_FRIENDLY_FLAG    0x10000000ul
+#define PUBLIC_OWN_PW_DEFAULTS       0X20000000ul
+#define PUBLIC_DISABLE_FLAG          0x40000000ul
+
+
+/*
+ * This is the lone supported constant for the Cipher flag
+ * for CMT_AddNewModule
+ */
+#define PUBLIC_CIPHER_FORTEZZA_FLAG  0x00000001ul
+
+CMT_BEGIN_EXTERN_C
+
+/*
+ * FUNCTION: CMT_GenerateKeyPair
+ * -----------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    keyGenContext
+ *        The Resource ID of a key gen context to use for creating the
+ *        key pair.
+ *    mechType
+ *        A PKCS11 mechanism used to generate the key pair. Valid values are:
+ *          CKM_RSA_PKCS_KEY_PAIR_GEN    0x00000000
+ *          CKM_DSA_KEY_PAIR_GEN         0x00000010
+ *        The definition of these values can be found at 
+ *        http://www.rsa.com/rsalabs/pubs/pkcs11.html
+ *        The psm module currently supports v2.01 of PKCS11
+ *    params
+ *        This parameter will be used to pass parameters to the Key Pair
+ *        generation process.  Currently this feature is not supported, so 
+ *        pass in NULL for this parameter.
+ *    keySize
+ *        The size (in bits) of the key to generate.
+ *    keyPairId
+ *        A pointer to pre-allocated memory where the function can place
+ *        the value of the resource ID of the key pair that gets created.
+ *
+ * NOTES:
+ * This function will send a message to the psm server requesting that 
+ * a public/private key pair be generated. The key gen context will queue
+ * the request. You can send as many key gen requests as you want with a
+ * given key gen context. After sending all the key gen requests, the user
+ * must call CMT_FinishGeneratingKeys so that the key gen context actually
+ * generates the keys.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates the request for key generation
+ * was queued successfully and the corresponding resource ID can be found
+ * at *keyPairId.  Any other return value indicates an error and the value
+ * at *keyPairId should be ignored.
+ */
+CMTStatus
+CMT_GenerateKeyPair(PCMT_CONTROL control, CMUint32 keyGenContext, 
+		    CMUint32 mechType, CMTItem *params, CMUint32 keySize, 
+		    CMUint32 *keyPairId);
+
+/*
+ * FUNCTION: CMT_FinishGeneratingKeys
+ * ----------------------------------
+ * INPUTS
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    keyGenContext
+ *        The resource ID of the key gen context which should finish 
+ *        generating its key pairs.
+ * NOTES
+ * This function will send a message to the psm server notifying the key 
+ * gen context with the resource ID of keyGenContext to finish generating
+ * all of the key gen requests it has queued up. After each key gen has 
+ * finished, the psm server will send a SSM_TASK_COMPLETED_EVENT. So in order
+ * to detect when all of the key gens are done, the user should register 
+ * an event handler.  See comments for CMT_RegisterEventHandler for information
+ * on how to successfully register event handler callbacks. You must register
+ * the event handler with keyGenContext as the target resource ID for this
+ * to work correctly.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates the key gen context has started to
+ * generate the key pairs in its queue. Any other return value indicates an
+ * error and the key pairs will not be generated.
+ */
+CMTStatus
+CMT_FinishGeneratingKeys(PCMT_CONTROL control, CMUint32 keyGenContext);
+
+/*
+ * FUNCTION: CMT_CreateNewCRMFRequest
+ * ----------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    keyPairID
+ *        The resource ID of the key pair that should be associated with
+ *        the CRMF request created. At the time this function is called,
+ *        key pair should have already been created. 
+ *    keyGenType
+ *        An enumeration that explains how the key pair will be used.
+ *        Look at the definition of SSMKeyGenType in ssmdefs.h for valid
+ *        values and their affects on the request.
+ *    reqID
+ *        A pointer to a pre-allocatd chunk of memory where the library 
+ *        can place the resource ID of the new CRMF request.
+ * NOTES:
+ * This function sends a message to the psm server requesting that a new 
+ * CRMF resource object be created. Each CRMF request must be associated with 
+ * a public/private key pair, that is why the keyPairID parameter exists.
+ * The keyGenType parameter is used to initialize the request, eg set the
+ * correct keyUsage extension.
+ * 
+ * Before encoding a CRMF request, the user will want to set the appropriate
+ * attributes to build up the request. The supported attributes are:
+ *
+ * Attribute Enumeration          Attribute Type       What value means
+ * ---------------------          --------------       ----------------
+ * SSM_FID_CRMFREQ_REGTOKEN       String               The value to encode as 
+ *                                                     the registration token
+ *                                                     value for the request.
+ *
+ * SSM_FID_CRMFREQ_AUTHENTICATOR String                The value to encode as
+ *                                                     authenticator control
+ *                                                     in the request.
+ * 
+ * SSM_FID_DN                    String                The RFC1485 formatted
+ *                                                     DN to include in the
+ *                                                     CRMF request.
+ *
+ * For information on how to properly set the attribute of a resource, refer
+ * to the comments for the functions CMT_SetNumericAttribute and 
+ * CMT_SetStringAttribute.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates a new CRMF resource was created by
+ * the psm server and has the resource ID placed at *reqID. Any other return
+ * value indicates an error and the value at *reqID should be ignored.
+ */
+CMTStatus
+CMT_CreateNewCRMFRequest(PCMT_CONTROL control, CMUint32 keyPairID, 
+			 SSMKeyGenType keyGenType, CMUint32 *reqID);
+
+/*
+ * FUNCTION: CMT_EncodeCRMFRequest
+ * ------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    crmfReqID
+ *        An array of resource ID's for CRMF objects to be encoded.
+ *    numRequests
+ *        The length of the array crmfReqID that is passed in.
+ *    der
+ *        A pointer to a pre-allocated pointer for a char* where the library
+ *        can place the final DER-encoding of the requests.
+ * NOTES
+ * This function will send a message to the psm server requesting that 
+ * a number of CRMF requests be encoded into their appropriate DER 
+ * representation. The DER that is sent back will be of the type 
+ * CertReqMessages as define in the internet draft for CRMF. To look at the
+ * draft, visit the following URL: 
+ * http://search.ietf.org/internet-drafts/internet-draft-ietf-pkix-crmf-01.txt
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates psm successfully encoded the requests
+ * and placed the base64 DER encoded request at *der. Any other return value
+ * indicates an error and the value at *der should be ignored.
+ */
+CMTStatus
+CMT_EncodeCRMFRequest(PCMT_CONTROL control, CMUint32 *crmfReqID, 
+		      CMUint32 numRequests, char ** der);
+
+/*
+ * FUNCTION: CMT_ProcessCMMFResponse
+ * ---------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    nickname
+ *        The nickname that should be associated with the certificate 
+ *        contained in the CMMF Response.
+ *    certRepString
+ *        This is the base 64 encoded CertRepContent that issues a certificate.
+ *        The psm server will decode the base 64 data and then parse the
+ *        CertRepContent.
+ *    doBackup
+ *        A boolean value indicating whether or not psm should initiate the
+ *        process of backing up the newly issued certificate into a PKCS-12
+ *        file.
+ *    clientContext
+ *         Client supplied data pointer that is returned to the client during
+ *         a UI event.
+ * NOTES:
+ * This function takes a CertRepContent as defined in the CMMF internet draft
+ * (http://search.ietf.org/internet-drafts/draft-ietf-pkix-cmmf-02.txt) and
+ * imports the certificate into the user's database. The certificate will have
+ * the string value of nickanme as it's nickname when added to the database
+ * unless another certificate with that same Distinguished Name (DN) already
+ * exists in the database, in which case the nickname of the certificate that
+ * already exists will be used. If the value passed in for doBackup is 
+ * non-zero, then the psm server will initiate the process of backing up the
+ * certificate(s) that were just imported.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates the certificate(s) were successfully
+ * added to the database. Any other return value means the certificate(s) could
+ * not be successfully added to the database.
+ */
+CMTStatus
+CMT_ProcessCMMFResponse(PCMT_CONTROL control, char *nickname, 
+			char *certRepString, CMBool doBackup,
+			void *clientContext);
+
+/*
+ * FUNCTION: CMT_CreateResource
+ * ----------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    resType
+ *        The enumeration representing the resource type to create.
+ *    params
+ *        A resource dependent binary string that will be sent to the psm 
+ *        server. Each resource will expect a binary string it defines.
+ *    rsrcId
+ *        A pointer to a pre-allocated chunk of memory where the library
+ *        can place the resource ID of the newly created resource.
+ *    errorCode
+ *        A pointer to a pre-allocated chunk of memory where the library
+ *        can place the errorCode returned by the psm server after creating
+ *        the resource.
+ * NOTES:
+ * This function sends a message to the psm server requesting that a new 
+ * resource be created.  The params parameter depends on the type of resource
+ * being created.  Below is a table detailing the format of the params for 
+ * a given resource type. Only the resource types listed below can be created
+ * by calling this function.
+ *
+ * Resource Type constant                  Value for params
+ * ------------------------------          ----------------
+ * SSM_RESTYPE_KEYGEN_CONTEXT              NULL
+ * SSM_RESTYPE_SECADVISOR_CONTEXT          NULL
+ * SSM_RESTYPE_SIGNTEXT                    NULL
+ *
+ * RETURN
+ * A return value of CMTSuccess means the psm server received the request and
+ * processed the create resource create. If the value at *errorCode is zero,
+ * then the value at *rsrcId is the resource ID of the newly created resource.
+ * Otherwise, creating the new resource failed and *errorCode contains the
+ * error code returned by the psm server. ???What are the return values and
+ * what do they mean. Any other return value indicates there was an error 
+ * in the communication with the psm server and the values at *rsrcId and 
+ * *errorCode should be ignored.
+ */
+CMTStatus
+CMT_CreateResource(PCMT_CONTROL control, SSMResourceType resType,
+		   CMTItem *params, CMUint32 *rsrcId, CMUint32 *errorCode);
+
+/*
+ * FUNCTION: CMT_SignText
+ * ----------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    resID
+ *        The resource ID of an SSMSignTextResource.
+ *    stringToSign
+ *        The string that the psm server should sign.
+ *    hostName
+ *        The host name of the site that is requesting a string to be
+ *        signed.  This is used for displaying the UI that tells the user
+ *        a web site has requested the use sign some text.
+ *    caOption
+ *        If the value is "auto" then psm will select the certificate
+ *        to use for signing automatically.
+ *        If the value is "ask" then psm will display a list of 
+ *        certificates for signing.
+ *    numCAs
+ *        The number of CA names included in the array caNames passed in as
+ *        the last parameter to this function.
+ *    caNames
+ *        An array of CA Names to use for filtering the user certs to use
+ *        for signing the text.
+ * NOTES
+ * This function will sign the text passed via the parameter stringToSign.
+ * The function will also cause the psm server to send some UI notifying the
+ * user that a site has requested the user sign some text.  The hostName 
+ * parameter is used in the UI to inform the user which site is requesting
+ * the signed text.  The caOption is used to determine if the psm server 
+ * should automatically select which personal cert to use in signing the
+ * text.  The caNames array is ussed to narrow down the field of personal
+ * certs to use when signing the text. In other words, only personal certs 
+ * trusted by the CA's passed in will be used.
+ *
+ * RETURN
+ * If the function returns CMTSuccess, that indicates the psm server 
+ * successfully signed the text.  The signed text can be retrieved by 
+ * calling CMT_GetStringResource and passing in SSM_FID_SIGNTEXT_RESULT
+ * as the field ID. Any other return value indicates an error meaning the
+ * string was not signed successfully.
+ */
+CMTStatus
+CMT_SignText(PCMT_CONTROL control, CMUint32 resID, char* stringToSign,
+             char* hostName, char *caOption, CMInt32 numCAs, char** caNames);
+
+/*
+ * FUNCTION: CMT_ProcessChallengeResponse
+ * --------------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    challengeString
+ *        The base64 encoded Challenge string received as the 
+ *        Proof-Of-Possession Challenge in response to CRMF request that
+ *        specified Challenge-Reponse as the method for Proof-Of-Possession.
+ *    responseString
+ *        A pointer to pre-allocated char* where the library can place a
+ *        copy of the bas64 encoded response to the challenge presented.
+ * NOTES
+ * This function takes the a challenge--that is encrypted with the public key
+ * of a certificate we created--and decrypts it with the private key we 
+ * generated.  The format of the challenge is as follows:
+ *
+ * Challenge ::= SEQUENCE { 
+ *      owf                 AlgorithmIdentifier  OPTIONAL, 
+ *      -- MUST be present in the first Challenge; MAY be omitted in any 
+ *      -- subsequent Challenge in POPODecKeyChallContent (if omitted, 
+ *      -- then the owf used in the immediately preceding Challenge is 
+ *      -- to be used). 
+ *      witness             OCTET STRING, 
+ *      -- the result of applying the one-way function (owf) to a 
+ *      -- randomly-generated INTEGER, A.  [Note that a different 
+ *      -- INTEGER MUST be used for each Challenge.] 
+ *      sender              GeneralName, 
+ *      -- the name of the sender. 
+ *      key                 OCTET STRING, 
+ *      -- the public key used to encrypt the challenge.  This will allow 
+ *      -- the client to find the appropriate key to do the decryption. 
+ *      challenge           OCTET STRING 
+ *      -- the encryption (under the public key for which the cert. 
+ *      -- request is being made) of Rand, where Rand is specified as 
+ *      --   Rand ::= SEQUENCE { 
+ *      --      int      INTEGER, 
+ *      --       - the randomly-generated INTEGER A (above) 
+ *      --      senderHash  OCTET STRING 
+ *      --       - the result of applying the one-way function (owf) to 
+ *      --       - the sender's general name 
+ *      --   } 
+ *      -- the size of "int" must be small enough such that "Rand" can be 
+ *      -- contained within a single PKCS #1 encryption block. 
+ *  } 
+ * This challenge is based on the Challenge initially defined in the CMMF
+ * internet draft, but differs in that this structure includes the sender
+ * as part of the challenge along with the public key and includes a has
+ * of the sender in the encrypted Rand structure.  The reason for including
+ * the key is to facilitate looking up the key that should be used to 
+ * decipher the challenge.  Including the hash of the sender in the encrypted
+ * Rand structure makes the challenge smaller and allows it to fit in 
+ * one RSA block. 
+ *
+ * The response is of the type POPODecKeyRespContent as defined in the CMMF
+ * internet draft.
+ *
+ * RETURN
+ * A return value of CMTSuccess indicates psm successfully parsed and processed
+ * the challenge and created a response.  The base64 encoded response to the
+ * challenge is placed at *responseString.  Any other return value indicates
+ * an error and the value at *responseString should be ignored.
+ */
+CMTStatus
+CMT_ProcessChallengeResponse(PCMT_CONTROL control, char *challengeString,
+			     char **responseString);
+
+/*
+ * FUNCTION: CMT_GetLocalizedString
+ * --------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    whichString
+ *        The enumerated value corresponding to the localized string to 
+ *        retrieve from the psm server
+ *    localizedString
+ *        A pointer to a pre-allocated char* where the library can place 
+ *        copy of the localized string retrieved from the psm server.
+ * NOTES
+ * This function retrieves a localized string from the psm server.  These 
+ * strings are useful for strings that aren't localized in the client 
+ * making use of the psm server, but need to be displayed by the user. Look
+ * in protocol.h for the enumerations of the localized strings that can 
+ * be fetched from psm via this method.
+ *
+ * RETURN
+ * A return value of CMTSuccess indicates the localized string was retrieved
+ * successfully and the localized value is located at *localizedString.  Any
+ * other return value indicates an error and the value at *localizedString
+ * should be ignored.
+ */
+CMTStatus 
+CMT_GetLocalizedString(PCMT_CONTROL        control, 
+                       SSMLocalizedString  whichString,
+                       char              **localizedString); 
+
+/*
+ * FUNCTION: CMT_DeleteModule
+ * --------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    moduleName
+ *        The name of the PKCS11 module to delete.
+ *    moduleType
+ *        A pointer to a pre-allocated integer where the library can place
+ *        a value that tells what the type of module was deleted.
+ * NOTES
+ * This function will send a message to the psm server requesting the server 
+ * delete a PKCS-11 module stored in psm's security module database. moduleName
+ * is the value passed in as moduleName when the module was added to the 
+ * security module database of psm.
+ * The values that may be returned by psm for moduleType are:
+ *
+ *    0      The module was an external module developped by a third party
+ *           that was added to the psm security module.
+ *
+ *    1      The module deleted was the internal PKCS-11 module that comes
+ *           built in with the psm server.
+ *
+ *    2      The module that was deleted was the FIPS  internal module.
+ *
+ * RETURN
+ * A return value of CMTSuccess indicates the security module was successfully
+ * delete from the psm security module database and the value at *moduleType
+ * will tell what type of module was deleted.
+ * Any other return value indicates an error and the value at *moduleType 
+ * should be ignored.
+ */
+CMTStatus
+CMT_DeleteModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 int          *moduleType);
+
+
+/*
+ * FUNCTION: CMT_AddNewModule
+ * --------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    moduleName
+ *        The name to be associated with the module once it is added to 
+ *        the psm security module database.
+ *    libraryPath
+ *        The path to the library to be  loaded.  The library should be 
+ *        loadable at run-time.
+ *    pubMechFlags
+ *        A bit vector indicating all cryptographic mechanisms that should
+ *        be turned on by default.  This module will become the default 
+ *        handler for the mechanisms that are set by this bit vector.
+ *    pubCipherFlags
+ *        A bit vector indicating all SSL or S/MIME cipher functions
+ *        supported by the module. Most modules will pas in 0x0 for this
+ *        parameter.
+ * NOTES:
+ * This function sends a message to the psm server and requests the .so
+ * file on UNIX or .dll file on Windows be loaded as a PKCS11 module and 
+ * be stored in the psm security module database.  The module will be stored
+ * with the name moduleName that is passed in and will always expect the 
+ * library to live at the path passed in via the parameter libraryPath.
+ * The pubMechFlags tell the psm server how this module should be used.
+ * Valid values are the #define constants defined at the beginning of
+ * this file.
+ * 
+ * RETURN
+ * A return value of CMTSuccess indicates the module was successfully loaded
+ * and placed in the security module database of psm.  Any other return value
+ * indicates an error and means the module was not loaded successfully and
+ * not stored in the psm server's security module database.
+ */
+CMTStatus
+CMT_AddNewModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 char         *libraryPath,
+                 unsigned long pubMechFlags,
+                 unsigned long pubCipherFlags);
+
+CMT_END_EXTERN_C
+
+#endif /*_CMTJS_H_*/

mozilla/security/psm/lib/client/cmtmac.c

@@ -0,0 +1,75 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#include "cmtmac.h"
+#include "macsocket.h"
+#include "stdlib.h"
+
+#ifndef XP_MAC
+#error Link with the builtin strdup() on your platform.
+#endif
+
+
+static void 
+my_strcpy(char *dest, const char *source)
+{
+	char *i = dest;
+	const char *j = source;
+	while(*j)
+		*i++ = *j++;
+	*i = '\0';
+}
+
+static int
+my_strlen(const char *str)
+{
+	const char *c = str;
+	int i = 0;
+	
+	while(*c++ != '\0')
+		i++;
+	return i;
+}
+
+char * strdup(const char *oldstr)
+{
+	/* used to keep the mac client library from referring to strdup elsewhere */
+	char *newstr;
+	
+	newstr = (char *) malloc(my_strlen(oldstr)+1);
+	if (newstr)
+		my_strcpy(newstr, oldstr);
+	return newstr;
+}
+

mozilla/security/psm/lib/client/cmtmac.h

@@ -0,0 +1,40 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#ifndef __CMTMAC_H__
+#define __CMTMAC_H__
+
+char * strdup(const char *str);
+
+#endif

mozilla/security/psm/lib/client/cmtpasswd.c

@@ -0,0 +1,119 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/************************************************************************
+ * Code to handle password requests from the the PSM module.
+ * 
+ ************************************************************************
+ */
+
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+
+void CMT_SetAppFreeCallback(PCMT_CONTROL control, 
+			    applicationFreeCallback_fn f)
+{
+  control->userFuncs.userFree = f;
+}
+    
+void CMT_ServicePasswordRequest(PCMT_CONTROL cm_control, CMTItem * requestData)
+{ 
+  CMTItem response = {0, NULL, 0};
+  PasswordRequest request;
+  PasswordReply reply;
+  void * clientContext;
+
+  /********************************************
+   *  What we trying to do here: 
+   *  1) Throw up a dialog box and request a password.
+   *  2) Create a message and send it to the PSM module.
+   ********************************************
+   */
+  
+  /* Decode the request */
+  if (CMT_DecodeMessage(PasswordRequestTemplate, &request, requestData) != CMTSuccess) {
+      goto loser;
+  }
+
+  /* Copy the client context to a pointer */
+  clientContext = CMT_CopyItemToPtr(request.clientContext);
+
+  if (cm_control->userFuncs.promptCallback == NULL) {
+      goto loser;
+  }
+  reply.passwd = 
+    cm_control->userFuncs.promptCallback(cm_control->userFuncs.promptArg, 
+					 request.prompt, clientContext, 1);
+  reply.tokenID = request.tokenKey;
+  if (!reply.passwd) {
+      /* the user cancelled the prompt or other errors occurred */
+      reply.result = -1;
+  }
+  else {
+      /* note that this includes an empty string (zero length password) */
+      reply.result = 0;
+  }
+
+  /* Encode the reply */
+  if (CMT_EncodeMessage(PasswordReplyTemplate, &response, &reply) != CMTSuccess) {
+      goto loser;
+  }
+
+  /* Set the message response type */
+  response.type = SSM_EVENT_MESSAGE | SSM_AUTH_EVENT;
+  CMT_TransmitMessage(cm_control, &response);
+  goto done;
+loser:
+  /* something has gone wrong */
+
+done:
+  /*clean up anyway */
+  /* We can't just free up memory allocated by the host
+     application because the versions of free may not match up.
+     When you run the plug-in with an optimized older browser,
+     you'll see tons of Asserts (why they still have asserts in an
+     optimized build is a different question, but without them 
+     I wouldn't have figured out this problem) about a pointer not
+     being a valid heap pointer and eventually crash.  This was 
+     the offending free line.
+     So we need to call a function within the browser that 
+     calls the free linked in with it.  js_free is
+     such a function.  But this is extremely ugly.
+   */
+  if (reply.passwd) 
+    cm_control->userFuncs.userFree(reply.passwd);
+  if (request.prompt) 
+    free(request.prompt);
+  return;
+}
+

mozilla/security/psm/lib/client/cmtpkcs7.c

@@ -0,0 +1,636 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifdef XP_UNIX
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/time.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#else /* Windows */
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+
+typedef struct _CMTP7Private {
+    CMTPrivate priv;
+    CMTP7ContentCallback cb;
+    void *cb_arg;
+} CMTP7Private;
+
+CMTStatus CMT_PKCS7DecoderStart(PCMT_CONTROL control, void* clientContext, CMUint32 * connectionID, CMInt32 * result,
+                                CMTP7ContentCallback cb, void *cb_arg)
+{
+    CMTItem message;
+    CMTStatus rv;
+    CMTP7Private *priv=NULL;
+    SingleItemMessage request;
+    DataConnectionReply reply;
+
+    /* Check passed in parameters */
+    if (!control) {
+        goto loser;
+    }
+
+    request.item = CMT_CopyPtrToItem(clientContext);
+
+    /* Encode message */
+    if (CMT_EncodeMessage(SingleItemMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7DECODE_STREAM;
+
+    /* Send the message. */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7DECODE_STREAM)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        CMTSocket sock;
+
+        priv = (CMTP7Private *)malloc(sizeof(CMTP7Private));
+        if (priv == NULL)
+            goto loser;
+        priv->priv.dest = (CMTReclaimFunc) free;
+        priv->cb = cb;
+        priv->cb_arg = cb_arg;
+        sock = control->sockFuncs.socket(0);
+        if (sock == NULL) {
+            goto loser;
+        }
+ 
+       if (control->sockFuncs.connect(sock, (short)reply.port, 
+                                      NULL) != CMTSuccess) {
+            goto loser;
+        }
+ 
+        if (control->sockFuncs.send(sock, control->nonce.data, 
+                                    control->nonce.len) != control->nonce.len){
+            goto loser;
+        }
+
+        /* Save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID)
+            != CMTSuccess) {
+            goto loser;
+        }
+        *connectionID = reply.connID;
+
+        rv = CMT_SetPrivate(control, reply.connID, &priv->priv);
+        if (rv != CMTSuccess)
+            goto loser;
+
+        return CMTSuccess;
+    } 
+
+loser:
+    if (priv) {
+        free(priv);
+    }
+
+	*result = reply.result;
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7DecoderUpdate(PCMT_CONTROL control, CMUint32 connectionID, const char * buf, CMUint32 len)
+{
+    CMUint32 sent;
+    CMTP7Private *priv;
+    unsigned long nbytes;
+    char read_buf[128];
+    CMTSocket sock, ctrlsock, selSock, sockArr[2];
+
+    /* Do some parameter checking */
+    if (!control || !buf) {
+        goto loser;
+    }
+
+    /* Get the data socket */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    /* Write the data to the socket */
+    sent = CMT_WriteThisMany(control, sock, (void*)buf, len);
+    if (sent != len) {
+        goto loser;
+    }
+
+	ctrlsock = control->sock;
+	sockArr[0] = ctrlsock;
+	sockArr[1] = sock;
+    while ((selSock = control->sockFuncs.select(sockArr,2,1))) 
+    {
+		if (selSock == ctrlsock) {
+			CMT_ProcessEvent(control);
+		} else {
+	        nbytes = control->sockFuncs.recv(sock, read_buf, sizeof(read_buf));
+		    if (nbytes == -1) {
+			    goto loser;
+			}
+			if (nbytes == 0) {
+	            break;
+		    }
+			priv->cb(priv->cb_arg, read_buf, nbytes);
+		}
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+                                                                                
+CMTStatus CMT_PKCS7DecoderFinish(PCMT_CONTROL control, CMUint32 connectionID, 
+                                 CMUint32 * resourceID)
+{
+    CMTP7Private *priv;
+    long nbytes;
+    char buf[128];
+    CMTSocket sock, ctrlsock, selSock, sockArr[2];
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    ctrlsock = control->sock;
+    /* drain socket before we close it */
+    control->sockFuncs.shutdown(sock);
+    sockArr[0] = sock;
+    sockArr[1] = ctrlsock;
+    /* Let's see if doing a poll first gets rid of a weird bug where we
+     * lock up the client.
+     */
+#ifndef XP_MAC
+    if (control->sockFuncs.select(sockArr,2,1) != NULL)
+#endif
+	{
+        while (1) {
+            selSock = control->sockFuncs.select(sockArr,2,0);
+            if (selSock == ctrlsock) {
+                CMT_ProcessEvent(control);
+            } else if (selSock == sock) {
+                nbytes = control->sockFuncs.recv(sock, buf, sizeof(buf));
+                if (nbytes < 0) {
+                    goto loser;
+                } else if (nbytes == 0) {
+                    break;
+                }
+                priv->cb(priv->cb_arg, buf, nbytes);
+            }
+        }
+    }
+    
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Get the PKCS7 content info */
+    if (CMT_GetRIDAttribute(control, connectionID, SSM_FID_P7CONN_CONTENT_INFO,
+                            resourceID) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+    if (control) {
+        CMT_CloseDataConnection(control, connectionID);
+    }
+    
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7DestroyContentInfo(PCMT_CONTROL control, CMUint32 resourceID)
+{
+    if (!control) {
+        goto loser;
+    }
+
+    /* Delete the resource */
+    if (CMT_DestroyResource(control, resourceID, SSM_FID_P7CONN_CONTENT_INFO) == CMTFailure) {
+        goto loser;
+    }
+    return CMTSuccess;
+
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7VerifyDetachedSignature(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 certUsage, CMUint32 hashAlgID, CMUint32 keepCerts, CMTItem* digest, CMInt32 * result)
+{
+    CMTItem message;
+    VerifyDetachedSigRequest request;
+    SingleNumMessage reply;
+
+    /* Do some parameter checking */
+    if (!control || !digest || !result) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.pkcs7ContentID = resourceID;
+    request.certUsage = certUsage;
+    request.hashAlgID = hashAlgID;
+    request.keepCert = (CMBool) keepCerts;
+    request.hash = *digest;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(VerifyDetachedSigRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_VERIFY_DETACHED_SIG;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING |SSM_VERIFY_DETACHED_SIG)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *result = reply.value;
+    return CMTSuccess;
+loser:
+	*result = reply.value;
+	return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7VerifySignature(PCMT_CONTROL control, CMUint32 pubKeyAlgID,
+                                   CMTItem *pubKeyParams, CMTItem *signerPubKey,
+                                   CMTItem *computedHash, CMTItem *signature,
+                                   CMInt32 *result)
+{
+	return CMTFailure;
+}
+
+CMTStatus CMT_CreateSigned(PCMT_CONTROL control, CMUint32 scertRID,
+                           CMUint32 ecertRID, CMUint32 dig_alg,
+                           CMTItem *digest, CMUint32 *ciRID, CMInt32 *errCode)
+{
+    CMTItem message;
+    CreateSignedRequest request;
+    CreateContentInfoReply reply;
+
+    /* Do some parameter checking */
+    if (!control || !scertRID || !ecertRID || !digest || !ciRID) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.scertRID = scertRID;
+    request.ecertRID = ecertRID;
+    request.dig_alg = dig_alg;
+    request.digest = *digest;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CreateSignedRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_SIGNED;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_SIGNED)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *ciRID = reply.ciRID;
+    if (reply.result == 0) {
+		return CMTSuccess;
+	} 
+
+loser:
+    if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) == CMTSuccess) {
+        *errCode = reply.errorCode;
+    } else {
+        *errCode = 0;
+    }
+	return CMTFailure;
+}
+
+CMTStatus CMT_CreateEncrypted(PCMT_CONTROL control, CMUint32 scertRID,
+                              CMUint32 *rcertRIDs, CMUint32 *ciRID)
+{
+    CMTItem message;
+    CMInt32 nrcerts;
+    CreateEncryptedRequest request;
+    CreateContentInfoReply reply;
+
+    /* Do some parameter checking */
+    if (!control || !scertRID || !rcertRIDs || !ciRID) {
+        goto loser;
+    }
+
+    /* Calculate the number of certs */
+    for (nrcerts =0; rcertRIDs[nrcerts] != 0; nrcerts++) {
+        /* Nothing */
+        ;
+    }
+
+    /* Set up the request */
+    request.scertRID = scertRID;
+    request.nrcerts = nrcerts;
+    request.rcertRIDs = (long *) rcertRIDs;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CreateEncryptedRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_ENCRYPTED;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message response type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_ENCRYPTED)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *ciRID = reply.ciRID;
+    if (reply.result == 0) {
+		return CMTSuccess;
+	} 
+loser:
+	return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7EncoderStart(PCMT_CONTROL control, CMUint32 ciRID,
+                                CMUint32 *connectionID, CMTP7ContentCallback cb,
+                                void *cb_arg)
+{
+    CMTItem message;
+    CMTStatus rv;
+    CMTP7Private *priv;
+    PKCS7DataConnectionRequest request;
+    DataConnectionReply reply;
+
+    /* Check passed in parameters */
+    if (!control || !ciRID) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = ciRID;
+    request.clientContext.len = 0;
+    request.clientContext.data = NULL;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(PKCS7DataConnectionRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7ENCODE_STREAM;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7ENCODE_STREAM)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        CMTSocket sock;
+
+        priv = (CMTP7Private *)malloc(sizeof(CMTP7Private));
+        if (priv == NULL)
+            goto loser;
+        priv->priv.dest = (CMTReclaimFunc) free;
+        priv->cb = cb;
+        priv->cb_arg = cb_arg;
+
+        sock = control->sockFuncs.socket(0);
+        if (sock == NULL) {
+            goto loser;
+        }
+        if (control->sockFuncs.connect(sock, (short)reply.port, 
+                                       NULL) != CMTSuccess) {
+            goto loser;
+        }
+        if (control->sockFuncs.send(sock, control->nonce.data, 
+                                   control->nonce.len) != control->nonce.len) {
+            goto loser;
+        }
+        /* Save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID)
+            != CMTSuccess) {
+            goto loser;
+        }
+        *connectionID = reply.connID;
+
+        rv = CMT_SetPrivate(control, reply.connID, &priv->priv);
+        if (rv != CMTSuccess)
+            goto loser;
+        return CMTSuccess;
+    } 
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7EncoderUpdate(PCMT_CONTROL control, CMUint32 connectionID,
+                                 const char *buf, CMUint32 len)
+{
+    CMUint32 sent;
+    CMTP7Private *priv;
+    unsigned long nbytes;
+    char read_buf[128];
+    CMTSocket sock, ctrlsock, sockArr[2], selSock;
+
+    /* Do some parameter checking */
+    if (!control || !connectionID || !buf) {
+        goto loser;
+    }
+
+    /* Get the data socket */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    /* Write the data to the socket */
+    sent = CMT_WriteThisMany(control, sock, (void*)buf, len);
+    if (sent != len) {
+        goto loser;
+    }
+	ctrlsock = control->sock;
+	sockArr[0] = ctrlsock;
+	sockArr[1] = sock;
+    while ((selSock = control->sockFuncs.select(sockArr, 2, 1)) != NULL) 
+    {
+		if (selSock == ctrlsock) {
+			CMT_ProcessEvent(control);
+		} else {
+	        nbytes = control->sockFuncs.recv(sock, read_buf, sizeof(read_buf));
+		    if (nbytes == -1) {
+			    goto loser;
+			} else if (nbytes == 0) {
+	            break;
+		    } else {
+			    priv->cb(priv->cb_arg, read_buf, nbytes);
+			}
+		}
+    }
+    return CMTSuccess;
+
+loser:
+
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7EncoderFinish(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    CMTP7Private *priv;
+    unsigned long nbytes;
+    char buf[128];
+    CMTSocket sock, ctrlsock, sockArr[2], selSock;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    ctrlsock = control->sock;
+    sockArr[0] = ctrlsock;
+    sockArr[1] = sock;
+    control->sockFuncs.shutdown(sock);
+    while (1) {
+        selSock = control->sockFuncs.select(sockArr, 2, 0);
+        if (selSock == ctrlsock) {
+            CMT_ProcessEvent(control);
+        } else if (selSock == sock) {
+            nbytes = control->sockFuncs.recv(sock, buf, sizeof(buf));
+            if (nbytes < 0) {
+                goto loser;
+            } else if (nbytes == 0) {
+                break;
+            } else {
+                priv->cb(priv->cb_arg, buf, nbytes);
+            }
+        }
+    }
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+    if (control) {
+        CMT_CloseDataConnection(control, connectionID);
+    }
+    
+    return CMTFailure;
+}

mozilla/security/psm/lib/client/cmtres.c

@@ -0,0 +1,479 @@
+/* -*- mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifdef XP_UNIX
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#else
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include <string.h>
+
+CMTStatus CMT_GetNumericAttribute(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 fieldID, CMInt32 *value)
+{
+    CMTItem message;
+    GetAttribRequest request;
+    GetAttribReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(GetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_NUMERIC_ATTRIBUTE;
+
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_NUMERIC_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(GetAttribReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *value = reply.value.u.numeric;
+
+    /* Success */
+    if (reply.result == 0) {
+        return CMTSuccess;
+    } 
+
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_SetNumericAttribute(PCMT_CONTROL control, CMUint32 resourceID,
+				  CMUint32 fieldID, CMInt32 value)
+{
+    CMTItem message;
+    SetAttribRequest request;
+
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+    request.value.type = SSM_NUMERIC_ATTRIBUTE;
+    request.value.u.numeric = value;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(SetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+                   SSM_SET_ATTRIBUTE | SSM_NUMERIC_ATTRIBUTE;
+
+    if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | 
+                              SSM_SET_ATTRIBUTE    | SSM_NUMERIC_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_PadStringValue(CMTItem *dest, CMTItem src)
+{
+    dest->data = NewArray(unsigned char, src.len+1);
+    if (dest->data == NULL) {
+        return CMTFailure;
+    }
+    memcpy(dest->data, src.data, src.len);
+    dest->data[src.len] = '\0';
+    dest->len = src.len;
+    free(src.data);
+    return CMTSuccess;
+}
+
+CMTStatus CMT_GetStringAttribute(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 fieldID, CMTItem *value)
+{
+    CMTItem message;
+    GetAttribRequest request;
+    GetAttribReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(GetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_STRING_ATTRIBUTE;
+    
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_STRING_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    /* Decode the response */
+    if (CMT_DecodeMessage(GetAttribReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        return CMT_PadStringValue(value, reply.value.u.string);
+    } 
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_SetStringAttribute(PCMT_CONTROL control, CMUint32 resourceID,
+		       CMUint32 fieldID, CMTItem *value)
+{
+    CMTItem message;
+    SetAttribRequest request;
+    
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+    request.value.type = SSM_STRING_ATTRIBUTE;
+    request.value.u.string = *value;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+                   SSM_SET_ATTRIBUTE | SSM_STRING_ATTRIBUTE;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message request type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | 
+                         SSM_SET_ATTRIBUTE    | SSM_STRING_ATTRIBUTE)) {
+        goto loser;
+    }
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_DuplicateResource(PCMT_CONTROL control, CMUint32 resourceID,
+				CMUint32 *newResID)
+{
+    CMTItem message;
+    SingleNumMessage request;
+    DupResourceReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.value = resourceID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_DUPLICATE_RESOURCE;
+
+    /* Send the mesage */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_DUPLICATE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DupResourceReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *newResID = reply.resID;
+        return CMTSuccess;
+    } 
+
+loser:
+    *newResID = 0;
+    return CMTFailure;
+}
+
+CMTStatus CMT_DestroyResource(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 resourceType)
+{
+    CMTItem message;
+    DestroyResourceRequest request;
+    SingleNumMessage reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.resType = resourceType;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(DestroyResourceRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_DESTROY_RESOURCE;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_DESTROY_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.value == 0) {
+        return CMTSuccess;
+    }
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_PickleResource(PCMT_CONTROL control, CMUint32 resourceID, CMTItem * pickledResource)
+{
+    CMTItem message;
+    SingleNumMessage request;
+    PickleResourceReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.value = resourceID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_PICKLE_RESOURCE;
+
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_PICKLE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(PickleResourceReplyTemplate, &reply,&message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *pickledResource = reply.blob;
+        return CMTSuccess;
+    } 
+
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_UnpickleResource(PCMT_CONTROL control, CMUint32 resourceType, CMTItem pickledResource, CMUint32 * resourceID)
+{
+    CMTItem message;
+    UnpickleResourceRequest request;
+    UnpickleResourceReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resourceType = resourceType;
+    request.resourceData = pickledResource;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(UnpickleResourceRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_UNPICKLE_RESOURCE;
+    
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_UNPICKLE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(UnpickleResourceReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *resourceID = reply.resID;
+        return CMTSuccess;
+    } 
+
+loser:
+    *resourceID = 0;
+    return CMTFailure;
+}
+
+CMTStatus CMT_GetRIDAttribute(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 fieldID, CMUint32 *value)
+{
+    CMTItem message;
+    GetAttribRequest request;
+    GetAttribReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(GetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_RID_ATTRIBUTE;
+
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message response type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_RID_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(GetAttribReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *value = reply.value.u.rid;
+        return CMTSuccess;
+    } 
+loser:
+    return CMTFailure;
+}
+ 

mozilla/security/psm/lib/client/cmtrng.c

@@ -0,0 +1,270 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  cmtrng.c -- Support for PSM random number generator and the seeding
+              thereof with data from the client.
+
+  Created by mwelch 1999 Oct 21
+ */
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+#include <string.h>
+
+CMTStatus
+CMT_EnsureInitializedRNGBuf(PCMT_CONTROL control)
+{
+    if (control->rng.outBuf == NULL)
+    {
+        control->rng.outBuf = (char *) calloc(RNG_OUT_BUFFER_LEN, sizeof(char));
+        if (control->rng.outBuf == NULL)
+            goto loser;
+
+        control->rng.validOutBytes = 0;
+        control->rng.out_cur = control->rng.outBuf;
+        control->rng.out_end = control->rng.out_cur + RNG_OUT_BUFFER_LEN;
+        
+        control->rng.inBuf = (char *) calloc(RNG_IN_BUFFER_LEN, sizeof(char));
+        if (control->rng.outBuf == NULL)
+            goto loser;
+    }
+
+    return CMTSuccess;
+
+ loser:
+    if (control->rng.outBuf != NULL)
+    {
+        free(control->rng.outBuf);
+        control->rng.outBuf = NULL;
+    }
+    if (control->rng.inBuf != NULL)
+    {
+        free(control->rng.inBuf);
+        control->rng.inBuf = NULL;
+    }
+
+    return CMTFailure;
+}
+
+
+size_t 
+CMT_RequestPSMRandomData(PCMT_CONTROL control, 
+                         void *buf, CMUint32 maxbytes)
+{
+    SingleNumMessage req;
+    SingleItemMessage reply;
+    CMTItem message;
+    size_t rv = 0;
+    
+    /* Parameter checking */
+    if (!control || !buf || (maxbytes == 0))
+        goto loser;
+
+    /* Initialization. */
+    memset(&reply, 0, sizeof(SingleItemMessage));
+
+    /* Ask PSM for the data. */
+    req.value = maxbytes;
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &req) != CMTSuccess)
+        goto loser;
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_MISC_ACTION | SSM_MISC_GET_RNG_DATA;
+    
+    /* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure)
+        goto loser;
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_MISC_ACTION | SSM_MISC_GET_RNG_DATA))
+        goto loser;
+
+    /* Decode message */
+    if (CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message) != CMTSuccess)
+        goto loser;
+
+    /* Success - fill the return buf with what we got */
+    if (reply.item.len > maxbytes)
+        reply.item.len = maxbytes;
+
+    memcpy(buf, reply.item.data, reply.item.len);
+    rv = reply.item.len;
+
+ loser:
+    if (reply.item.data)
+        free(reply.item.data);
+    if (message.data)
+        free(message.data);
+
+    return rv;
+}
+
+size_t 
+CMT_GenerateRandomBytes(PCMT_CONTROL control, 
+                        void *buf, CMUint32 maxbytes)
+{
+    CMUint32 remaining = maxbytes;
+    CMT_RNGState *rng = &(control->rng);
+    char *walk = (char *) buf;
+
+    /* Is there already enough in the incoming cache? */
+    while(remaining > rng->validInBytes)
+    {
+        /* Get what we have on hand. */
+        memcpy(walk, rng->in_cur, rng->validInBytes);
+        walk += rng->validInBytes;
+        remaining -= rng->validInBytes;
+
+        /* Request a buffer from PSM. */
+        rng->validInBytes = CMT_RequestPSMRandomData(control, 
+                                                     rng->inBuf, 
+                                                     RNG_IN_BUFFER_LEN);
+        if (rng->validInBytes == 0)
+            return (maxbytes - remaining); /* call failed */
+        rng->in_cur = rng->inBuf;
+    }
+    if (remaining > 0)
+    {
+        memcpy(walk, rng->in_cur, remaining);
+        rng->in_cur += remaining;
+        rng->validInBytes -= remaining;
+    }
+    return maxbytes;
+}
+
+void
+cmt_rng_xor(void *dstBuf, void *srcBuf, int len)
+{
+    unsigned char *s = (unsigned char*) srcBuf;
+    unsigned char *d = (unsigned char*) dstBuf;
+    unsigned char tmp;
+    int i;
+
+    for(i=0; i<len; i++, s++, d++)
+    {
+        tmp = *d;
+        /* I wish C had circular shift operators. So do others on the team. */
+        tmp = ((tmp << 1) | (tmp >> 7));
+        *d = tmp ^ *s;
+    }
+}
+
+CMTStatus 
+CMT_RandomUpdate(PCMT_CONTROL control, void *data, size_t numbytes)
+{
+    size_t dataLeft = numbytes, cacheLeft;
+    char *walk = (char *) data;
+
+    if (CMT_EnsureInitializedRNGBuf(control) != CMTSuccess)
+        goto loser;
+
+    /* If we have more than what the buffer can handle, wrap around. */
+    cacheLeft = (control->rng.out_end - control->rng.out_cur);
+    while (dataLeft >= cacheLeft)
+    {
+        cmt_rng_xor(control->rng.out_cur, walk, cacheLeft);
+        walk += cacheLeft;
+        dataLeft -= cacheLeft;
+
+        control->rng.out_cur = control->rng.outBuf;
+
+        /* Max out used space */
+        control->rng.validOutBytes = cacheLeft = RNG_OUT_BUFFER_LEN;
+    }
+
+    /* 
+       We now have less seed data available than we do space in the buf.
+       Write what we have and update validOutBytes if we're not looping already.
+     */
+    cmt_rng_xor(control->rng.out_cur, walk, dataLeft);
+    control->rng.out_cur += dataLeft;
+    if (control->rng.validOutBytes < RNG_OUT_BUFFER_LEN)
+        control->rng.validOutBytes += dataLeft;
+
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+size_t
+CMT_GetNoise(PCMT_CONTROL control, void *buf, CMUint32 maxbytes)
+{
+    /* ### mwelch - GetNoise and GenerateRandomBytes can be the 
+       same function now, because presumably the RNG is being 
+       seeded with environmental noise on the PSM end before we 
+       make any of these requests */
+    return CMT_GenerateRandomBytes(control, buf, maxbytes);
+}
+
+CMTStatus 
+CMT_FlushPendingRandomData(PCMT_CONTROL control)
+{
+    CMTItem message;
+
+    memset(&message, 0, sizeof(CMTItem));
+
+    if (CMT_EnsureInitializedRNGBuf(control) != CMTSuccess)
+        return CMTFailure; /* couldn't initialize RNG buffer */
+
+    if (control->rng.validOutBytes == 0)
+        return CMTSuccess; /* no random data available == we're flushed */
+
+    /* We have random data available. Send this to PSM.
+       We're sending an event, so no reply is needed. */
+    message.type = SSM_EVENT_MESSAGE 
+        | SSM_MISC_ACTION 
+        | SSM_MISC_PUT_RNG_DATA;
+    message.len = control->rng.validOutBytes;
+    message.data = (unsigned char *) calloc(message.len, sizeof(char));
+    if (!message.data)
+        goto loser;
+    memcpy(message.data, control->rng.outBuf, message.len);
+
+    if (CMT_TransmitMessage(control, &message) == CMTFailure)
+        goto loser;
+
+    /* Clear the RNG ring buffer, we've used that data */
+    control->rng.out_cur = control->rng.outBuf;
+    control->rng.validOutBytes = 0;
+    /* zero the buffer, because we XOR in new data */
+    memset(control->rng.outBuf, 0, RNG_OUT_BUFFER_LEN);
+
+    goto done;
+ loser:
+    if (message.data)
+        free(message.data);
+    return CMTFailure;
+ done:
+    return CMTSuccess;
+}

mozilla/security/psm/lib/client/cmtsdr.c

@@ -0,0 +1,186 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  cmtsdr.c -- Support for the Secret Decoder Ring, which provides
+      encryption and decryption using stored keys.
+
+  Created by thayes 18 April 2000
+ */
+#include "stddef.h"
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "protocolshr.h"
+#include "rsrcids.h"
+#include <string.h>
+
+#undef PROCESS_LOCALLY
+
+/* Encryption result - contains the key id and the resulting data */
+/* An empty key id indicates that NO encryption was performed */
+typedef struct EncryptionResult
+{
+  CMTItem keyid;
+  CMTItem data;
+} EncryptionResult;
+
+/* Constants for testing */
+static const char *kPrefix = "Encrypted:";
+
+static CMTItem
+CMT_CopyDataToItem(const unsigned char *data, CMUint32 len)
+{
+  CMTItem item;
+
+  item.data = calloc(len, 1);
+  item.len = len;
+  memcpy(item.data, data, len);
+
+  return item;
+}
+
+static CMTStatus
+tmp_SendMessage(PCMT_CONTROL control, CMTItem *message)
+{
+#ifndef PROCESS_LOCALLY
+  return CMT_SendMessage(control, message);
+#else
+  if (message->type == SSM_SDR_ENCRYPT_REQUEST) 
+    return CMT_DoEncryptionRequest(message);
+  else if (message->type == SSM_SDR_DECRYPT_REQUEST)
+    return CMT_DoDecryptionRequest(message);
+
+  return CMTFailure;
+#endif
+}
+/* End test code */
+
+CMTStatus
+CMT_SDREncrypt(PCMT_CONTROL control, const unsigned char *key, CMUint32 keyLen,
+               const unsigned char *data, CMUint32 dataLen,
+               unsigned char **result, CMUint32 *resultLen)
+{
+  CMTStatus rv = CMTSuccess;
+  CMTItem message;
+  EncryptRequestMessage request;
+  SingleItemMessage reply;
+
+  /* Fill in the request */
+  request.keyid = CMT_CopyDataToItem(key, keyLen);
+  request.data = CMT_CopyDataToItem(data, dataLen);
+
+  reply.item.data = 0;
+  reply.item.len = 0;
+  message.data = 0;
+  message.len = 0;
+
+  /* Encode */
+  rv = CMT_EncodeMessage(EncryptRequestTemplate, &message, &request);
+  if (rv != CMTSuccess) {
+    goto loser;
+  }
+
+  message.type = SSM_SDR_ENCRYPT_REQUEST;
+
+  /* Send */
+  /* if (CMT_SendMessage(control, &message) != CMTSuccess) goto loser; */
+  rv = tmp_SendMessage(control, &message);
+  if (rv != CMTSuccess) goto loser;
+
+  if (message.type != SSM_SDR_ENCRYPT_REPLY) { rv = CMTFailure; goto loser; }
+
+  rv = CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message);
+  if (rv != CMTSuccess)
+    goto loser;
+
+  *result = reply.item.data;
+  *resultLen = reply.item.len;
+
+  reply.item.data = 0;
+
+loser:
+  if (message.data) free(message.data);
+  if (request.keyid.data) free(request.keyid.data);
+  if (request.data.data) free(request.data.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv; /* need return value */
+}
+
+CMTStatus
+CMT_SDRDecrypt(PCMT_CONTROL control, const unsigned char *data, CMUint32 dataLen,
+               unsigned char **result, CMUint32 *resultLen)
+{
+  CMTStatus rv;
+  CMTItem message;
+  SingleItemMessage request;
+  SingleItemMessage reply;
+
+  /* Fill in the request */
+  request.item = CMT_CopyDataToItem(data, dataLen);
+  reply.item.data = 0;
+  reply.item.len = 0;
+  message.data = 0;
+  message.len = 0;
+
+  /* Encode */
+  rv = CMT_EncodeMessage(SingleItemMessageTemplate, &message, &request);
+  if (rv != CMTSuccess) {
+    goto loser;
+  }
+
+  message.type = SSM_SDR_DECRYPT_REQUEST;
+
+  /* Send */
+  /* if (CMT_SendMessage(control, &message) != CMTSuccess) goto loser; */
+  rv = tmp_SendMessage(control, &message);
+  if (rv != CMTSuccess) goto loser;
+
+  if (message.type != SSM_SDR_DECRYPT_REPLY) { rv = CMTFailure; goto loser; }
+
+  rv = CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message);
+  if (rv != CMTSuccess)
+    goto loser;
+
+  *result = reply.item.data;
+  *resultLen = reply.item.len;
+
+  reply.item.data = 0;
+
+loser:
+  if (message.data) free(message.data);
+  if (request.item.data) free(request.item.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv; /* need return value */
+}

mozilla/security/psm/lib/client/cmtssl.c

@@ -0,0 +1,467 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifdef XP_UNIX
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#else /* windows */
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+
+
+
+CMTStatus CMT_OpenSSLConnection(PCMT_CONTROL control, CMTSocket sock,
+                                SSMSSLConnectionRequestType flags, 
+                                CMUint32 port, char * hostIP, 
+                                char * hostName, CMBool forceHandshake, void* clientContext)
+{
+	CMTItem message;
+    SSLDataConnectionRequest request;
+    DataConnectionReply reply;
+    CMUint32 sent;
+	
+	/* Do some parameter checking */
+	if (!control || !hostIP || !hostName) {
+		goto loser;
+	}
+
+    request.flags = flags;
+    request.port = port;
+    request.hostIP = hostIP;
+    request.hostName = hostName;
+    request.forceHandshake = forceHandshake;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+
+    /* Encode message */
+    if (CMT_EncodeMessage(SSLDataConnectionRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_SSL_CONNECTION;
+    
+	/* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_SSL_CONNECTION)) {
+        goto loser;
+    }
+
+    /* Decode message */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+	/* Success */
+	if (reply.result == 0) {
+	  if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+	  }
+	  sent = CMT_WriteThisMany(control, sock, control->nonce.data, 
+                               control->nonce.len);
+	  if (sent != control->nonce.len) {
+            goto loser;
+	  }
+	  
+	  /* Save connection info */
+	  if (CMT_AddDataConnection(control, sock, reply.connID)
+	      != CMTSuccess) {
+	    goto loser;
+	  }
+
+	  return CMTSuccess;
+	} 
+	
+loser:
+	return CMTFailure;
+}
+
+CMTStatus CMT_GetSSLDataErrorCode(PCMT_CONTROL control, CMTSocket sock,
+                                  CMInt32* errorCode)
+{
+    CMUint32 connID;
+
+    if (!control || !errorCode) {
+        goto loser;
+    }
+
+    /* get the data connection */
+    if (CMT_GetDataConnectionID(control, sock, &connID) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* get the PR error */
+    if (CMT_GetNumericAttribute(control, connID, SSM_FID_SSLDATA_ERROR_VALUE,
+                                errorCode) != CMTSuccess) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_ReleaseSSLSocketStatus(PCMT_CONTROL control, CMTSocket sock)
+{
+    CMUint32 connectionID;
+
+    if (!control || !sock) {
+        goto loser;
+    }
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+        goto loser;
+    }
+    if (CMT_SetNumericAttribute(control, connectionID, 
+                                SSM_FID_SSLDATA_DISCARD_SOCKET_STATUS,
+                                0) != CMTSuccess) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_GetSSLSocketStatus(PCMT_CONTROL control, CMTSocket sock, 
+                                 CMTItem* pickledStatus, CMInt32* level)
+{
+    CMUint32 connectionID;
+    SingleNumMessage request;
+    CMTItem message;
+    PickleSecurityStatusReply reply;
+
+    if (!control || !pickledStatus || !level) {
+        goto loser;
+    }
+
+	/* get the data connection */
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+		goto loser;
+	}
+
+    /* set up the request */
+    request.value = connectionID;
+
+    /* encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+        SSM_CONSERVE_RESOURCE | SSM_PICKLE_SECURITY_STATUS;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION |
+                         SSM_CONSERVE_RESOURCE | SSM_PICKLE_SECURITY_STATUS)) {
+        goto loser;
+    }
+
+    /* decode the reply */
+    if (CMT_DecodeMessage(PickleSecurityStatusReplyTemplate, &reply, &message)
+        != CMTSuccess) {
+        goto loser;
+    }
+
+    /* success */
+    if (reply.result == 0) {
+        *pickledStatus = reply.blob;
+        *level = reply.securityLevel;
+        return CMTSuccess;
+    }
+
+loser:
+    return CMTFailure;
+}
+
+
+CMTStatus CMT_OpenTLSConnection(PCMT_CONTROL control, CMTSocket sock,
+                                CMUint32 port, char* hostIP, char* hostName)
+{
+    TLSDataConnectionRequest request;
+    CMTItem message;
+    DataConnectionReply reply;
+    CMUint32 sent;
+
+    /* do some parameter checking */
+    if (!control || !hostIP || !hostName) {
+        goto loser;
+    }
+
+    request.port = port;
+    request.hostIP = hostIP;
+    request.hostName = hostName;
+
+    /* encode the message */
+    if (CMT_EncodeMessage(TLSDataConnectionRequestTemplate, &message, &request)
+        != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | 
+        SSM_TLS_CONNECTION;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | 
+                         SSM_TLS_CONNECTION)) {
+        goto loser;
+    }
+
+    /* decode the message */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* success */
+    if (reply.result == 0) {
+        if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+        }
+        sent = CMT_WriteThisMany(control, sock, control->nonce.data, 
+                                 control->nonce.len);
+        if (sent != control->nonce.len) {
+            goto loser;
+        }
+
+        /* save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID) != CMTSuccess) {
+            goto loser;
+        }
+
+        return CMTSuccess;
+    }
+loser:
+    return CMTFailure;
+}
+
+
+CMTStatus CMT_TLSStepUp(PCMT_CONTROL control, CMTSocket sock, 
+                        void* clientContext)
+{
+    TLSStepUpRequest request;
+    SingleNumMessage reply;
+    CMTItem message;
+    CMUint32 connectionID;
+
+    /* check arguments */
+    if (!control || !sock) {
+        goto loser;
+    }
+
+    /* get the data connection ID */
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set up the request */
+    request.connID = connectionID;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+
+    /* encode the request */
+    if (CMT_EncodeMessage(TLSStepUpRequestTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_TLS_STEPUP;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION |
+                         SSM_TLS_STEPUP)) {
+        goto loser;
+    }
+
+    /* decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    return (CMTStatus) reply.value;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_OpenSSLProxyConnection(PCMT_CONTROL control, CMTSocket sock,
+                                     CMUint32 port, char* hostIP, 
+                                     char* hostName)
+{
+    TLSDataConnectionRequest request;
+    CMTItem message;
+    DataConnectionReply reply;
+    CMUint32 sent;
+
+    /* do some parameter checking */
+    if (!control || !hostIP || !hostName) {
+        goto loser;
+    }
+
+    request.port = port;
+    request.hostIP = hostIP;
+    request.hostName = hostName;
+
+    /* encode the message */
+    if (CMT_EncodeMessage(TLSDataConnectionRequestTemplate, &message, &request)
+        != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | 
+        SSM_PROXY_CONNECTION;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | 
+                         SSM_PROXY_CONNECTION)) {
+        goto loser;
+    }
+
+    /* decode the message */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* success */
+    if (reply.result == 0) {
+        if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+        }
+        sent = CMT_WriteThisMany(control, sock, control->nonce.data, 
+                                 control->nonce.len);
+        if (sent != control->nonce.len) {
+            goto loser;
+        }
+
+        /* save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID) != CMTSuccess) {
+            goto loser;
+        }
+
+        return CMTSuccess;
+    }
+loser:
+    return CMTFailure;
+}
+
+
+CMTStatus CMT_ProxyStepUp(PCMT_CONTROL control, CMTSocket sock, 
+                        void* clientContext, char* remoteUrl)
+{
+    ProxyStepUpRequest request;
+    SingleNumMessage reply;
+    CMTItem message;
+    CMUint32 connectionID;
+
+    /* check arguments */
+    if (!control || !sock || !remoteUrl) {
+        goto loser;
+    }
+
+    /* get the data connection ID */
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set up the request */
+    request.connID = connectionID;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+    request.url = remoteUrl;
+
+    /* encode the request */
+    if (CMT_EncodeMessage(ProxyStepUpRequestTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+        SSM_PROXY_STEPUP;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION |
+                         SSM_PROXY_STEPUP)) {
+        goto loser;
+    }
+
+    /* decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    return (CMTStatus) reply.value;
+loser:
+    return CMTFailure;
+}

mozilla/security/psm/lib/client/cmtutils.c

@@ -0,0 +1,636 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifdef XP_UNIX
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#else /* Windows */
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "newproto.h"
+#include <string.h>
+
+/* Local defines */
+#if 0
+#define PSM_WAIT_BEFORE_SLEEP           (CM_TicksPerSecond() * 60)
+#define PSM_SPINTIME                    PSM_WAIT_BEFORE_SLEEP
+#define PSM_KEEP_CONNECTION_ALIVE       (PSM_WAIT_BEFORE_SLEEP * 900)
+#endif
+
+/* If you want to dump the messages sent between the plug-in and the PSM 
+ * server, then remove the comment for the appropriate define.
+ */
+#if 0
+#define PRINT_SEND_MESSAGES
+#define PRINT_RECEIVE_MESSAGES
+#endif
+
+#ifdef PRINT_SEND_MESSAGES
+#ifndef DEBUG_MESSAGES
+#define DEBUG_MESSAGES
+#endif /*DEBUG_MESSAGES*/
+#endif /*PRINT_SEND_MESSAGES*/
+
+#ifdef PRINT_RECEIVE_MESSAGES
+#ifndef DEBUG_MESSAGES
+#define DEBUG_MESSAGES
+#endif /*DEBUG_MESSAGES*/
+#endif /*PRINT_RECEIVE_MESSAGES*/
+
+#ifdef DEBUG_MESSAGES
+#define LOG(x) do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, x); fclose(f); } } while(0);
+#define LOG_S(x) do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, "%s", x); fclose(f); } } while(0);
+#define ASSERT(x) if (!(x)) { LOG("ASSERT:"); LOG(#x); LOG("\n"); exit(-1); }
+#else
+#define LOG(x)
+#define LOG_S(x)
+#define ASSERT(x)
+#endif
+
+CMUint32
+cmt_Strlen(char *str)
+{
+    CMUint32 len = strlen(str);
+    return sizeof(CMInt32) + (((len + 3)/4)*4);
+}
+
+CMUint32
+cmt_Bloblen(CMTItem *blob)
+{
+    return sizeof(CMInt32) + (((blob->len +3)/4)*4);
+}
+
+char *
+cmt_PackString(char *buf, char *str)
+{
+    CMUint32 len = strlen(str);
+    CMUint32 networkLen = htonl(len);
+    CMUint32 padlen = ((len + 3)/4)*4;
+
+    memcpy(buf, &networkLen, sizeof(CMUint32));
+    memcpy(buf + sizeof(CMUint32), str, len);
+    memset(buf + sizeof(CMUint32) + len, 0, padlen - len);
+
+    return buf+sizeof(CMUint32)+padlen;
+}
+
+char *
+cmt_PackBlob(char *buf, CMTItem *blob)
+{
+    CMUint32 len = blob->len;
+    CMUint32 networkLen = htonl(len);
+    CMUint32 padlen = (((blob->len + 3)/4)*4);
+
+    *((CMUint32*)buf) = networkLen;
+    memcpy(buf + sizeof(CMUint32), blob->data, len);
+    memset(buf + sizeof(CMUint32) + len, 0, padlen - len);
+
+    return buf + sizeof(CMUint32) + padlen;
+}
+
+char *
+cmt_UnpackString(char *buf, char **str)
+{
+    char *p = NULL;
+    CMUint32 len, padlen;
+
+    /* Get the string length */
+    len = ntohl(*(CMUint32*)buf);
+
+    /* Get the padded length */
+    padlen = ((len + 3)/4)*4;
+
+    /* Allocate the string and copy the data */
+    p = (char *) malloc(len + 1);
+    if (!p) {
+        goto loser;
+    }
+    /* Copy the data and NULL terminate */
+    memcpy(p, buf+sizeof(CMUint32), len);
+    p[len] = 0;
+
+    *str = p;
+    return buf+sizeof(CMUint32)+padlen;
+loser:
+    *str = NULL;
+    if (p) {
+        free(p);
+    }
+    return buf+sizeof(CMUint32)+padlen;
+}
+
+char *
+cmt_UnpackBlob(char *buf, CMTItem **blob)
+{
+    CMTItem *p = NULL;
+    CMUint32 len, padlen;
+
+    /* Get the blob length */
+    len = ntohl(*(CMUint32*)buf);
+    
+    /* Get the padded length */
+    padlen = ((len + 3)/4)*4;
+
+    /* Allocate the CMTItem for the blob */
+    p = (CMTItem*)malloc(sizeof(CMTItem));
+    if (!p) {
+        goto loser;
+    }
+    p->len = len;
+    p->data = (unsigned char *) malloc(len);
+    if (!p->data) {
+        goto loser;
+    }
+
+    /* Copy that data across */
+    memcpy(p->data, buf+sizeof(CMUint32), len);
+    *blob = p;
+
+    return buf+sizeof(CMUint32)+padlen;
+
+loser:
+    *blob = NULL;
+    CMT_FreeMessage(p);
+
+    return buf+sizeof(CMUint32)+padlen;
+}
+
+#ifdef DEBUG_MESSAGES
+void prettyPrintMessage(CMTItem *msg)
+{
+  int numLines = ((msg->len+7)/8);
+  char curBuffer[9], *cursor, string[2], hexVal[8];
+  char hexArray[25];
+  int i, j, numToCopy;
+
+  /*Try printing out 8 bytes at a time. */
+  LOG("\n**********************************************************\n");
+  LOG("About to pretty Print Message\n\n");
+  curBuffer[9] = '\0';
+  hexArray[24] = '\0';
+  hexVal[2] = '\0';
+  string[1] = '\0';
+  LOG("Header Info\n");
+  LOG("Message Type: ");
+  sprintf(hexArray, "%lx\n", msg->type);
+  LOG(hexArray);
+  LOG("Message Length: ");
+  sprintf (hexArray, "%ld\n\n", msg->len);
+  LOG(hexArray);
+  LOG("Body of Message\n");
+  for (i=0, cursor=msg->data; i<numLines; i++, cursor+=8) {
+    /* First copy over the buffer to our local array */
+    numToCopy = ((msg->len - (unsigned int)((unsigned long)cursor-(unsigned long)msg->data)) < 8) ?
+                msg->len - (unsigned int)((unsigned long)cursor-(unsigned long)msg->data) : 8;
+    memcpy(curBuffer, cursor, 8);
+    for (j=0;j<numToCopy;j++) {
+      string[0] = curBuffer[j];
+      if (isprint(curBuffer[j])) {
+	string[0] = curBuffer[j];
+      } else {
+	string[0] = ' ';
+      }
+      LOG(string);
+    }
+    string[0] = ' ';
+    for (;j<8;j++) {
+      LOG(string);
+    }
+    LOG("\t");
+    for (j=0; j<numToCopy; j++) {
+      sprintf (hexVal,"%.2x", 0x0ff & (unsigned short)curBuffer[j]);
+      LOG(hexVal);
+      LOG(" ");
+    }
+    LOG("\n");
+  }
+  LOG("Done Pretty Printing Message\n");
+  LOG("**********************************************************\n\n");
+}
+#endif
+
+CMTStatus CMT_SendMessage(PCMT_CONTROL control, CMTItem* message)
+{
+	CMTStatus status;
+    CMUint32 msgCategory;
+    CMBool done = CM_FALSE;
+#ifdef PRINT_SEND_MESSAGES
+    LOG("About to print message sent to PSM\n");
+    prettyPrintMessage(message);
+#endif
+
+    /* Acquire lock on the control connection */
+    CMT_LOCK(control->mutex);
+
+    /* Try to send pending random data */
+    if (message->type != (SSM_REQUEST_MESSAGE | SSM_HELLO_MESSAGE))
+    {
+        /* If we've already said hello, then flush random data
+           just before sending the request. */
+        status = CMT_FlushPendingRandomData(control);
+        if (status != CMTSuccess)
+            goto loser;
+    }
+    
+	status = CMT_TransmitMessage(control, message);
+	if (status != CMTSuccess) {
+		goto loser;
+	}
+
+    /* We have to deal with other types of data on the socket and */
+    /* handle them accordingly */
+    while (!done) {
+    	status = CMT_ReceiveMessage(control, message);
+        if (status != CMTSuccess) {
+            goto loser;
+        }
+        msgCategory = (message->type & SSM_CATEGORY_MASK);
+        switch (msgCategory) {
+            case SSM_REPLY_OK_MESSAGE:
+                done = CM_TRUE;
+                break;
+            case SSM_REPLY_ERR_MESSAGE:
+                done = CM_TRUE;
+                break;
+            case SSM_EVENT_MESSAGE:
+                CMT_DispatchEvent(control, message);
+                break;
+            /* XXX FIX THIS!!! For the moment I'm ignoring all other types */
+            default:
+                break;
+        }
+    }
+
+    /* Release the control connection lock */
+    CMT_UNLOCK(control->mutex);
+	return CMTSuccess;
+loser:
+    /* Release the control connection lock */
+    CMT_UNLOCK(control->mutex);
+	return CMTFailure;
+}
+
+CMTStatus CMT_TransmitMessage(PCMT_CONTROL control, CMTItem * message)
+{
+    CMTMessageHeader header;
+	CMUint32 sent, rv;
+
+    /* Set up the message header */
+    header.type = htonl(message->type);
+    header.len = htonl(message->len);
+
+	/* Send the message header */
+	sent = CMT_WriteThisMany(control, control->sock, 
+                             (void *)&header, sizeof(CMTMessageHeader));
+	if (sent != sizeof(CMTMessageHeader)) {
+		goto loser;
+	}
+
+	/* Send the message body */
+	sent = CMT_WriteThisMany(control, control->sock, (void *)message->data, 
+                             message->len);
+	if (sent != message->len) {
+		goto loser;
+	}
+
+    /* Free the buffer */
+    free(message->data);
+    message->data = NULL;
+	return CMTSuccess;
+
+loser:
+	return CMTFailure;
+}
+
+CMTStatus CMT_ReceiveMessage(PCMT_CONTROL control, CMTItem * response)
+{
+    CMTMessageHeader header;
+    CMUint32 numread, rv;
+
+    /* Get the obscured message header */
+    numread = CMT_ReadThisMany(control, control->sock, 
+                            (void *)&header, sizeof(CMTMessageHeader));
+    if (numread != sizeof(CMTMessageHeader)) {
+        goto loser;
+    }
+
+    response->type = ntohl(header.type);
+    response->len = ntohl(header.len);
+    response->data = (unsigned char *) malloc(response->len);
+    if (response->data == NULL) {
+        goto loser;
+    }
+
+    numread = CMT_ReadThisMany(control, control->sock, 
+                            (void *)(response->data), response->len); 
+    if (numread != response->len) {
+        goto loser;
+    }
+
+#ifdef PRINT_RECEIVE_MESSAGES
+    LOG("About to print message received from PSM.\n");
+    prettyPrintMessage(response);
+#endif /*PRINT_RECEIVE_MESSAGES*/
+    return CMTSuccess;
+loser:
+    if (response->data) {
+        free(response->data);
+    }
+    return CMTFailure;
+}
+
+CMUint32 CMT_ReadThisMany(PCMT_CONTROL control, CMTSocket sock, 
+                          void * buffer, CMUint32 thisMany)
+{
+	CMUint32 total = 0;
+  
+	while (total < thisMany) {
+		int got;
+		got = control->sockFuncs.recv(sock, (void*)((char*)buffer + total),
+                                      thisMany-total);
+		if (got < 0 ) {
+			break;
+		} 
+		total += got;
+	} 
+	return total;
+}
+ 
+CMUint32 CMT_WriteThisMany(PCMT_CONTROL control, CMTSocket sock, 
+                           void * buffer, CMUint32 thisMany)
+{
+	CMUint32 total = 0;
+  
+	while (total < thisMany) {
+		CMInt32 got;
+		got = control->sockFuncs.send(sock, (void*)((char*)buffer+total), 
+                                      thisMany-total);
+		if (got < 0) {
+			break;
+		}
+		total += got;
+	}
+	return total;
+}
+
+CMTItem* CMT_ConstructMessage(CMUint32 type, CMUint32 length)
+{
+    CMTItem * p;
+
+    p = (CMTItem*)malloc(sizeof(CMTItem));
+    if (!p) {
+	goto loser;
+    }
+
+    p->type = type;
+    p->len = length;
+    p->data = (unsigned char *) malloc(length);
+    if (!p->data) {
+	goto loser;
+    }
+    return p;
+
+loser:
+    CMT_FreeMessage(p);
+    return NULL;
+}
+
+void CMT_FreeMessage(CMTItem * p)
+{
+    if (p != NULL) {
+	if (p->data != NULL) {
+	    free(p->data);
+	}
+	free(p);
+    }
+}
+
+CMTStatus CMT_AddDataConnection(PCMT_CONTROL control, CMTSocket sock, 
+                                CMUint32 connectionID)
+{
+	PCMT_DATA ptr;
+
+	/* This is the first connection */
+	if (control->cmtDataConnections == NULL) {
+		control->cmtDataConnections = ptr = 
+            (PCMT_DATA)calloc(sizeof(CMT_DATA), 1);
+		if (!ptr) {
+			goto loser;
+		}
+	} else {
+	    /* Position at the last entry */
+	    for (ptr = control->cmtDataConnections; (ptr != NULL && ptr->next 
+                                                 != NULL); ptr = ptr->next);
+		ptr->next = (PCMT_DATA)calloc(sizeof(CMT_DATA), 1);
+		if (!ptr->next) {
+			goto loser;
+		} 
+		/* Fix up the pointers */
+		ptr->next->previous = ptr;
+		ptr = ptr->next;
+	}
+
+	/* Fill in the data */
+	ptr->sock = sock;
+	ptr->connectionID = connectionID;
+
+	return CMTSuccess;
+loser:
+	return CMTFailure;
+}
+
+int
+CMT_DestroyDataConnection(PCMT_CONTROL control, CMTSocket sock)
+{
+    PCMT_DATA ptr, pptr = NULL;
+    int rv=CMTSuccess;
+
+    control->sockFuncs.close(sock);
+    for (ptr = control->cmtDataConnections; ptr != NULL;
+	 pptr = ptr, ptr = ptr->next) {
+	if (ptr->sock == sock) {
+	    if (pptr == NULL) {
+		/* node is at head */
+		control->cmtDataConnections = ptr->next;
+		if (ptr->priv != NULL)
+		    ptr->priv->dest(ptr->priv);
+		free(ptr);
+		return rv;
+	    }
+	    /* node is elsewhere */
+	    pptr->next = ptr->next;
+	    if (ptr->priv != NULL)
+	        ptr->priv->dest(ptr->priv);
+	    free(ptr);
+	    return rv;
+	}
+    }
+    return rv;
+}
+
+CMTStatus CMT_CloseDataConnection(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    /* PCMT_DATA ptr, pptr = NULL; */
+    CMTSocket sock;
+    /* int rv;*/
+
+    /* Get the socket for this connection */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Free data connection associated with this socket */
+    if (CMT_DestroyDataConnection(control, sock) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_GetDataConnectionID(PCMT_CONTROL control, CMTSocket sock, CMUint32 * connectionID)
+{
+	PCMT_DATA ptr;
+
+	for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+		if (ptr->sock == sock) {
+			*connectionID = ptr->connectionID;
+			return CMTSuccess;
+		}
+	}
+
+	return CMTFailure;
+}
+
+CMTStatus CMT_GetDataSocket(PCMT_CONTROL control, CMUint32 connectionID, CMTSocket * sock)
+{
+	PCMT_DATA ptr;
+
+	for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+		if (ptr->connectionID == connectionID) {
+			*sock = ptr->sock;
+			return CMTSuccess;
+		}
+	}
+
+	return CMTFailure;
+}
+
+
+CMTStatus CMT_SetPrivate(PCMT_CONTROL control, CMUint32 connectionID,
+			 CMTPrivate *cmtpriv)
+{
+  PCMT_DATA ptr;
+
+  for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+    if (ptr->connectionID == connectionID) {
+      ptr->priv = cmtpriv;
+      return CMTSuccess;
+    }
+  }
+  return CMTFailure;
+}
+
+CMTPrivate *CMT_GetPrivate(PCMT_CONTROL control, CMUint32 connectionID)
+{
+  PCMT_DATA ptr;
+
+  for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+    if (ptr->connectionID == connectionID) {
+      return ptr->priv;
+    }
+  }
+  return NULL;
+}
+
+void CMT_FreeItem(CMTItem *p)
+{
+  CMT_FreeMessage(p);
+}
+
+CMTItem CMT_CopyPtrToItem(void* p)
+{
+    CMTItem value = {0, NULL, 0};
+
+    if (!p) {
+        return value;
+    }
+
+    value.len = sizeof(p);
+    value.data = (unsigned char *) malloc(value.len);
+    memcpy(value.data, &p, value.len);
+
+    return value;
+}
+
+void * CMT_CopyItemToPtr(CMTItem value)
+{
+    void * p = NULL;
+
+    if (value.len == sizeof(void*)) {
+        memcpy(&p, value.data, value.len);
+    }
+
+    return p;
+}
+
+CMTStatus CMT_ReferenceControlConnection(PCMT_CONTROL control)
+{
+    CMT_LOCK(control->mutex);
+    control->refCount++;
+    CMT_UNLOCK(control->mutex);
+    return CMTSuccess;
+}
+
+void
+CMT_LockConnection(PCMT_CONTROL control)
+{
+    CMT_LOCK(control->mutex);
+}
+
+void
+CMT_UnlockConnection(PCMT_CONTROL control)
+{
+    CMT_UNLOCK(control->mutex);
+}

mozilla/security/psm/lib/client/cmtutils.h

@@ -0,0 +1,75 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __CMTUTILS_H__
+#define __CMTUTILS_H__
+
+#include "cmtcmn.h"
+
+#define New(type) (type*)malloc(sizeof(type))
+#define NewArray(type, size) (type*)malloc(sizeof(type)*(size))
+
+PCMT_EVENT CMT_GetEventHandler(PCMT_CONTROL control, CMUint32 type,
+                               CMUint32 resourceID);
+
+CMUint32 cmt_Strlen(char *str);
+char *cmt_PackString(char *buf, char *str);
+char *cmt_UnpackString(char *buf, char **str);
+
+CMUint32 cmt_Bloblen(CMTItem* len);
+char *cmt_PackBlob(char *buf, CMTItem * blob);
+char *cmt_UnpackBlob(char *buf, CMTItem **blob);
+
+CMTStatus CMT_SendMessage(PCMT_CONTROL control, CMTItem* message);
+CMTStatus CMT_TransmitMessage(PCMT_CONTROL control, CMTItem * message);
+CMTStatus CMT_ReceiveMessage(PCMT_CONTROL control, CMTItem * response);
+CMUint32 CMT_ReadThisMany(PCMT_CONTROL control, CMTSocket sock, 
+			  void * buffer, CMUint32 thisMany);
+CMUint32 CMT_WriteThisMany(PCMT_CONTROL control, CMTSocket sock, 
+			   void * buffer, CMUint32 thisMany);
+CMTItem* CMT_ConstructMessage(CMUint32 type, CMUint32 length);
+void CMT_FreeMessage(CMTItem * p);
+CMTStatus CMT_AddDataConnection(PCMT_CONTROL control, CMTSocket sock, CMUint32 connectionID);
+CMTStatus CMT_GetDataConnectionID(PCMT_CONTROL control, CMTSocket sock, CMUint32 * connectionID);
+CMTStatus CMT_GetDataSocket(PCMT_CONTROL control, CMUint32 connectionID, CMTSocket * sock);
+CMTStatus CMT_CloseDataConnection(PCMT_CONTROL control, CMUint32 connectionID);
+CMTStatus CMT_SetPrivate(PCMT_CONTROL control, CMUint32 connectionID,
+			 CMTPrivate *cmtpriv);
+CMTPrivate *CMT_GetPrivate(PCMT_CONTROL control, CMUint32 connectionID);
+void CMT_ServicePasswordRequest(PCMT_CONTROL cm_control, CMTItem * requestData);
+void CMT_ProcessEvent(PCMT_CONTROL cm_control);
+void CMT_DispatchEvent(PCMT_CONTROL cm_control, CMTItem * eventData);
+CMTItem CMT_CopyPtrToItem(void* p);
+void * CMT_CopyItemToPtr(CMTItem value);
+
+#endif /* __CMTUTILS_H__ */
+

mozilla/security/psm/lib/client/config.mk

@@ -0,0 +1,44 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+PROGRAM        =
+

mozilla/security/psm/lib/client/makefile.win

@@ -0,0 +1,125 @@
+#// 
+#// The contents of this file are subject to the Mozilla Public
+#// License Version 1.1 (the "License"); you may not use this file
+#// except in compliance with the License. You may obtain a copy of
+#// the License at http://www.mozilla.org/MPL/
+#// 
+#// Software distributed under the License is distributed on an "AS
+#// IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+#// implied. See the License for the specific language governing
+#// rights and limitations under the License.
+#// 
+#// The Original Code is the Netscape security libraries.
+#// 
+#// The Initial Developer of the Original Code is Netscape
+#// Communications Corporation.  Portions created by Netscape are 
+#// Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+#// Rights Reserved.
+#// 
+#// Contributor(s):
+#// 
+#// Alternatively, the contents of this file may be used under the
+#// terms of the GNU General Public License Version 2 or later (the
+#// "GPL"), in which case the provisions of the GPL are applicable 
+#// instead of those above.  If you wish to allow use of your 
+#// version of this file only under the terms of the GPL and not to
+#// allow others to use your version of this file under the MPL,
+#// indicate your decision by deleting the provisions above and
+#// replace them with the notice and other provisions required by
+#// the GPL.  If you do not delete the provisions above, a recipient
+#// may use your version of this file under either the MPL or the
+#// GPL.
+#// 
+IGNORE_MANIFEST=1
+#//------------------------------------------------------------------------
+#//
+#// Makefile to build the ssl library
+#//
+#//------------------------------------------------------------------------
+
+!if "$(MOZ_BITS)" == "16"
+!ifndef MOZ_DEBUG
+OPTIMIZER=-Os -UDEBUG -DNDEBUG
+!endif
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Specify the depth of the current directory relative to the
+#// root of NS
+#//
+#//------------------------------------------------------------------------
+DEPTH= ..\..\..\..
+
+!ifndef MAKE_OBJ_TYPE
+MAKE_OBJ_TYPE=EXE
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Make Variables here: (ie. PDFFILE, MAPFILE, ...)
+#//
+#//------------------------------------------------------------------------
+LIBNAME=cmt
+PDBFILE=$(LIBNAME).pdb
+
+LINCS = -I$(PUBLIC)\security \
+	-I$(PUBLIC)\nspr \
+        -I$(DEPTH)\include \
+	-I..\include
+
+!ifndef OS_CONFIG
+OS_CONFIG = WIN$(MOZ_BITS)
+!endif
+
+LCFLAGS = -DEXPORT_VERSION -DLIB_BUILD
+
+#//------------------------------------------------------------------------
+#// 
+#// Define the files necessary to build the target (ie. OBJS)
+#//
+#//------------------------------------------------------------------------
+OBJS=                         \
+    .\$(OBJDIR)\cmtinit.obj  \
+    .\$(OBJDIR)\cmtssl.obj   \
+    .\$(OBJDIR)\cmtutils.obj  \
+    .\$(OBJDIR)\cmtpkcs7.obj \
+    .\$(OBJDIR)\cmthash.obj \
+    .\$(OBJDIR)\cmtcert.obj \
+    .\$(OBJDIR)\cmtres.obj \
+    .\$(OBJDIR)\cmtjs.obj \
+    .\$(OBJDIR)\cmtevent.obj \
+    .\$(OBJDIR)\cmtpasswd.obj \
+    .\$(OBJDIR)\cmtadvisor.obj \
+    .\$(OBJDIR)\cmtrng.obj \
+	.\$(OBJDIR)\cmtsdr.obj \
+    $(NULL)
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Targets here (ie. PROGRAM, LIBRARY, DLL, ...)
+#// (these must be defined before the common makefiles are included)
+#//
+#//------------------------------------------------------------------------
+LIBRARY=.\$(OBJDIR)\$(LIBNAME).lib
+
+#//------------------------------------------------------------------------
+#//
+#// install headers
+#//
+#//------------------------------------------------------------------------
+INSTALL_DIR=$(PUBLIC)\security
+INSTALL_FILE_LIST=cmtcmn.h cmtjs.h cmtclist.h
+
+#//------------------------------------------------------------------------
+#//
+#// Include the common makefile rules
+#//
+#//------------------------------------------------------------------------
+include <$(DEPTH)/config/rules.mak>
+
+install:: $(LIBRARY)
+    $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib
+
+export:: INSTALL_FILES
+

mozilla/security/psm/lib/client/manifest.mn

@@ -0,0 +1,63 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+CORE_DEPTH = ../../../..
+DEPTH = ../../../..
+
+EXPORTS = \
+	cmtcmn.h \
+	cmtjs.h  \
+	cmtclist.h \
+	$(NULL)
+
+MODULE = security
+
+CSRCS = cmtinit.c  \
+	cmtssl.c   \
+	cmtutils.c \
+	cmtcert.c  \
+	cmthash.c  \
+	cmtpkcs7.c \
+	cmtres.c   \
+	cmtjs.c    \
+	cmtevent.c \
+        cmtpasswd.c \
+	cmtadvisor.c \
+	cmtrng.c \
+	$(NULL)
+
+REQUIRES = nspr security
+
+LIBRARY_NAME = cmt
+
+INCLUDES += -I$(CORE_DEPTH)/include

mozilla/security/psm/lib/client/sample/Makefile

@@ -0,0 +1,128 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+ifneq ($(OS_ARCH), WINNT)
+ifeq ($(OS_ARCH), Linux)
+# On linux, we link with libstdc++
+CPLUSPLUSRUNTIME = -L /usr/lib -lstdc++ -lm
+else
+# libC, presumably, is what we must link with elsewhere
+CPLUSPLUSRUNTIME = -lC -lm
+endif
+endif
+
+ifeq ($(OS_ARCH), SunOS)
+ifeq ($(OS_RELEASE), 5.5.1)
+OS_LIBS += -ldl -lsocket -lnsl -lthread -lposix4
+endif
+ifeq ($(OS_RELEASE), 5.6)
+OS_LIBS += -ldl -lsocket -lnsl -lthread -lposix4
+endif
+endif
+
+ifeq ($(OS_ARCH), Linux)
+ifdef USE_PTHREADS
+# Replace OS_LIBS, because the order of libpthread, libdl, and libc are
+# very important. Otherwise you get horrible crashes.
+OS_LIBS = -lpthread -ldl -lc
+endif
+endif
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+ifeq ($(OS_ARCH), WINNT)
+LDFLAGS += /NODEFAULTLIB:library
+endif
+
+EXTRA_LIBS = \
+	$(DIST)/lib/$(LIB_PREFIX)cmt.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)protocol.$(LIB_SUFFIX) \
+	$(NULL)
+
+ifeq ($(OS_ARCH), WINNT)
+EXTRA_LIBS += 	wsock32.lib \
+		winmm.lib \
+		$(NULL)
+endif
+
+link:
+	if test -f $(PROGRAM); then	\
+		echo "rm $(PROGRAM)";	\
+		rm $(PROGRAM);		\
+	fi;				\
+	gmake				\
+
+build_sample:
+ifneq ($(OS_ARCH),WINNT)
+	cd $(CORE_DEPTH)/coreconf; gmake
+endif
+	cd $(CORE_DEPTH)/security; gmake import; gmake export
+	cd ../../protocol; gmake
+	cd ..; gmake
+	gmake
+

mozilla/security/psm/lib/client/sample/appsock.c

@@ -0,0 +1,250 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "appsock.h"
+
+#ifdef XP_UNIX
+#include <netinet/tcp.h>
+#include <errno.h>
+#endif
+
+CMT_SocketFuncs socketFuncs = {
+    APP_GetSocket,
+    APP_Connect,
+    APP_VerifyUnixSocket,
+    APP_Send,
+    APP_Select,
+    APP_Receive,
+    APP_Shutdown,
+    APP_Close
+};
+
+CMTSocket APP_GetSocket(int unixSock)
+{
+    APPSocket *sock;
+    int on = 1;
+
+#ifndef XP_UNIX
+    if (unixSock) {
+        return NULL;
+    }
+#endif
+
+    sock = malloc(sizeof(APPSocket));
+    if (sock == NULL) {
+        return NULL;
+    }
+    if (unixSock) {
+        sock->sock = socket(AF_UNIX, SOCK_STREAM, 0);
+    } else {
+        sock->sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    }
+    if (sock->sock < 0) {
+        free(sock);
+        return NULL;
+    }
+    if (!unixSock && 
+        setsockopt(sock->sock, IPPROTO_TCP, TCP_NODELAY, (const char*)&on,
+                   sizeof(on))) {
+        free(sock);
+        return NULL;
+    }
+
+    sock->isUnix = unixSock;
+#ifdef XP_UNIX
+    memset (&sock->servAddr, 0, sizeof(struct sockaddr_un));
+#endif
+    return (CMTSocket)sock;
+}
+
+CMTStatus APP_Connect(CMTSocket sock, short port, char *path)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+    struct sockaddr_in iServAddr;
+    const struct sockaddr *servAddr;
+    size_t addrLen;
+    int error;
+
+    if (cmSock->isUnix){
+#ifndef XP_UNIX
+        return CMTFailure;
+#else
+        cmSock->servAddr.sun_family = AF_UNIX;
+	memcpy(&cmSock->servAddr.sun_path, path, strlen(path)+1);
+        servAddr = (const struct sockaddr*)&cmSock->servAddr;
+        addrLen = sizeof(cmSock->servAddr);
+#endif
+    } else {
+        iServAddr.sin_family = AF_INET;
+        iServAddr.sin_port = htons(port);
+        iServAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+        servAddr = (const struct sockaddr*)&iServAddr;
+        addrLen = sizeof(struct sockaddr_in);
+    }
+    while (connect(cmSock->sock, servAddr, addrLen) != 0) {
+#ifdef WIN32
+        error = WSAGetLastError();
+        if (error == WSAEISCONN) {
+            break;
+        }
+        if ((error != WSAEINPROGRESS) && (error != WSAEWOULDBLOCK) && 
+            (error!= WSAEINVAL)) {
+            goto loser;
+        }
+#else
+        error = errno;
+        if (error == EISCONN) {
+            break;
+        }
+        if (error != EINPROGRESS) {
+            goto loser;
+        }
+#endif
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus APP_VerifyUnixSocket(CMTSocket sock)
+{
+#ifndef XP_UNIX
+    return CMTFailure;
+#else
+    APPSocket *cmSock = (APPSocket*)sock;
+    int rv;
+    struct stat statbuf;
+
+    if (!cmSock->isUnix) {
+        return CMTFailure;
+    }
+    rv = stat(cmSock->servAddr.sun_path, &statbuf);
+    if (rv < 0) {
+        goto loser;
+    }
+    if (statbuf.st_uid != geteuid()) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    close(cmSock->sock);
+    free(cmSock);
+    return CMTFailure;
+#endif
+}
+
+size_t APP_Send(CMTSocket sock, void *buffer, size_t length)
+{
+    APPSocket *cmSock = (APPSocket*) sock;
+
+    return send(cmSock->sock, buffer, length, 0);
+}
+
+CMTSocket APP_Select(CMTSocket *socks, int numsocks, int poll)
+{
+    APPSocket **sockArr = (APPSocket**)socks;
+    SOCKET nsocks = 0;
+    int i, rv;
+    struct timeval timeout;
+    fd_set readfds;
+
+#ifdef WIN32
+win_startover:
+#endif
+    FD_ZERO(&readfds);
+    for (i=0; i<numsocks; i++) {
+        FD_SET(sockArr[i]->sock, &readfds);
+        if (sockArr[i]->sock > nsocks) {
+            nsocks = sockArr[i]->sock;
+        }
+    }
+    if (poll) {
+        timeout.tv_sec = 0;
+        timeout.tv_usec = 0;
+    }
+    rv = select(nsocks+1, &readfds, NULL, NULL, (poll) ? &timeout : NULL);
+
+#ifdef WIN32
+    /* XXX Win95/98 Bug (Q177346)
+     *     select() with no timeout might return even if there is no data
+     *     pending or no error has occurred.  To get around this problem,
+     *     we loop if these erroneous conditions happen.
+     */
+    if (poll == 0 && rv == 0) {
+        goto win_startover;
+    }
+#endif
+
+    /* Figure out which socket was selected */
+    if (rv == -1 || rv == 0) {
+        goto loser;
+    }
+    for (i=0; i<numsocks; i++) {
+        if (FD_ISSET(sockArr[i]->sock, &readfds)) {
+            return (CMTSocket)sockArr[i];
+        }
+    }
+ loser:
+    return NULL;
+}
+
+size_t APP_Receive(CMTSocket sock, void *buffer, size_t bufSize)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+
+    return recv(cmSock->sock, buffer, bufSize, 0);
+}
+
+CMTStatus APP_Shutdown(CMTSocket sock)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+    int rv;
+
+    rv = shutdown(cmSock->sock, 1);
+    return (rv == 0) ? CMTSuccess : CMTFailure;
+}
+
+CMTStatus APP_Close(CMTSocket sock)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+    int rv;
+
+#ifdef XP_UNIX
+    rv = close(cmSock->sock);
+#else
+    rv = closesocket(cmSock->sock);
+#endif
+    free(cmSock);
+    return (rv == 0) ? CMTSuccess : CMTFailure;
+}

mozilla/security/psm/lib/client/sample/appsock.h

@@ -0,0 +1,69 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef _APPSOCK_H_
+#define _APPSOCK_H_
+#include "cmtcmn.h"
+
+#ifdef XP_UNIX
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+
+typedef int SOCKET;
+#endif
+
+typedef struct APPSocketStr {
+    SOCKET sock;
+    int    isUnix;
+#ifdef XP_UNIX
+    struct sockaddr_un servAddr;
+#endif 
+} APPSocket; 
+
+extern CMT_SocketFuncs socketFuncs;
+
+CMTStatus APP_Close(CMTSocket sock);
+CMTStatus APP_Shutdown(CMTSocket sock);
+size_t APP_Receive(CMTSocket sock, void *buffer, size_t bufSize);
+CMTSocket APP_Select(CMTSocket *socks, int numsocks, int poll);
+size_t APP_Send(CMTSocket sock, void *buffer, size_t length);
+CMTStatus APP_VerifyUnixSocket(CMTSocket sock);
+CMTStatus APP_Connect(CMTSocket sock, short port, char *path);
+CMTSocket APP_GetSocket(int unixSock);
+
+
+#endif /* _APPSOCK_H_ */

mozilla/security/psm/lib/client/sample/config.mk

@@ -0,0 +1,44 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(PROGRAM)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+LIBRARY        =
+