This commit was manufactured by cvs2svn to create branch

'SECURITY_MAC_M17_BRANCH'.

git-svn-id: svn://10.0.0.236/branches/SECURITY_MAC_M17_BRANCH@73394 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/security/psm/Makefile

@@ -0,0 +1,89 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+psm_RelEng_srvr_bld:
+ifeq ($(OS_ARCH), SunOS)
+ifeq ($(OS_RELEASE), 5.5.1)
+	cd ../nss; gmake import IMPORTS=nspr20/v4.0-sol251-20000504 RELEASE_TREE=/h/tortoise/export/share/builds/components
+endif
+endif
+	cd ../nss; gmake nss_RelEng_bld
+ifeq ($(OS_ARCH), WINNT)
+	gmake import IMPORTS=nlslayer/m16
+else
+	gmake import IMPORTS=nlslayer/m16 RELEASE_TREE=/h/tortoise/export/share/builds/components
+endif
+	cd ui;gmake
+	gmake
+

mozilla/security/psm/Makefile.in

@@ -0,0 +1,31 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= lib
+
+include $(topsrcdir)/config/rules.mk

mozilla/security/psm/doc/cmcjavascriptapi.html

@@ -0,0 +1,502 @@
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<head>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+   <meta name="GENERATOR" content="Mozilla/4.7 [en] (WinNT; U) [Netscape]">
+   <title>Javascript API for Client Certificate Management</title>
+</head>
+<body>
+&nbsp;
+<table WIDTH="100%" >
+<tr>
+<td>
+<h1>
+<font face="Arial,Helvetica">Personal Security Manager 1.0</font></h1>
+
+<h2>
+<font face="Arial,Helvetica">JavaScript API for Client Certificate Management</font></h2>
+</td>
+</tr>
+</table>
+Version 0.3 - 10/27/1999
+<br>Comments to: <a href="mailto:psmfeedback@netscape.com?subject=JavaScript%20API%20Feedback">psmfeedback@netscape.com</a>
+<p>This document describes a new JavaScript API for performing user certificate
+management operations within a client. The JavaScript runs in the context
+of a web page operated by a Certificate Authority (CA) or Registration
+Authority (RA). The API allows the CA or RA to instruct the client to perform
+PKI operations such as key generation, certificate request generation,
+key escrow, import of user certificates, key recovery, and revocation requests.
+<p>These properties and methods reflect behavior currently implemented
+in Personal Security Manager 1.0.
+<p>The messages imported by or generated by these JavaScript methods are
+defined in the CRMF, CMMF, and CMC internet drafts.
+<h2>
+<font face="Arial,Helvetica">Overview of New Cert Issuing Process</font></h2>
+
+<ol>
+<li>
+User fills out enrollment form</li>
+
+<li>
+User action initiates script</li>
+
+<li>
+Script calls key generation method</li>
+
+<li>
+Signing and Encryption keys are generated</li>
+
+<li>
+Encryption Private Key is wrapped with public key of Key Recovery Authority
+(KRA) (passed in in the form of a certificate as part of the script, and
+checked against a pre-installed certificate copy in the local certificate
+database)</li>
+
+<li>
+The public keys, wrapped encryption private key, and text string from the
+script (possibly containing naming or enrollment info) are signed by the
+user</li>
+
+<li>
+Signed blob is returned to the script</li>
+
+<li>
+Script submits signed blob and any other necessary info to the CA/RA</li>
+
+<li>
+CA/RA verifies signature on signed blob</li>
+
+<li>
+CA/RA validates identity of user</li>
+
+<li>
+CA/RA sends wrapped encryption private key to KRA</li>
+
+<li>
+KRA sends escrow verification back to CA</li>
+
+<li>
+CA creates and signs certificates</li>
+
+<li>
+CA sends certificates back to Communicator</li>
+</ol>
+
+<h2>
+<font face="Arial,Helvetica">JavaScript API</font></h2>
+
+<h3>
+<font face="Arial,Helvetica">Properties</font></h3>
+<tt>crypto.algorithms.dh.keySizes</tt>
+<br><tt>crypto.algorithms.dsa.keySizes</tt>
+<br><tt>crypto.algorithms.rsa.signing.keySizes</tt>
+<br><tt>crypto.algorithms.rsa.keyEx.keySizes</tt>
+<p><tt>keySizes</tt> is an an array that describes the available key sizes
+for the particular algorithms and operations.
+<p>The table below describes the key sizes that will be supported in the
+US and Export versions of Communicator.
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Algorithm</b></td>
+
+<td ALIGN=CENTER><b>US Version Key Sizes</b></td>
+
+<td ALIGN=CENTER><b>Export Version Key Sizes</b></td>
+</tr>
+
+<tr>
+<td>DSA Signing Only</td>
+
+<td>1024, 2048</td>
+
+<td>1024, 2048</td>
+</tr>
+
+<tr>
+<td>RSA Signing Only</td>
+
+<td>1024, 2048</td>
+
+<td>1024, 2048</td>
+</tr>
+
+<tr>
+<td>RSA Encryption Only</td>
+
+<td>1024, 2048</td>
+
+<td>512,1024</td>
+</tr>
+
+<tr>
+<td>RSA Dual Use Signing And Encryption</td>
+
+<td>1024, 2048</td>
+
+<td>512,1024</td>
+</tr>
+
+<tr>
+<td>DH Key Exchange</td>
+
+<td>1024, 2048</td>
+
+<td>512,1024</td>
+</tr>
+</table>
+
+<h3>
+<font face="Arial,Helvetica">Methods</font></h3>
+
+<h4>
+<font face="Arial,Helvetica">generateCRMFRequest()</font></h4>
+<tt>crmfObject = crypto.generateCRMFRequest(<i>"requestedDN", "regToken",
+"authenticator","escrowAuthorityCert", "KeyGen Done Code",keySize1, "keyParams1",
+"keyGenAlg1",..., keySizeN, "keyParamsN", "keyGenAlgN");</i></tt>
+<p>This method will generate a sequence of CRMF requests that has N requests.&nbsp;
+One request for each key pair that is generated.&nbsp; The first three
+parameters will be applied to every request.&nbsp; the "escrowAuthorityCert"
+parameter will only be used for requests that pertain to a key that is
+being escrowed.&nbsp; After the "escrowAuthorityCert" parameter, the method
+takes some JavaScript code that&nbsp; is invoked when the CRMF request
+is ready. Finally, there are 1 or more sets of key generation arguments.&nbsp;
+Each key generation will be associated with its own request.&nbsp; All
+the requests will have the same DN.
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER VALIGN=TOP><b>Argument</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td><i><tt>"requestedDN"</tt></i></td>
+
+<td>An RFC1485 formatted DN to include in the certificate request.</td>
+</tr>
+
+<tr>
+<td><i><tt>"regToken"</tt></i></td>
+
+<td>A value used to authenticate the user to the RA/CA.</td>
+</tr>
+
+<tr>
+<td><i><tt>"authenticator"</tt></i></td>
+
+<td>A value that the user can authenticate with in the future when their
+private key is not available. Can be used for key recovery or revocation
+requests.</td>
+</tr>
+
+<tr>
+<td><i><tt>"escrowAuthorityCert"</tt></i></td>
+
+<td>If this value is NULL, then no key escrow will be performed. This value
+specifies which KRA certificate should be used to wrap the private key
+being escrowed. The user will be prompted for confirmation whenever a key
+will be escrowed.&nbsp; Only key exchange keys will be escrowed. If a dual
+use key is being generated, it will not be escrowed.&nbsp; The value of
+this argument is a base-64 encoded certificate.</td>
+</tr>
+
+<tr>
+<td><i><tt>"CRMF Generation Done Code"</tt></i></td>
+
+<td>This parameter is JavaScript to execute when the CRMF generation is
+complete.&nbsp;</td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>keySizeN</tt></i></td>
+
+<td>The size in bits of the Nth key to generate</td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"keyParamsN"</tt></i></td>
+
+<td>This string is an optional algorithm dependent parameter value. For
+Diffie-Hellman it is used to specify p and g parameters.&nbsp; For DSA,
+it will be used to specify pqg. If the key generation requires parameters
+and the value passed in is NULL, then the client will generate the parameters
+on its own. Currently, this value is ignored.</td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"keyGenAlgN"</tt></i></td>
+
+<td>Which algorithm the generated key will support. Acceptable values are
+(the mentioned values for keyUsage pertain to the keyUsage value of the
+Certificate Extension that will ultimately be in the issued certificate):&nbsp;
+<ul>
+<li>
+"rsa-ex" - generate an RSA key for key exchange only (This will have keyEncipherment
+set for keyUsage.)</li>
+
+<li>
+"rsa-dual-use" - generate a single RSA key for both signing and encryption.&nbsp;
+(This will have digitalSignature, keyEncipherment, and nonRepudiation set
+for keyUsage.)</li>
+
+<li>
+"rsa-sign" - generate an RSA key for signing only. (This will have digitalSignature
+set for keyUsage.)</li>
+
+<li>
+"rsa-nonrepudiation" - generate a single RSA key for nonRepudiation only.
+(This will have non-repudiation set for keyUsage.)</li>
+
+<li>
+"rsa-sign-nonrepudiation" - generate a single RSA key use for both signing
+and nonRepudiation. (This will have both digitalSignature and nonRepudiation
+set for keyUsage.)</li>
+
+<li>
+"dsa-sign" - generate a single DSA key for signing only. (This will have
+digitalSignature set for keyUsage.)</li>
+
+<li>
+"dsa-nonrepudiation" - generate a single DSA key for nonRepudiation. (This
+will have nonRepudiation set for keyUsage.)</li>
+
+<li>
+"dsa-sign-nonrepudiation" - generate a single DSA key for signing and non-repudiation.
+(This will have digitalSignature and nonRepudiation set for keyUsage.)</li>
+</ul>
+</td>
+</tr>
+</table>
+
+<p>The <b>generateCRMFRequest()</b> method will cause the user to be presented
+with a key generation dialog. The dialog describes the key generation process
+and gives the user the opportunity to cancel the operation.
+<p>The method <b>generateCRMFRequest() </b>will return an instance of a
+CRMF object. The JavaScript passed in as the <i><tt>"CRMF Generation Done
+Code"</tt></i> parameter should look at the attribute <i>request </i>of
+the returned object to get the result of the CRMF generation.
+<p>The string found by accessing <i><tt>crmfObject.request</tt></i> is
+the base-64 encoded CRMF message to be sent to the CA/RA, or an error string.
+The possible error strings are:
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Error String</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td>"error:invalidParameter:XXX"</td>
+
+<td>The parameter XXX was an invalid value.</td>
+</tr>
+
+<tr>
+<td>"error:userCancel"</td>
+
+<td>the user has canceled the key generation operation</td>
+</tr>
+
+<tr>
+<td>"error:internalError"</td>
+
+<td>the software encountered some internal error, such as out of memory</td>
+</tr>
+</table>
+
+<h4>
+<font face="Arial,Helvetica">importUserCertificates()</font></h4>
+<tt><i>resultString</i> = crypto.importUserCertificates(<i>"nicknameString"</i>,
+<i>"certString"</i>,
+<i>allowBackup</i>)</tt>
+<br>&nbsp;
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Argument</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"nicknameString"</tt></i></td>
+
+<td>This is the nickname that will be used to describe the certificate
+in the client's certificate management UI.&nbsp; It should serve to uniquely
+identify the certificate to the user. For example, "John Smith's VeriSign
+Class 3 Digital ID" or "John Smith's Ford ID Certificate". However, if
+this certificate has the same DN as one or more certificates that already
+exist in the user's certificate store, the nickname associated with the
+certificate(s) of the same DN in the certificate store is used, and the
+<tt>"nicknameString"</tt> parameter is ignored. If the string is null and
+no certificate with the same DN exists in the user's certificate store,
+Personal Security Manager uses the following pattern to derive the nickname:
+<tt>&lt;Common Name>'s &lt;Issuer Name> ID</tt>.</td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"certRepString"</tt></i></td>
+
+<td>This string is the CMMF Certification Response from the CA that contains
+the user's certificate(s). The response is base-64 encoded.</td>
+</tr>
+
+<tr>
+<td><i><tt>allowBackup</tt></i></td>
+
+<td>This is a Boolean argument. It allows the CA or RA to indicate to the
+client whether to force the user to back up a newly issued certificate
+(PKCS #12).</td>
+</tr>
+</table>
+
+<p>The <b>importUserCertificates()</b> method is used to import newly issued
+certificates for the user. The private key for the certificates must already
+reside in the user's personal private key database.
+<p>The request ID in the response being imported must match the request
+ID in the associated Certification Request or Recovery Request.
+<p>If the import operation succeeds, an empty string will be returned.&nbsp;
+If it fails, one of the following error strings will be returned:
+<br>&nbsp;
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Error String</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td>"error:userCancel"</td>
+
+<td>The user canceled the import operation</td>
+</tr>
+
+<tr>
+<td>"error:invalidCertificate"</td>
+
+<td>One of the certificate packages was incorrectly formatted</td>
+</tr>
+
+<tr>
+<td>"error:internalError"</td>
+
+<td>The software encountered some internal error, such as out of memory</td>
+</tr>
+
+<tr>
+<td>"error:invalidRequestID"</td>
+
+<td>The request ID in the response message does not match any outstanding
+request</td>
+</tr>
+</table>
+
+<h4>
+<font face="Arial,Helvetica">popChallengeResponse()</font></h4>
+<tt><i>resultString</i> = crypto.popChallengeResponse(<i>"challengeString"</i>);</tt>
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER VALIGN=TOP><b>Argument</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"challengeString"</tt></i></td>
+
+<td>A base-64 encoded CMMF POPODecKeyChallContent message. The current
+implementation does not conform to that defined in the CMMF draft, and
+we intend to change this implementation to that defined in the CMC RFC..
+See below for the current implementation.</td>
+</tr>
+</table>
+
+<p>The resultString will either be a base-64 encoded POPODecKeyRespContent
+message, or one of the following error strings:
+<br>&nbsp;
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Error String</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td>"error:invalidParameter:XXX"</td>
+
+<td>The parameter XXX was an invalid value.</td>
+</tr>
+
+<tr>
+<td>"error:internalError"</td>
+
+<td>the software encountered some internal error, such as out of memory</td>
+</tr>
+</table>
+
+<p><b>Challenge-Response Proof Of Possession</b>
+<p><tt>Expected Input:</tt>
+<p><tt>POPODecKeyChallContent ::= SEQUENCE OF Challenge</tt>
+<br><tt>&nbsp;&nbsp;&nbsp; -- One Challenge per encryption key certification
+request (in the</tt>
+<br><tt>&nbsp;&nbsp;&nbsp; -- same order as these requests appear in FullCertTemplates).</tt>
+<p><tt>Challenge ::= SEQUENCE {</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; owf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+AlgorithmIdentifier&nbsp; OPTIONAL,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- MUST be present in the first
+Challenge; MAY be omitted in any</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- subsequent Challenge in POPODecKeyChallContent
+(if omitted,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- then the owf used in the immediately
+preceding Challenge is</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- to be used).</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; witness&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+OCTET STRING,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the result of applying the one-way
+function (owf) to a</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- randomly-generated INTEGER, A.&nbsp;
+[Note that a different</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- INTEGER MUST be used for each
+Challenge.]</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sender&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+GeneralName,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the name of the sender.</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; key&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+OCTET STRING,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the public key used to encrypt
+the challenge.&nbsp; This will allow</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the client to find the appropriate
+key to do the decryption.</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; challenge&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+OCTET STRING</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the encryption (under the public
+key for which the cert.</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- request is being made) of Rand,
+where Rand is specified as</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp; Rand ::= SEQUENCE
+{</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; INTEGER,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+- the randomly-generated INTEGER A (above)</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+senderHash&nbsp; OCTET STRING</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+- the result of applying the one-way function (owf) to</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+- the sender's general name</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp; }</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the size of "int" must be small
+enough such that "Rand" can be</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- contained within a single PKCS
+#1 encryption block.</tt>
+<br><tt>&nbsp; }</tt>
+<p>&copy; Copyright 1999 Netscape Communications Corporation
+</body>
+</html>

mozilla/security/psm/doc/contents.htm

@@ -0,0 +1,171 @@
+<html><head>
+<title></title>
+
+</HEAD>
+
+
+<FONT FACE="arial, helvetica, sans-serif"  size="-1">
+<a name="TOP">
+<IMG SRC="cartbanner.gif" WIDTH="432" HEIGHT="36" HSPACE="0" VSPACE="0">
+<table bgcolor="#cccccc" width="100%">
+<tr><td><IMG SRC="w.gif" WIDTH=1 HEIGHT=3 BORDER=0></td></tr>
+</table>
+<BR><BR>
+
+
+
+<TABLE CELLPADDING=5 CELLSPACING=2 border=0>
+<TR>
+
+<TD> <a href="help.htm">Next<IMG SRC="next.gif" WIDTH=16 
+
+HEIGHT=14 ALIGN="texttop" BORDER=0></a></FONT></TD>   
+<TD BGCOLOR="#FFFFFF"><a href="contents.htm">Topics</a></FONT></TD>
+
+
+</TR>
+</TABLE>
+</TD></TR> 
+</TABLE>
+
+<BR> <BR>
+
+</a>
+</DIV>
+
+</P>
+<h1>Contents</h1>
+
+<B><a href="help.htm#1024926"> 	
+</B> </A> <p>
+<p><b>
+<a href="help.htm#1044151">
+ Introduction to Personal Security Manager 	
+</a></b><br><DD>
+
+<a href="help.htm#1044573">
+ About Personal Security Manager Help 	
+</a><br><DD>
+
+<a href="help.htm#1043598">
+ What You Can Do with Personal Security Manager 	
+</a><br><DD>
+
+<a href="help.htm#1026014">
+ Understanding Network Security 	
+</a><br>
+<p><b>
+<a href="help.htm#1045279">
+ Information Tab 	
+</a></b><br><DD>
+
+<a href="help.htm#1041627">
+ Information About Web Pages 	
+</a><br><DD>
+
+<a href="help.htm#1046060">
+ Information About Stored Email Messages 	
+</a><br><DD>
+
+<a href="help.htm#1046671">
+ Information About Email Messages You Are Composing 	
+</a><br>
+<p><b>
+<a href="help.htm#1030083">
+ Applications Tab 	
+</a></b><br><DD>
+
+<a href="help.htm#1030967">
+ Navigator 	
+</a><br><DD>
+
+<a href="help.htm#1031452">
+ Messenger 	
+</a><br><DD>
+
+<a href="help.htm#1031152">
+ Java/JavaScript 	
+</a><br>
+<p><b>
+<a href="help.htm#1030743">
+ Certificates Tab 	
+</a></b><br><DD>
+
+<a href="help.htm#1047547">
+ Certificates&#151;Mine 	
+</a><br><DD>
+
+<a href="help.htm#1031428">
+ Certificates&#151;Others 	
+</a><br><DD>
+
+<a href="help.htm#1031432">
+ Certificates&#151;Web Sites 	
+</a><br><DD>
+
+<a href="help.htm#1031434">
+ Certificates&#151;Authorities 	
+</a><br>
+<p><b>
+<a href="help.htm#1036138">
+ Advanced Tab 	
+</a></b><br><DD>
+
+<a href="help.htm#1036162">
+ Modules 	
+</a><br><DD>
+
+<a href="help.htm#1036164">
+ Options 	
+</a><br>
+<p><b>
+<a href="help.htm#1031657">
+ Other Personal Security Manager Windows 	
+</a></b><br><DD>
+
+<a href="help.htm#1055385">
+ Certificate Information 	
+</a><br><DD>
+
+<a href="help.htm#1035650">
+ Choose Security Device 	
+</a><br><DD>
+
+<a href="help.htm#1041171">
+ Enrollment Information 	
+</a><br><DD>
+
+<a href="help.htm#1055232">
+ Certificate Renewal 	
+</a><br><DD>
+
+<a href="help.htm#1041200">
+ Choosing a Certificate 	
+</a><br><DD>
+
+<a href="help.htm#1036401">
+ New Certificate Authority 	
+</a><br><DD>
+
+<a href="help.htm#1041248">
+ Web Site Certificates 	
+</a><br><DD>
+
+<a href="help.htm#1036488">
+ Request for Signature 	
+</a><br><FONT FACE="sans-Serif" SIZE=+1>&nbsp;<BR>
+<a href="glossary.htm#996904">
+Glossary 	
+</a>
+</A> </FONT>
+
+<BR><BR><BR>
+
+&copy; Copyright 2000 Netscape Communications Corporation
+</FONT> </CENTER>
+
+<BR>
+
+</BODY>
+
+</HTML>

mozilla/security/psm/doc/glossary.htm

@@ -0,0 +1,417 @@
+<html><head>
+<title></title>
+
+<script languag=javascript> 
+
+  <!-- 
+  if (typeof(crypto.disableRightClick) == "function") { 
+      crypto.disableRightClick(); 
+  } 
+  // --> 
+
+</script>
+</HEAD>
+
+<FONT FACE="arial, helvetica, sans-serif" size="-1">
+<a name="TOP">
+
+<IMG SRC="cartbanner.gif" WIDTH="432" HEIGHT="36" HSPACE="0" VSPACE="0">
+<table bgcolor="#cccccc" width="100%">
+<tr><td><IMG SRC="w.gif" WIDTH=1 HEIGHT=3 BORDER=0></td></tr>
+</table>
+
+<BR><BR>
+<TABLE CELLPADDING=5 CELLSPACING=2 border=0>
+<TR><TD BGCOLOR="#FFFFFF"><a href="help.htm"><IMG SRC="prev.gif" WIDTH=16 
+
+HEIGHT=14 ALIGN="texttop" BORDER=0>Previous</a>
+  </TD>
+
+ 
+<TD BGCOLOR="#FFFFFF"><a href="contents.htm">Topics</a></TD>
+
+
+</TR>
+</TABLE>
+
+<BR> <BR>
+
+</a>
+</DIV>
+
+</P>
+<h1><A NAME="
+"></A><A NAME="996904">
+Glossary 
+</A></h1><dl>
+<A NAME="authentication"></A><A NAME="998782">
+<B>authentication.</B>&nbsp;
+</A><A NAME="1013907">
+Assurance that a party to a computerized transaction is not an impostor. Authentication typically involves the use of a password, certificate, personal identification number (PIN), or other information that can be used to validate identity over a computer network. See also <a href="glossary.htm#1014123">password-based authentication</a>, <a href="glossary.htm#1018581">certificate-based authentication</a>, <a href="glossary.htm#1021054">client authentication</a>, <a href="glossary.htm#1031070">server authentication</a>.<P>
+</A>
+<A NAME="CA"></A><A NAME="1021395">
+<B>CA.</B>&nbsp;
+</A><A NAME="1021418">
+See <a href="glossary.htm#1020903"></a><a href="glossary.htm#1020903">certificate authority (CA)</a>.<P>
+</A>
+<A NAME="CA certificate"></A><A NAME="1017503">
+<B>CA certificate.</B>&nbsp;
+</A><A NAME="1017507">
+A certificate that identifies a certificate authority. See also <a href="glossary.htm#1020903">certificate authority (CA)</a>, <a href="glossary.htm#999541">subordinate CA</a>, <a href="glossary.htm#1015631">root CA</a>.<P>
+</A>
+<A NAME="certificate"></A><A NAME="1018895">
+<B>certificate.</B>&nbsp;
+</A><A NAME="1018896">
+The digital equivalent of an ID card. A certificate specifies the name of an individual, company, or other entity and certifies that a public key, which is included in the certificate, belongs to that entity. When you digitally sign a message or other data, the digital signature for that message is created with the aid of the private key that corresponds to the public key in your certificate. A certificate is issued and digitally signed by a <a href="glossary.htm#1020903">certificate authority (CA)</a>. A certificate's validity can be verified by checking the CA's <a href="glossary.htm#1013995">digital signature</a>. Also called digital ID, digital passport, public-key certificate X.509 certificate, and security certificate. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="certificate authority (CA)"></A><A NAME="1020903">
+<B>certificate authority (CA).</B>&nbsp;
+</A><A NAME="1020904">
+A service that issues a certificate after verifying the identity of the person or entity the certificate is intended to identify. A CA also renews and revokes certificates and generates a list of revoked certificates at regular intervals. CAs can be independent vendors (such as the CAs listed at <a href= "https://certs.netscape.com/client.html" TARGET="_blank">Certificate Authority Services</a>) or a person or organization using certificate-issuing server software (such as Netscape Certificate Management System). See also <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1019940">certificate revocation list (CRL)</a>.<P>
+</A>
+<A NAME="certificate-based authentication"></A><A NAME="1018581">
+<B>certificate-based authentication.</B>&nbsp;
+</A><A NAME="1018582">
+Verification of identity based on certificates and public-key cryptography. See also <a href="glossary.htm#1014123">password-based authentication</a>.<P>
+</A>
+<A NAME="certificate chain"></A><A NAME="1018500">
+<B>certificate chain.</B>&nbsp;
+</A><A NAME="1019929">
+A hierarchical series of certificates signed by successive certificate authorities. A CA certificate identifies a <a href="glossary.htm#1020903">certificate authority (CA)</a> and is used to sign certificates issued by that authority. A CA certificate can in turn be signed by the CA certificate of a parent CA and so on up to a <a href="glossary.htm#1015631">root CA</a>. <P>
+</A>
+<A NAME="certificate fingerprint"></A><A NAME="1020297">
+<B>certificate fingerprint.</B>&nbsp;
+</A><A NAME="1020326">
+A unique number associated with a certificate. The number is not part of the certificate itself but is produced by applying a mathematical function to the contents of the certificate. If the contents of the certificate change, even by a single character, the function produces a different number. Certificate fingerprints can therefore be used to verify that certificates have not been tampered with.<P>
+</A>
+<A NAME="certificate renewal"></A><A NAME="1031319">
+<B>certificate renewal.</B>&nbsp;
+</A><A NAME="1031323">
+The process of renewing a <a href="glossary.htm#1018895">certificate</a> that is about to expire.<P>
+</A>
+<A NAME="certificate revocation list (CRL)"></A><A NAME="1019940">
+<B>certificate revocation list (CRL).</B>&nbsp;
+</A><A NAME="1021047">
+A list of revoked certificates that is generated and signed by a <a href="glossary.htm#1020903">certificate authority (CA)</a>. You can download the latest CRL to your browser or to a server, then check against it to make sure that certificates are still valid before permitting their use for authentication. <P>
+</A>
+<A NAME="certificate store"></A><A NAME="1023462">
+<B>certificate store.</B>&nbsp;
+</A><A NAME="1032978">
+The collection of certificates, or electronic IDs, maintained by Personal Security Manager on your behalf. These include your own certificates stored on one or more security devices, other people's certificates, web site certificates, and <a href="glossary.htm#1020903"></a>CA certificates. See also <a href="glossary.htm#1020903">certificate authority (CA)</a>, <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1028962">security device</a>.<P>
+</A>
+<A NAME="certificate verification"></A><A NAME="1025527">
+<B>certificate verification.</B>&nbsp;
+</A><A NAME="1025531">
+When Personal Security Manager verifies a certificate, it confirms that the digital signature was created by a CA whose own CA certificate is both present in the certificate store and marked as trusted for issuing that kind of certificate. It also confirms that the certificate being verified has not been marked as untrusted in the certificate store. Finally, if the <a href="glossary.htm#1029304">Online Certificate Status Protocol (OCSP)</a> has been activated (from the Options panel under the Advanced tab), Personal Security Manager also performs an on-line check. It does so by looking up the certificate in a list of valid certificates maintained at a URL that is specified either in the certificate itself or in the OCSP Settings window. If any of these checks fail, Personal Security Manager marks the certificate as unverified and won't recognize the identity it certifies.<P>
+</A>
+<A NAME="cipher"></A><A NAME="1021048">
+<B>cipher.</B>&nbsp;
+</A><A NAME="1021052">
+See <a href="glossary.htm#1019976">cryptographic algorithm</a>.<P>
+</A>
+<A NAME="client"></A><A NAME="1029510">
+<B>client.</B>&nbsp;
+</A><A NAME="1029547">
+Software (such as browser software) that sends requests to and receives information from a <a href="glossary.htm#1029749">server</a>, which is usually running on a different computer. A computer on which client software runs is also described as a client.<P>
+</A>
+<A NAME="client authentication"></A><A NAME="1021054">
+<B>client authentication.</B>&nbsp;
+</A><A NAME="1014557">
+The process of identifying a <a href="glossary.htm#1029510">client</a> to a <a href="glossary.htm#1029749">server</a>, for example with a name and password or with a <a href="glossary.htm#1014561">client SSL certificate</a> and some digitally signed data. See also <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>, <a href="glossary.htm#1031070">server authentication</a>.<P>
+</A>
+<A NAME="client SSL certificate"></A><A NAME="1014561">
+<B>client SSL certificate.</B>&nbsp;
+</A><A NAME="1014562">
+A certificate that a <a href="glossary.htm#1029510">client</a> (for example, browser software such as Netscape Communicator) presents to a <a href="glossary.htm#1029749">server</a> to authenticate the identity of the client (or the identity of the person using the client) using the <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a> protocol. See also <a href="glossary.htm#1021054">client authentication</a>.<P>
+</A>
+<A NAME="cryptographic algorithm"></A><A NAME="1019976">
+<B>cryptographic algorithm.</B>&nbsp;
+</A><A NAME="1019985">
+A set of rules or directions used to perform cryptographic operations such as <a href="glossary.htm#999078">encryption</a> and <a href="glossary.htm#998999">decryption</a>. Sometimes called a <I>cipher.</I><P>
+</A>
+<A NAME="cryptography"></A><A NAME="1026002">
+<B>cryptography.</B>&nbsp;
+</A><A NAME="1026018">
+The art and practice of scrambling (encrypting) and unscrambling (decrypting) information. For example, cryptographic techniques are used to scramble an unscramble information flowing between commercial web sites and your browser. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="decryption"></A><A NAME="998999">
+<B>decryption.</B>&nbsp;
+</A><A NAME="999005">
+The process of unscrambling data that has been encrypted. See also <a href="glossary.htm#999078">encryption</a>.<P>
+</A>
+<A NAME="digital ID"></A><A NAME="999011">
+<B>digital ID.</B>&nbsp;
+</A><A NAME="999017">
+See <a href="glossary.htm#1018895">certificate</a>.<P>
+</A>
+<A NAME="digital signature"></A><A NAME="1013995">
+<B>digital signature.</B>&nbsp;
+</A><A NAME="1013996">
+A code created from both the data to be signed and the private key of the signer. This code is unique for each new piece of data. Even a single comma added to a message changes the digital signature for that message. Successful validation of your digital signature by appropriate software not only provides evidence that you approved the transaction or message, but also provides evidence that the data has not changed since you digitally signed it. A digital signature has nothing to do with a handwritten signature, although it can sometimes be used for similar legal purposes. See also <a href="glossary.htm#999248">nonrepudiation</a>, <a href="glossary.htm#999618">tamper detection</a>.<P>
+</A>
+<A NAME="distinguished name (DN)"></A><A NAME="1022191">
+<B>distinguished name (DN).</B>&nbsp;
+</A><A NAME="1022194">
+A specially formatted name that uniquely identifies the subject of a certificate.<P>
+</A>
+<A NAME="dual key pairs"></A><A NAME="1020489">
+<B>dual key pairs.</B>&nbsp;
+</A><A NAME="1020619">
+Two public-private key pairs--four keys altogether--corresponding to two separate certificates. The private key of one pair is used for signing operations, and the public and private keys of the other pair are used for encryption and decryption operations. Each pair corresponds to a separate <a href="glossary.htm#1018895">certificate</a>. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="eavesdropping"></A><A NAME="1020620">
+<B>eavesdropping.</B>&nbsp;
+</A><A NAME="1013975">
+Surreptitious interception of information sent over a network by an entity for which the information is not intended.<P>
+</A>
+<A NAME="encryption"></A><A NAME="999078">
+<B>encryption.</B>&nbsp;
+</A><A NAME="1024038">
+The process of scrambling information in a way that disguises its meaning. For example, encrypted connections between computers make it very difficult for third-parties to unscramble, or <I>decrypt,</I> information flowing over the connection. Encrypted information can be decrypted only by someone who possesses the appropriate key. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="encryption certificate"></A><A NAME="1024953">
+<B>encryption certificate.</B>&nbsp;
+</A><A NAME="1024978">
+A certificate whose public key corresponds to a private key used for encryption only. Encryption certificates are not used for signing operations. See also <a href="glossary.htm#1020489">dual key pairs</a>, <a href="glossary.htm#999493">signing certificate</a>.<P>
+</A>
+<A NAME="encryption key"></A><A NAME="1021254">
+<B>encryption key.</B>&nbsp;
+</A><A NAME="1021255">
+A private key used for encryption only. An encryption key and its equivalent public key, plus a <a href="glossary.htm#1021282">signing key</a> and its equivalent public key, constitute a <a href="glossary.htm#1020489">dual key pairs</a>.<P>
+</A>
+<A NAME="fingerprint"></A><A NAME="1020434">
+<B>fingerprint.</B>&nbsp;
+</A><A NAME="1020450">
+See <a href="glossary.htm#1020297">certificate fingerprint</a>.<P>
+</A>
+<A NAME="FIPS PUBS 140-1"></A><A NAME="1025742">
+<B>FIPS PUBS 140-1.</B>&nbsp;
+</A><A NAME="1025743">
+Federal Information Processing Standards Publications (FIPS PUBS) 140-1 is a US government standard for implementations of cryptographic modules--that is, hardware or software that encrypts and decrypts data or performs other cryptographic operations (such as creating or verifying digital signatures). Many products sold to the US government must comply with one or more of the FIPS standards.<P>
+</A>
+<A NAME="key"></A><A NAME="999203">
+<B>key.</B>&nbsp;
+</A><A NAME="999212">
+A large number used by a <a href="glossary.htm#1019976">cryptographic algorithm</a> to encrypt or decrypt data. A person's public key, for example, allows other people to encrypt messages to that person. The encrypted messages must be decrypted with the corresponding private key. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="Lightweight Directory Access Protocol (LDAP)"></A><A NAME="1022286">
+<B>Lightweight Directory Access Protocol (LDAP).</B>&nbsp;
+</A><A NAME="1022287">
+A protocol for accessing directory services across multiple platforms. LDAP is a simplified version of Directory Access Protocol (DAP), used to access X.500 directories. <P>
+</A>
+<A NAME="master key"></A><A NAME="1032598">
+<B>master key.</B>&nbsp;
+</A><A NAME="1032639">
+A symmetric key used by Personal Security Manager to encrypt information on behalf of other applications. For example, Netscape 6 uses Personal Security Manager and your master key to encrypt email passwords, web site passwords, and other stored sensitive information. See also <a href="glossary.htm#999604">symmetric encryption</a>.<P>
+</A>
+<A NAME="misrepresentation"></A><A NAME="1014057">
+<B>misrepresentation.</B>&nbsp;
+</A><A NAME="1014058">
+Presentation of an entity as a person or organization that it is not. For example, a web site might pretend to be a furniture store when it is really just a site that takes credit card payments but never sends any goods. See also <a href="glossary.htm#1014366">spoofing</a>.<P>
+</A>
+<A NAME="Netscape Certificate Management System"></A><A NAME="1018306">
+<B>Netscape Certificate Management System.</B>&nbsp;
+</A><A NAME="1018308">
+A highly configurable set of software components and tools for creating, deploying, and managing certificates. You enroll with the system to obtain certificates of all kinds; the system maintains information about the certificates it issues.<P>
+</A>
+<A NAME="nonrepudiation"></A><A NAME="999248">
+<B>nonrepudiation.</B>&nbsp;
+</A><A NAME="999254">
+The inability, of the sender of a message, to deny having sent the message. A regular hand-written signature provides one form of nonrepudiation. A <a href="glossary.htm#1013995">digital signature</a> provides another.<P>
+</A>
+<A NAME="object signing"></A><A NAME="1014095">
+<B>object signing.</B>&nbsp;
+</A><A NAME="1014096">
+A technology that allows software developers to sign Java code, JavaScript scripts, or any kind of file, and that allows users to identify the signers and control access by signed code to local system resources.<P>
+</A>
+<A NAME="object-signing certificate"></A><A NAME="1014097">
+<B>object-signing certificate.</B>&nbsp;
+</A><A NAME="1014098">
+A certificate whose corresponding private key is used to sign objects such as code files. See also <a href="glossary.htm#1014095">object signing</a>.<P>
+</A>
+<A NAME="Online Certificate Status Protocol (OCSP)"></A><A NAME="1029304">
+<B>Online Certificate Status Protocol (OCSP).</B>&nbsp;
+</A><A NAME="1029312">
+A set of rules that Personal Security Manager follows to perform an online check of an email certificate's validity each time the certificate is used. This process involves checking the certificate against a list of valid certificates maintained at a specified web site. Your computer must be online for OCSP to work.<P>
+</A>
+<A NAME="password-based authentication"></A><A NAME="1014123">
+<B>password-based authentication.</B>&nbsp;
+</A><A NAME="1014124">
+Confident identification by means of a name and password. See also <a href="glossary.htm#998782">authentication</a>.<P>
+</A>
+<A NAME="Personal Security Password"></A><A NAME="1032744">
+<B>Personal Security Password.</B>&nbsp;
+</A><A NAME="1032748">
+A password used by Personal Security Manager to protect the master key and/or private keys stored on a <a href="glossary.htm#1028962">security device</a>. Personal Security Manager needs to access your private keys, for example, when you sign email messages or use one of your own certificates to identify yourself to a web site. It needs to access your master key when it encrypts or decrypts information on behalf of another application&#151;for example, when Netscape 6 needs to store or access your email password. You can set or change your personal security password from the Certificates tab in Personal Security Manager. Each security device requires a separate Personal Security Password. See also <a href="glossary.htm#1015387">private key</a>, <a href="glossary.htm#1032598">master key</a>.<P>
+</A>
+<A NAME="PKCS #11"></A><A NAME="1025194">
+<B>PKCS #11.</B>&nbsp;
+</A><A NAME="1025195">
+The public-key cryptography standard that governs security devices such as smart cards. See also <a href="glossary.htm#1028962">security device</a>, <a href="glossary.htm#1027625">smart card</a>.<P>
+</A>
+<A NAME="PKCS #11 module"></A><A NAME="1025197">
+<B>PKCS #11 module.</B>&nbsp;
+</A><A NAME="1025271">
+A program on your computer that manages cryptographic services such as encryption and decryption using the PKCS #11 standard. PKCS #11 modules (also called <I>cryptographic modules</I>, <I>cryptographic service providers,</I> or <I>security modules</I>) can be thought of as drivers for cryptographic devices that can be implemented in either hardware or software. A PKCS #11 module always controls one or more slots<B>,</B> which may be implemented as physical hardware slots in some form of physical reader (for example, for smart cards) or as conceptual slots in software. Each slot for a PKCS #11 module can in turn contain a <a href="glossary.htm#1028962">security device</a> (also called <I>token</I>)<B>,</B> which is the hardware or software device that actually provides cryptographic services and optionally stores certificates and keys. Personal Security Manager provides a built-in PKCS #11 module. You may install additional modules on your computer to control smart card readers or other hardware devices.<P>
+</A>
+<A NAME="portable security password"></A><A NAME="1024655">
+<B>portable security password.</B>&nbsp;
+</A><A NAME="1024670">
+A password that protects a certificate that you are backing up or have previously backed up. Personal Security Manager asks you to set this password when you back up a certificate, and requests it when you attempt to restore a certificate that has previously been backed up. <P>
+</A>
+<A NAME="private key"></A><A NAME="1015387">
+<B>private key.</B>&nbsp;
+</A><A NAME="1015391">
+One of a pair of keys used in public-key cryptography. The private key is kept secret and is used to decrypt data that has been encrypted with the corresponding public key.<P>
+</A>
+<A NAME="PSM Private Keys security device"></A><A NAME="1032045">
+<B>PSM Private Keys security device.</B>&nbsp;
+</A><A NAME="1032110">
+The default <a href="glossary.htm#1028962">security device</a> used by Personal Security Manager to store private keys associated with your certificates. In addition to private keys, the PSM Private Keys security device stores the master key used by Netscape 6 to encrypt email passwords, web site passwords, and other sensitive information. See also <a href="glossary.htm#1015387">private key</a>, <a href="glossary.htm#1032598">master key</a>.<P>
+</A>
+<A NAME="public key"></A><A NAME="1019172">
+<B>public key.</B>&nbsp;
+</A><A NAME="1019173">
+One of a pair of keys used in public-key cryptography. The public key is distributed freely and published as part of a <a href="glossary.htm#1018895">certificate</a>. It is typically used to encrypt data sent to the public key's owner, who then decrypts the data with the corresponding private key.<P>
+</A>
+<A NAME="public-key cryptography"></A><A NAME="1019178">
+<B>public-key cryptography.</B>&nbsp;
+</A><A NAME="1023765">
+A set of well-established techniques and standards that allow an entity (such as a person, an organization, or hardware such as a router) to verify its identity electronically or to sign and encrypt electronic data. Two keys are involved: a <a href="glossary.htm#1019172">public key</a> and a <a href="glossary.htm#1015387">private key</a>. The public key is published as part of a <a href="glossary.htm#1018895">certificate</a>, which associates that key with a particular identity. The corresponding private key is kept secret. Data encrypted with the public key can be decrypted only with the private key. <P>
+</A>
+<A NAME="public-key infrastructure (PKI)"></A><A NAME="999412">
+<B>public-key infrastructure (PKI).</B>&nbsp;
+</A><A NAME="1014263">
+The standards and services that facilitate the use of public-key cryptography and certificates in a networked environment.<P>
+</A>
+<A NAME="root CA"></A><A NAME="1015631">
+<B>root CA.</B>&nbsp;
+</A><A NAME="1015635">
+The <a href="glossary.htm#1020903">certificate authority (CA)</a> with a self-signed certificate at the top of a <a href="glossary.htm#1018500">certificate chain</a>. See also <a href="glossary.htm#999541">subordinate CA</a>.<P>
+</A>
+<A NAME="Secure Sockets Layer (SSL)"></A><A NAME="999463">
+<B>Secure Sockets Layer (SSL).</B>&nbsp;
+</A><A NAME="999472">
+A protocol that allows mutual authentication between a <a href="glossary.htm#1029510">client</a> and a <a href="glossary.htm#1029749">server</a> for the purpose of establishing an authenticated and encrypted connection. SSL runs above TCP/IP and below HTTP, LDAP, IMAP, NNTP, and other high-level network protocols. The new Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL. See also <a href="glossary.htm#998782">authentication</a>, <a href="glossary.htm#999078">encryption</a>.<P>
+</A>
+<A NAME="security certificate"></A><A NAME="1028900">
+<B>security certificate.</B>&nbsp;
+</A><A NAME="1028904">
+See <a href="glossary.htm#1018895">certificate</a>.<P>
+</A>
+<A NAME="security device"></A><A NAME="1028962">
+<B>security device.</B>&nbsp;
+</A><A NAME="1028963">
+A hardware or software device that provides cryptographic services such as encryption and decryption and can store certificates and keys. A smart card is one example of a hardware security device. Personal Security Manager contains its own internal security device, called the <a href="glossary.htm#1032045">PSM Private Keys security device</a>, that is implemented in software. Each security device is protected by its own <a href="glossary.htm#1032744">Personal Security Password</a>.<P>
+</A>
+<A NAME="security module"></A><A NAME="1029083">
+<B>security module.</B>&nbsp;
+</A><A NAME="1029097">
+See <a href="glossary.htm#1025197">PKCS #11 module</a>.<P>
+</A>
+<A NAME="security token"></A><A NAME="1028905">
+<B>security token.</B>&nbsp;
+</A><A NAME="1028909">
+See <a href="glossary.htm#1028962">security device</a>.<P>
+</A>
+<A NAME="server"></A><A NAME="1029749">
+<B>server.</B>&nbsp;
+</A><A NAME="1029869">
+Software (such as software that serves up web pages) that receives requests from and sends information to a <a href="glossary.htm#1029510">client</a>, which is usually running on a different computer. A computer on which server software runs is also described as a server.<P>
+</A>
+<A NAME="server authentication"></A><A NAME="1031070">
+<B>server authentication.</B>&nbsp;
+</A><A NAME="1031080">
+The process of identifying a <a href="glossary.htm#1029749">server</a> to a <a href="glossary.htm#1029510">client</a> by using a <a href="glossary.htm#1029874">server SSL certificate</a>. See also <a href="glossary.htm#1021054">client authentication</a>, <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>.<P>
+</A>
+<A NAME="server SSL certificate"></A><A NAME="1029874">
+<B>server SSL certificate.</B>&nbsp;
+</A><A NAME="999500">
+A certificate that a <a href="glossary.htm#1029749">server</a> presents to a <a href="glossary.htm#1029510">client</a> to authenticate the server's identity using the <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a> protocol.<P>
+</A>
+<A NAME="signing certificate"></A><A NAME="999493">
+<B>signing certificate.</B>&nbsp;
+</A><A NAME="999507">
+A certificate whose corresponding <a href="glossary.htm#1015387">private key</a> is used to sign transmitted data, so that the receiver can verify the identity of the sender. Certificate authorities (CAs) often issue a signing certificate that will be used to sign email messages at the same time as an <a href="glossary.htm#1024953">encryption certificate</a> that will be used to encrypt email messages. See also <a href="glossary.htm#1020489">dual key pairs</a>, <a href="glossary.htm#1013995">digital signature</a>.<P>
+</A>
+<A NAME="signing key"></A><A NAME="1021282">
+<B>signing key.</B>&nbsp;
+</A><A NAME="1021283">
+A private key used for signing only. A signing key and its equivalent public key, together with an <a href="glossary.htm#1021254">encryption key</a> and its equivalent public key, constitute <a href="glossary.htm#1020489">dual key pairs</a>.<P>
+</A>
+<A NAME="slot"></A><A NAME="1025218">
+<B>slot.</B>&nbsp;
+</A><A NAME="1025222">
+A piece of hardware, or its equivalent in software, that is controlled by a <a href="glossary.htm#1025197">PKCS #11 module</a> and designed to contain a <a href="glossary.htm#1028962">security device</a>. <P>
+</A>
+<A NAME="smart card"></A><A NAME="1027625">
+<B>smart card.</B>&nbsp;
+</A><A NAME="1027626">
+A small device, typically about the size of a credit card, that contains a microprocessor and is capable of storing cryptographic information (such as keys and certificates) and performing cryptographic operations. Smart cards use the <a href="glossary.htm#1025194">PKCS #11</a> standard. A smart card is one kind of <a href="glossary.htm#1028962">security device</a>. <P>
+</A>
+<A NAME="spoofing"></A><A NAME="1014366">
+<B>spoofing.</B>&nbsp;
+</A><A NAME="1014367">
+Pretending to be someone else. For example, a person can pretend to have the email address <FONT FACE="courier, courier new, monospace">jdoe@mozilla.com</FONT>, or a computer can identify itself as a site called <FONT FACE="courier, courier new, monospace">www.mozilla.com</FONT> when it is not. Spoofing is one form of <a href="glossary.htm#1014057">misrepresentation</a>.<P>
+</A>
+<A NAME="SSL"></A><A NAME="999533">
+<B>SSL.</B>&nbsp;
+</A><A NAME="999539">
+See <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>. <P>
+</A>
+<A NAME="subject"></A><A NAME="1013880">
+<B>subject.</B>&nbsp;
+</A><A NAME="1013881">
+The entity (such as a person, organization, or router) identified by a <a href="glossary.htm#1018895">certificate</a>. In particular, the subject field of a certificate contains the certified entity's <a href="glossary.htm#1021328">subject name</a> and other characteristics.<P>
+</A>
+<A NAME="subject name"></A><A NAME="1021328">
+<B>subject name.</B>&nbsp;
+</A><A NAME="1021338">
+A <a href="glossary.htm#1022191">distinguished name (DN)</a> that uniquely describes the <a href="glossary.htm#1013880">subject</a> of a <a href="glossary.htm#1018895">certificate</a>.<P>
+</A>
+<A NAME="subordinate CA"></A><A NAME="999541">
+<B>subordinate CA.</B>&nbsp;
+</A><A NAME="999591">
+A <a href="glossary.htm#1020903">certificate authority (CA)</a> whose certificate is signed by another subordinate CA or by the root CA. See also <a href="glossary.htm#1018500">certificate chain</a>, <a href="glossary.htm#1015631">root CA</a>.<P>
+</A>
+<A NAME="symmetric encryption"></A><A NAME="999604">
+<B>symmetric encryption.</B>&nbsp;
+</A><A NAME="999625">
+An encryption method that uses a single cryptographic key to both encrypt and decrypt a given message.<P>
+</A>
+<A NAME="tamper detection"></A><A NAME="999618">
+<B>tamper detection.</B>&nbsp;
+</A><A NAME="999631">
+A mechanism ensuring that data received in electronic form has not been tampered with; that is, that the data received corresponds entirely with the original version of the same data.<P>
+</A>
+<A NAME="TLS"></A><A NAME="1027427">
+<B>TLS.</B>&nbsp;
+</A><A NAME="1027428">
+See <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>.<P>
+</A>
+<A NAME="token"></A><A NAME="1024528">
+<B>token.</B>&nbsp;
+</A><A NAME="1024586">
+See <a href="glossary.htm#1028962">security device</a>.<P>
+</A>
+<A NAME="trust"></A><A NAME="1019748">
+<B>trust.</B>&nbsp;
+</A><A NAME="1020186">
+Confident reliance on a person or other entity. In the context of <a href="glossary.htm#999412">public-key infrastructure (PKI)</a>, trust usually refers to the relationship between the user of a certificate and the <a href="glossary.htm#1020903">certificate authority (CA)</a> that issued the certificate. If you use Personal Security Manager to specify that you trust a CA, Personal Security Manager trusts valid certificates issued by that CA unless you specify otherwise in the settings for individual certificates. You use the Authorities panel of the Certificates tab in Personal Security Manager to specify the kinds of certificates you trust or don't trust different CAs to issue. <P>
+</A>
+<A NAME="1028719">
+<B></B><a href="glossary.htm#1028962"></a><P>
+</A>
+</dl>
+
+
+<BR>
+
+&copy; Copyright 2000 Netscape Communications Corporation
+</FONT> </CENTER>
+
+<BR>
+
+</BODY>
+
+</HTML>

mozilla/security/psm/doc/psmtest.html

@@ -0,0 +1,29 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<head>
+  <title>Personal Security Manager Detection Page</title>
+  <script language=javascript>
+
+    function init_title()
+    {
+      with(window.frames.the_frame) {
+        document.write('<BODY><H1>Personal Security Manager Detection Page</H1><P><P>');
+        if (typeof(crypto.version) == "undefined") {
+          document.write('<FONT color="#ff0000">Personal Security Manager not loaded</FONT>');
+        } else {
+          document.write('<FONT color="#007700">Personal Security Manager&nbsp;Running&nbsp;(version ', crypto.version); 
+          document.write(')</FONT>'); 
+        }
+        document.write('</BODY>');
+        document.close();
+      }
+    }
+  
+
+
+</script>
+</head>
+
+<frameset rows="*,1" border=0 onload="init_title()">
+  <frame src="about:blank" name="the_frame">
+  <frame src="about:blank">
+</frameset>

mozilla/security/psm/doc/release_notes.html

@@ -0,0 +1,500 @@
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<head>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+   <meta name="GENERATOR" content="Mozilla/4.72 [en] (WinNT; I) [Netscape]">
+   <meta name="Author" content="Sean Cotter">
+   <title>Personal Security Manager Release Notes</title>
+</head>
+<body>
+
+<center>
+<h1>
+<img SRC="bannerrn.gif" height=32 width=468 align=ABSCENTER></h1></center>
+
+<center>
+<h2>
+Netscape Personal Security Manager</h2></center>
+
+<center>
+<h2>
+Release 1.2</h2></center>
+
+<center>
+<h2>
+6/19/2000</h2></center>
+
+<center>
+<hr WIDTH="100%"></center>
+These release notes contain the most recent information about this release
+of Netscape Personal Security Manager. Please read these notes before using
+the software.
+<p>These notes include information for IS professionals who are thoroughly
+familiar with security and public-key infrastructure (PKI) issues.
+<p>Use of this product is subject to the terms detailed in the license
+agreement accompanying it (see <a href="http://twain.mcom.com/developer/security/cartman/psmiPlanet/psm/12/license.html">license.html</a>).
+<p>
+<hr WIDTH="100%">
+<h2>
+Contents</h2>
+<a href="#Documentation">Documentation</a>
+<br><a href="#Changes Since PSM 1.1">Changes Since Personal Security Manager
+1.1</a>
+<br><a href="#Software/Hardware Requirements">Software/Hardware Requirements</a>
+<br><a href="#unpacking">Installing Personal Security Manager</a>
+<br><a href="#Using the Test Bed">Using Personal Security Manager</a>
+<br><a href="#Known Bugs/Issues for 12 Release">Known Bugs/Issues for Personal
+Security Manager 1.2</a>
+<br><a href="#Feedback">Feedback</a>
+<p>
+<hr WIDTH="100%">
+<h2>
+<a NAME="Documentation"></a>Documentation</h2>
+The following documentation is available with Personal Security Manager:
+<ul>
+<li>
+<a href="http://twain.mcom.com/developer/security/cartman/psmiPlanet/psm/12/contents.htm">Personal
+Security Manager Help</a> -- This online help system can also be accessed
+by clicking the Help button in any personal Security Manager window.</li>
+
+<li>
+<a href="http://twain.mcom.com/developer/security/cartman/psmiPlanet/psm/12/cmcjavascriptapi.html">JavaScript
+API for Client Certificate Management</a> -- This reference describes a
+new Javascript API for performing user certificate management operations
+with Personal Security Manager, including one-click issuance, forced certificate
+backup by end users, issuance of dual encryption and signing email certificates,
+and automatic archival of encryption private keys.</li>
+</ul>
+For the latest release notes, deployment guide, and other information,
+see <a href="http://developer.iPlanet.com/docs/manuals/psm.html">http://developer.iPlanet.com/docs/manuals/psm.html.</a>
+<p>
+<hr WIDTH="100%">
+<h2>
+<a NAME="Changes Since PSM 1.1"></a>Changes Since Personal Security Manager
+1.1</h2>
+The status of the following important features or bugs has changed since
+the 1.1 release:
+<ul>
+<li>
+This release makes it possible to view more details about each certificate,
+including other certificates in the certificate chain. To use this feature,
+click the Certificates tab in the Personal Security Manager window, select
+the certificate you want to view, then click View. To see the next certificate
+in the certificate chain, click the name labeled "Issued Under" in the
+View Security Certificate window. To view the complete contents of the
+certificate, click View More Info in the upper-right corner of the View
+Security Certificate window.</li>
+
+<li>
+This release includes support for the Netscape 6 Password Manager. For
+information about this feature, see <a href="http://home.netscape.com/eng/mozilla/ns6/relnotes/pv6-2.html">http://home.netscape.com/eng/mozilla/ns6/relnotes/pv6-2.html</a>.</li>
+</ul>
+
+<hr WIDTH="100%">
+<h4>
+<a NAME="Software/Hardware Requirements"></a><font size=+2>Software/Hardware
+Requirements</font></h4>
+<b>Operating systems supported:</b> Windows NT, Windows 95, Windows 98;
+Solaris 2.5.1, 2.6, 7; and Linux 2.1 and 2.2.
+<p><b>Other software requirements:</b>
+<blockquote>
+<li>
+You must use Communicator 4.7 or later versions. Get the latest version
+of Communicator from <a href="http://home.netscape.com">http://home.netscape.com</a>
+before proceeding.</li>
+
+<li>
+If you are running Communicator 4.7, Personal Security Manager requires
+that Communicator have JavaScript turned on. If you are running later versions
+of Communicator, Personal Security Manager works regardless of whether
+JavaScript is turned on.</li>
+</blockquote>
+
+<hr WIDTH="100%">
+<h2>
+<a NAME="unpacking"></a>Installing Personal Security Manager</h2>
+
+<h3>
+Installing on Windows 95/98/NT</h3>
+<b>Important note for Mozilla and Netscape 6 users:</b> The Personal Security
+Manager 1.2 binaries for use with Communicator 4.x differ from the Personal
+Security Manager 1.2 beta binaries available for Mozilla at <a href="http://docs.iplanet.com/docs/manuals/psm/psm-mozilla/index.html">Netscape
+PSM for Mozilla</a> and from the Personal Security Manager 1.01 binaries
+that ship with Netscape 6 PR1. As a result, if you are running Windows
+95/98/NT and you have already installed Netscape 6 or PSM for Mozilla,
+you should rename the Security directory containing the PSM binaries before
+you install Personal Security Manager 1.2 for Communicator 4.7x (and vice
+versa--if you have installed Netscape 6 or Personal Security Manager 1.1&nbsp;
+for Mozilla, you should rename the Security directory before installing
+Personal Security Manager 1.2 for Communicator).
+<p>On Windows systems, the Personal Security Manager files are located
+in <tt>C:\Program Files\Common Files\Netscape Shared\Security\</tt>. If
+the Security directory already exists, rename it before installing a second
+version of Personal Security Manager (whether directly or as part of a
+Netscape 6 installation). For example, if you already have Netscape 6 installed
+and you want to install Personal Security Manager for Communicator 4.7x,
+rename the Security directory before beginning installation. A new Security
+directory will be created during installation. When you are ready to run
+Communicator 4.7x again, you must rename the new Security directory and
+restore the name of the original directory to Security.
+<p>This incompatibility between releases of Personal Security Manager will
+disappear in future releases. It is not a problem on Unix platforms.
+<p><b>Important note for Personal Security Manager 1.0 users:</b> If you
+are currently using release 1.0 of Personal Security Manager, you should
+delete the <tt>psm</tt> directory before installing release 1.2. The <tt>psm</tt>
+directory required for release 1.0 and earlier was located in the Netscape
+program directory on Windows 95/98/NT (default location <tt>C:\Program
+Files\Netscape\Communicator\Program</tt>), and in the directory where the
+Netscape executable resides on Unix.
+<p>To install Personal Security Manager on Windows 95/98/NT, save the file
+in a convenient location with the specified filename, then drag the file's
+icon into a Navigator window (that is, a browser window displayed by Communicator
+4.7 or later). Dropping the file's icon over the browser window initiates
+SmartUpdate, which automatically installs Personal Security Manager. After
+installation is complete, exit Communicator and relaunch it. If your copy
+of Communicator is installed in the default location, SmartUpdate installs
+the Personal Security Manager files in the directory
+<tt>C:\Program Files\Common
+Files\Netscape Shared\Security\</tt> and adds the file <tt>cmnav.dll</tt>
+in the directory <tt>C:\Program Files\Netscape\Communicator\Program</tt>.
+<p><b>Important:</b> On Windows NT, you must have administrator privileges
+to install Personal Security Manager using SmartUpdate.
+<h3>
+Installing on Unix</h3>
+Before you install Personal Security Manager on Unix, you must be logged
+in as the same Unix user you will be logged in as when you run Communicator.
+For the Unix installation to succeed, you must have write privileges for
+both the directory where the Netscape executable resides and the directory
+where the installation script creates the directory containing the Personal
+Security Manager files.
+<p>To install Personal Security Manager on Unix, download the tar file
+for the version of the product that you want to install and follow these
+steps:
+<ol>
+<li>
+Exit Communicator, if it is running.</li>
+
+<li>
+Decompress the downloaded file to some convenient location.</li>
+
+<li>
+Run the <tt>psm-install</tt> program.</li>
+</ol>
+The <tt>psm-install</tt> program allows you to specify the directory in
+which Personal Security Manager will be installed. In this release, you
+must install Personal Security Manager locally. To do so, you can either
+install it in the default location (<tt>/opt/netscape/security</tt>) or
+in some other local location. However, if you install Personal Security
+Manager anywhere other than the default location, Communicator must also
+be installed locally.
+<p>To run Personal Security Manager on Unix, you must be logged in as the
+same Unix user you were logged in as when you installed it.
+<h3>
+Disabling Personal Security Manager</h3>
+To <b>disable</b> Personal Security Manager temporarily, simply rename
+the file <tt>cmnav.dll</tt> (in the Netscape program directory on Windows
+95/98/NT, or the directory in which your Netscape executable resides on
+Unix) to some other name, such as <tt>cmnav.txt</tt>. On Unix, you can
+also rename the file <tt>cmnav.so</tt> to some other name to disable Personal
+Security Manager.
+<p>
+<hr WIDTH="100%">
+<h2>
+<a NAME="Using the Test Bed"></a>Using Personal Security Manager</h2>
+The sections that follow describe how to test some of the features of Personal
+Security Manager that are available with this release:
+<ul>
+<li>
+<a href="#Start Up Personal Security Manager with">Start Up Personal Security
+Manager with Communicator</a></li>
+
+<li>
+<a href="#Use SSL with Server Authentication">Test Basic SSL</a></li>
+
+<li>
+<a href="#Get a Certificate">Get an SSL Client Certificate</a></li>
+
+<li>
+<a href="#View Your Personal Certificate">View Your Certificate</a></li>
+
+<li>
+<a href="#Using Your Personal Certificate for Client">Test Client Authentication</a></li>
+
+<li>
+<a href="#Request and Use Separate Signing and Encryption">Request and
+Use Separate Signing and Encryption Certificates ("Dual Key-Pair Certificates")</a></li>
+
+<li>
+<a href="#Validate Certificates Using OSCP">Validate Certificates Using
+OCSP</a></li>
+
+<li>
+<a href="#Fetch Certificates Automatically from a Directory">Fetch Certificates
+Automatically from a Directory</a></li>
+</ul>
+The sections that follow briefly describe how to test some of the features
+listed above.
+<p>For information on the JavaScript API supported by Personal Security
+Manager, see <a href="http://twain.mcom.com/developer/security/cartman/psmiPlanet/psm/12/cmcjavascriptapi.html">JavaScript
+API for Client Certificate Management</a> and the Personal Security Manager
+Deployment Guide. For the latest versions of these documents, see <a href="http://developer.iPlanet.com/docs/manuals/psm.html">http://developer.iPlanet.com/docs/manuals/psm.html</a>.
+<h3>
+<a NAME="Start Up Personal Security Manager with"></a>Start Up Personal
+Security Manager with Communicator</h3>
+Follow these steps to start Personal Security Manager with Communicator.
+<ol>
+<li>
+Launch Communicator. Personal Security Manager will silently load in the
+background.</li>
+
+<li>
+Go to the page <a href="http://twain.mcom.com/developer/security/cartman/psmiPlanet/psm/12/psmtest.html">psmtest.html</a>
+(in the same directory as these release notes), then choose Page Source
+from the View menu to see the JavaScript code that a web programmer can
+use to detect Personal Security Manager and its version number.</li>
+</ol>
+Note that the version number has two parts. The first is the version of
+the PSM client library, and the second is the version of the PSM server
+library.
+<h3>
+<a NAME="Use SSL with Server Authentication"></a>Test Basic SSL</h3>
+Go to any online store, banking service, brokerage account, or other web
+site that supports SSL. Verify that the lock in the lower-left corner of
+the browser window is closed when you reach the pages for which SSL should
+be enabled, for example a page where you are asked to give your credit
+card number.
+<h3>
+<a NAME="Get a Certificate"></a>Get an SSL Client Certificate</h3>
+Go to any public or private CA and apply for an SSL client certificate.
+<p>To test one-click certificate issuance, dual key-pair certificates,
+and other Personal Security Manager features, system administrators should
+download, install, and configure Netscape Certificate Management System.
+For complete CMS documentation and other information, see <a href="http://developer.iPlanet.com/docs/manuals/cms.html">http://developer.iPlanet.com/docs/manuals/cms.html</a>.
+To download the latest version of CMS, see <a href="http://home.netscape.com/testdrive/download/">http://home.netscape.com/testdrive/download/</a>.
+<h3>
+<a NAME="View Your Personal Certificate"></a>View Your Certificate</h3>
+After you have obtained a certificate, follow these steps to view it:
+<ol>
+<li>
+Click the Security icon in the Navigator toolbar.</li>
+
+<li>
+Click the Certificates tab.</li>
+
+<li>
+Click to select your certificate.</li>
+
+<li>
+Click View.</li>
+</ol>
+You should see information about your new certificate.
+<h3>
+<a NAME="Using Your Personal Certificate for Client"></a><font size=+1>Test
+Client Authentication</font></h3>
+Personal Security Manager allows the SSL server and client to negotiate
+which certificate to use, and in most cases they can agree on a single
+correct certificate for the client to present. When this happens, the user
+can access an SSL site that requires client authentication with zero additional
+clicks.
+<p>To test client authentication with Netscape Enterprise Server, system
+administrators should follow these steps:
+<ul>
+<li>
+Install an Enterprise Server and configure it for client authentication
+as described in <a href="http://developer.iplanet.com/docs/manuals/cms/41/dep_gide/entsrv.htm">Appendix
+D, Using SSL with Enterprise Server 3.x</a>, of <i>Netscape Certificate
+Management System Installation and Deployment Guide</i>.</li>
+
+<li>
+Test the Enterprise Server installation as described at the end of Appendix
+D using Personal Security Manager.</li>
+</ul>
+
+<h3>
+<a NAME="Request and Use Separate Signing and Encryption"></a>Request and
+Use Separate Signing and Encryption Certificates ("Dual Key-Pair Certificates")</h3>
+Separate signing and encryption certificates, sometimes called "dual key-pair
+certificates," are specialized certificates used only with S/MIME. The
+term "dual key pair" refers to the fact that two public-private key pairs--four
+keys altogether--correspond to two separate certificates. The private key
+of one pair is used for email signing operations, and the public and private
+keys of the other pair are used for email encryption and decryption operations.
+Each pair corresponds to a separate certificate.
+<p>In the past, Communicator has supported the signing and encryption functions
+for S/MIME with a single, combined signing and encryption certificate.
+<p>This version of Personal Security Manager allows you to request dual
+key-pair certificates from a single, specially configured enrollment page
+provided by Netscape Certificate Management System. The resulting certificates
+are combined under a single nickname in the Certificates/Mine panel displayed
+by Personal Security Manager. (To see this panel after Personal Security
+Manager is installed, click the Security button in the Communicator toolbar,
+then click the Certificates tab.) When you select a nickname that represents
+a pair of related signing and encryption certificates, then click View
+or other buttons that act on the selection, a dialog box allows you to
+select which certificate you want to act on.
+<p>For instructions on configuring Certificate Management System to issue
+dual key-pair certificates and to archive the private encryption key, see
+<a href="http://home.netscape.com/eng/server/cms/41/adm_gide/kycrt_ee.htm#1067601">Chapter
+25, Recovering Encrypted Data</a>, in <i>Netscape Certificate Management
+System Administrator's Guide.</i>
+<p>Once you have obtained your dual key-pair certificates, you can use
+them with Personal Security Manager to sign and encrypt email. You can
+also back them up and import them using buttons in the Certificates/Mine
+panel, and set the certificate you want to use for signing in the Applications/Messenger
+panel.
+<h3>
+<a NAME="Validate Certificates Using OSCP"></a>Validate Certificates Using
+OSCP</h3>
+Personal Security Manager supports the use of the On-Line Certificate Status
+Protocol (OSCP) to check the validity of certificates in real time. Information
+about this protocol and how configure Personal Security Manager 1.2 and
+a forthcoming version of Certificate Management System to support it will
+be available from <a href="http://developer.iPlanet.com/docs/manuals/psm.html">http://developer.iPlanet.com/docs/manuals/psm.html</a>.
+<p>It's important to note that Personal Security Manager will accept signatures
+from responders only under the following conditions:
+<ul>
+<li>
+The response was signed by a delegated responder--that is, the responder's
+certificate was signed by the same CA as the certificate&nbsp; you're trying
+to verify and has the <tt>extendedKeyUsage</tt> bit set indicating that
+the certificate is an OCSP response signer. The certificate should be the
+same as a CA certificate with the addition of the <tt>extendedKeyUsage</tt>
+bit.</li>
+
+<li>
+The user has designated a default responder in the OCSP Settings dialog
+box (available from the Advanced tab under Options).</li>
+</ul>
+Common problems include the following:
+<ul>
+<li>
+Time drift between the client and server machine. Personal Security Manager
+expects the time of the response to be within the past 24 hours. If there
+is a difference in the clocks between the machine used to sign the response,
+so the response looks to Personal Security Manager like it was signed in
+the future, Personal Security Manager interprets this as an error. Run
+ntp on both machines to fix this problem.</li>
+
+<li>
+The response doesn't include the certificates required to complete the
+chain needed to verify the signer's certificate. The client frequently
+doesn't have all the certificates in the database that are needed to verify
+the signer's certificate, in which case Personal Security Manager can't
+verify the signer's certificate and OCSP fails. Make sure the entire chain
+is included with every response. This is the safest way to avoid this problem.</li>
+
+<li>
+If you are using ValiCert, misconfiguration may cause the Validation Authority
+not to send the certificate chain (including the CA root certificate and
+the OCSP responder's certificate) correctly.</li>
+</ul>
+
+<h3>
+<a NAME="Fetch Certificates Automatically from a Directory"></a>Fetch Certificates
+Automatically from a Directory</h3>
+Personal Security Manager can search a specified directory for the certificate
+associated with an email address. This search is performed automatically
+when you send a message (but note that it doesn't work over SSL in this
+release; see <a href="#Known Bugs/Issues for 12 Release">Known Bugs/Issues
+for 1.2 Release</a>).
+<p>To activate this feature, you must specify a directory server to search.
+To do so, choose Preferences from the File menu in Communicator, then click
+Addressing under Mail &amp; Newsgroups. In the right panel, click Directory
+Server under Pinpoint Addressing, select the directory you want to use
+from the drop-down menu, and click OK. Personal Security Manager uses this
+directory for automatic certificate lookups when you send an encrypted
+email message.
+<p>If the directory you want doesn't show up in the drop-down menu under
+Pinpoint Addressing, you can add it to your list of directories using the
+Communicator Address Book. To do so, choose Address Book from the Communicator
+menu, then choose New Directory from the File menu. You must then add information
+about the directory you want to add. Once the directory has been added
+to the Address book, you can specify it in your preferences as described
+above.
+<p>
+<hr WIDTH="100%">
+<h2>
+<a NAME="Known Bugs/Issues for 12 Release"></a>Known Bugs/Issues for Personal
+Security Manager 1.2</h2>
+
+<ul>
+<li>
+FORTEZZA is not guaranteed to work with this release. [# 94220]</li>
+
+<li>
+LDAP over SSL does not work for address book lookups, pinpoint addressing,
+or automatic certificate fetching. That is, if you choose Address Book
+from the Communicator menu, select a directory in the left frame, and click
+the Properties button, the checkbox labeled Secure must not be selected.
+If Secure is selected, address book lookups for that directory will not
+work. Similarly, if the same Secure checkbox is selected for a directory
+that is also specified for pinpoint addressing, pinpoint addressing and
+automatic certificate lookups won't work. To view pinpoint addressing settings,
+choose Preferences from the Edit menu in Communicator and select Addressing
+under Mail &amp; Newsgroups. [# 364811]</li>
+
+<li>
+Secure proxy does not work with this release when it is running with Communicator
+4.72 or earlier versions. [# 362464] (Secure proxy does work with this
+release when it is running with Communicator 4.73 and later versions.)
+HTTP proxy works with Communicator 4.72 or earlier versions, but you must
+configure Communicator preferences as follows:</li>
+
+<ul>
+<li>
+Choose Preferences from the Edit menu, then click the plus sign beside
+Advanced, then click Proxies.</li>
+
+<li>
+In the Proxies panel, click "Manual proxy configuration." You must configure
+the proxy manually.</li>
+
+<li>
+Click View to see the proxy configurations.</li>
+
+<li>
+In the Manual Proxy Configuration dialog box, enter the hostname for the
+HTTP proxy you want to use in the field labeled HTTP, and the port number
+in the corresponding port field. Then, enter <tt>127.0.0.1</tt> in the
+field at the bottom labeled "Exceptions/Do not use proxy servers for domains
+beginning with:" (plus other names of other hosts, if necessary, that you
+don't want to use a proxy server to reach). This number identifies the
+local host, which cannot use a proxy server (or else Personal Security
+Manager won't work). Do not enter anything in the field labeled "Security."</li>
+</ul>
+
+<li>
+In some unusual circumstances you may encounter problems such as valid
+certificates not being verified or Communicator freezing up. If you encounter
+a problem that doesn't appear to have a logical explanation, try the following
+as a last resort:</li>
+
+<ol>
+<li>
+Exit Communicator, then relaunch it. If necessary, use Control-Alt-Delete
+on Windows 95/98/NT to bring up the Task Manager and click End Process
+for both <tt>psm.exe</tt> and <tt>netscape.exe</tt>.</li>
+
+<li>
+<b>Warning:</b> <b>Before taking this step, back up your own certificates
+stored internally by Personal Security Manager.</b> If exiting and relaunching
+Communicator doesn't take care of the problem, in some rare cases it may
+work to exit Communicator, then delete or rename your <tt>cert7.db</tt>
+and <tt>key3.db</tt> files (located in your user profile directory on Windows
+95/98/NT, or in the directory in which the Netscape executable resides
+on Unix) and relaunch the Communicator. You should also look for all other
+files in the same directory that begin with <tt>cert</tt> or <tt>key</tt>
+and end in <tt>.db</tt> and delete those files as well before relaunching
+Communicator.</li>
+</ol>
+</ul>
+
+<hr WIDTH="100%">
+<h2>
+<a NAME="Feedback"></a>Feedback</h2>
+To send feedback to the Personal Security Manager development team, send
+email to <a href="mailto:psmfeedback@netscape.com">psmfeedback@netscape.com</a>.
+Feedback back sent to this address will be read by the team, but you will
+not receive a personal response.
+</body>
+</html>

mozilla/security/psm/lib/Makefile

@@ -0,0 +1,74 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+

mozilla/security/psm/lib/Makefile.in

@@ -0,0 +1,32 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= protocol client
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/security/psm/lib/client/MANIFEST

@@ -0,0 +1,3 @@
+cmtclist.h
+cmtcmn.h
+cmtjs.h

mozilla/security/psm/lib/client/Makefile

@@ -0,0 +1,74 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include config.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+

mozilla/security/psm/lib/client/Makefile.in

@@ -1,4 +1,4 @@
-# -*- Mode: perl; indent-tabs-mode: nil -*-
+#! gmake
 # 
 # The contents of this file are subject to the Mozilla Public
 # License Version 1.1 (the "License"); you may not use this file
@@ -10,14 +10,14 @@
 # implied. See the License for the specific language governing
 # rights and limitations under the License.
 # 
-# The Original Code are the Bugzilla Tests.
+# The Original Code is the Netscape security libraries.
 # 
-# The Initial Developer of the Original Code is Zach Lipton
-# Portions created by Zach Lipton are 
-# Copyright (C) 2001 Zach Lipton.  All
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 # Rights Reserved.
 # 
-# Contributor(s): Zach Lipton <zach@zachlipton.com>
+# Contributor(s):
 # 
 # Alternatively, the contents of this file may be used under the
 # terms of the GNU General Public License Version 2 or later (the
@@ -32,36 +32,43 @@
 # GPL.
 # 
 
-package Support::Files;
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
 
-@additional_files = ('syncshadowdb','processmail');
-@exclude_files    = ('importxml.pl');
+include $(DEPTH)/config/autoconf.mk
 
-$file = '*';
-@files = glob($file);
+LIBRARY_NAME	= cmt
 
-sub isTestingFile {
-  my ($file) = @_;
-  my $exclude;
-  foreach $exclude (@exclude_files) {
-        if ($file eq $exclude) { return undef; } # get rid of excluded files.
-  }
+EXPORTS = \
+	cmtcmn.h \
+	cmtjs.h  \
+	cmtclist.h \
+	$(NULL)
 
-  if ($file =~ /\.cgi$|\.pl$|\.pm$/) {
-    return 1;
-  }
-  my $additional;
-  foreach $additional (@additional_files) {
-    if ($file eq $additional) { return 1; }
-  }
-  return undef;
-}
+MODULE = security
 
-foreach $currentfile (@files) {
-        if (isTestingFile($currentfile)) {
-                push(@testitems,$currentfile);
-        }
-}
+CSRCS = cmtinit.c  \
+	cmtssl.c   \
+	cmtutils.c \
+	cmtcert.c  \
+	cmthash.c  \
+	cmtpkcs7.c \
+	cmtres.c   \
+	cmtjs.c    \
+	cmtevent.c \
+        cmtpasswd.c \
+	cmtadvisor.c \
+	cmtrng.c \
+	cmtsdr.c \
+	$(NULL)
 
+ifeq ($(MOZ_OS2_TOOLS),VACPP)
+EXTRA_DSO_LDOPTS	+= $(DIST)/lib/protocol.$(LIB_SUFFIX)
+else
+EXTRA_DSO_LDOPTS	+= -L$(DIST)/lib -lprotocol
+endif
+
+include $(topsrcdir)/config/rules.mk
 
-1;

mozilla/security/psm/lib/client/cmtadvisor.c

@@ -0,0 +1,99 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#ifdef XP_MAC
+#include "cmtmac.h"
+#endif
+
+CMTStatus CMT_SecurityAdvisor(PCMT_CONTROL control, CMTSecurityAdvisorData* data, CMUint32 *resID)
+{
+    CMTItem message = {0, NULL, 0};
+    SecurityAdvisorRequest request;
+    SingleNumMessage reply;
+
+    if (!control) {
+        return CMTFailure;
+    }
+
+    if (!data) {
+        return CMTFailure;
+    }
+
+    request.infoContext = data->infoContext;
+    request.resID = data->resID;
+    request.hostname = data->hostname;
+	request.senderAddr = data->senderAddr;
+	request.encryptedP7CInfo = data->encryptedP7CInfo;
+	request.signedP7CInfo = data->signedP7CInfo;
+	request.decodeError = data->decodeError;
+	request.verifyError = data->verifyError;
+	request.encryptthis = data->encryptthis;
+	request.signthis = data->signthis;
+	request.numRecipients = data->numRecipients;
+	request.recipients = data->recipients;
+    message.type = SSM_REQUEST_MESSAGE | SSM_SECURITY_ADVISOR;
+
+    if (CMT_EncodeMessage(SecurityAdvisorRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Send the message and get the response */
+	if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+	}
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_SECURITY_ADVISOR)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *resID = reply.value;
+
+    return CMTSuccess;
+loser:
+
+    if (message.data) {
+        free(message.data);
+    }
+    return CMTFailure;
+}
+
+
+
+

mozilla/security/psm/lib/client/cmtclist.h

@@ -0,0 +1,111 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef cmtclist_h___
+#define cmtclist_h___
+
+typedef struct CMTCListStr CMTCList;
+/*
+** Circular linked list
+*/
+struct CMTCListStr {
+    CMTCList	*next;
+    CMTCList	*prev;
+};
+
+/*
+** Insert element "_e" into the list, before "_l".
+*/
+#define CMT_INSERT_BEFORE(_e,_l)	 \
+	(_e)->next = (_l);	 \
+	(_e)->prev = (_l)->prev; \
+	(_l)->prev->next = (_e); \
+	(_l)->prev = (_e);	 \
+
+/*
+** Insert element "_e" into the list, after "_l".
+*/
+#define CMT_INSERT_AFTER(_e,_l)	 \
+	(_e)->next = (_l)->next; \
+	(_e)->prev = (_l);	 \
+	(_l)->next->prev = (_e); \
+	(_l)->next = (_e);	 \
+
+/*
+** Append an element "_e" to the end of the list "_l"
+*/
+#define CMT_APPEND_LINK(_e,_l) CMT_INSERT_BEFORE(_e,_l)
+
+/*
+** Insert an element "_e" at the head of the list "_l"
+*/
+#define CMT_INSERT_LINK(_e,_l) CMT_INSERT_AFTER(_e,_l)
+
+/* Return the head/tail of the list */
+#define CMT_LIST_HEAD(_l) (_l)->next
+#define CMT_LIST_TAIL(_l) (_l)->prev
+
+/*
+** Remove the element "_e" from it's circular list.
+*/
+#define CMT_REMOVE_LINK(_e)	       \
+	(_e)->prev->next = (_e)->next; \
+	(_e)->next->prev = (_e)->prev; \
+
+/*
+** Remove the element "_e" from it's circular list. Also initializes the
+** linkage.
+*/
+#define CMT_REMOVE_AND_INIT_LINK(_e)    \
+	(_e)->prev->next = (_e)->next; \
+	(_e)->next->prev = (_e)->prev; \
+	(_e)->next = (_e);	       \
+	(_e)->prev = (_e);	       \
+
+/*
+** Return non-zero if the given circular list "_l" is empty, zero if the
+** circular list is not empty
+*/
+#define CMT_CLIST_IS_EMPTY(_l) \
+    ((_l)->next == (_l))
+
+/*
+** Initialize a circular list
+*/
+#define CMT_INIT_CLIST(_l)  \
+	(_l)->next = (_l); \
+	(_l)->prev = (_l); \
+
+#define CMT_INIT_STATIC_CLIST(_l) \
+    {(_l), (_l)}
+
+#endif /* cmtclist_h___ */

mozilla/security/psm/lib/client/cmtevent.c

@@ -0,0 +1,480 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include <string.h>
+#ifdef XP_UNIX
+#include <sys/time.h>
+#endif
+
+/* Typedefs */
+typedef void (*taskcompleted_handler_fn)(CMUint32 resourceID, CMUint32 numReqProcessed, CMUint32 resultCode, void* data);
+
+CMTStatus CMT_SetUIHandlerCallback(PCMT_CONTROL control, 
+                                   uiHandlerCallback_fn f, void *data)
+{
+    return CMT_RegisterEventHandler(control, SSM_UI_EVENT, 0,
+                                    (void_fun)f, data);
+}
+
+void CMT_SetFilePathPromptCallback(PCMT_CONTROL control,
+                                   filePathPromptCallback_fn f, void* arg)
+{
+    control->userFuncs.promptFilePath = f;
+    control->userFuncs.filePromptArg  = arg;
+}
+
+void CMT_SetPromptCallback(PCMT_CONTROL control, 
+                           promptCallback_fn f, void *arg)
+{
+    control->userFuncs.promptCallback = f;
+    control->userFuncs.promptArg      = arg;
+}
+
+void CMT_SetSavePrefsCallback(PCMT_CONTROL control, savePrefsCallback_fn f)
+{
+    control->userFuncs.savePrefs = f;
+}
+
+CMTStatus CMT_RegisterEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                                   CMUint32 resourceID, void_fun handler, 
+                                   void* data)
+{
+    PCMT_EVENT ptr;
+
+    /* This is the first connection */
+    if (control->cmtEventHandlers == NULL) {
+        control->cmtEventHandlers = ptr = 
+            (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+        if (!ptr) {
+            goto loser;
+        }
+    } else {
+        /* Look for another event handler of the same type.  Make sure the
+           event handler with a rsrcid of 0 is farther down the list so
+	   that it doesn't get chosen when there's an event handler for
+	   a specific rsrcid.
+	 */
+	for (ptr=control->cmtEventHandlers; ptr != NULL; ptr = ptr->next) {
+            if (ptr->type == type && resourceID != 0) {
+                /* So we've got an event handler that wants to over-ride
+                   an existing event handler.  We'll put it before the one
+                   that's already here.
+                 */
+                if (ptr->previous == NULL) {
+                    /* We're going to insert at the front of the list*/
+                    control->cmtEventHandlers = ptr->previous = 
+                        (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+                    if (ptr->previous == NULL) {
+                        goto loser;
+		    }
+		    ptr->previous->next = ptr;
+		    ptr = control->cmtEventHandlers;
+		} else {
+		    /* We want to insert in the middle of the list */
+		    PCMT_EVENT tmpEvent;
+		    
+		    tmpEvent = (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+		    if (tmpEvent == NULL) {
+		        goto loser;
+		    }
+		    tmpEvent->previous  = ptr->previous;
+		    ptr->previous->next = tmpEvent;
+		    tmpEvent->next      = ptr;
+		    ptr->previous       = tmpEvent;
+		    ptr = tmpEvent;
+		}
+		break;
+	    }
+	    if (ptr->next == NULL) break;
+	}
+	if (ptr == NULL) {
+	    goto loser;	
+	}
+	if (ptr->next == NULL) {
+	    /* We're adding the event handler at the end of the list. */
+	    ptr->next = (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+	    if (!ptr->next) {
+	        goto loser;
+	    } 
+	    /* Fix up the pointers */
+	    ptr->next->previous = ptr;
+	    ptr = ptr->next;
+	}
+    }
+
+    /* Fill in the data */
+    ptr->type = type;
+    ptr->resourceID = resourceID;
+    ptr->handler = handler;
+    ptr->data = data;
+    
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_UnregisterEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                                     CMUint32 resourceID) 
+{
+    PCMT_EVENT ptr, pptr = NULL;
+    
+    for (ptr = control->cmtEventHandlers; ptr != NULL;
+	 pptr = ptr, ptr = ptr->next) {
+        if ((ptr->type == type) && (ptr->resourceID == resourceID)) {
+	    if (pptr == NULL) {
+	        /* node is at head */
+	        control->cmtEventHandlers = ptr->next;
+            if (control->cmtEventHandlers != NULL) {
+                control->cmtEventHandlers->previous = NULL;
+            }
+            free(ptr);
+            return CMTSuccess;
+	    }
+	    /* node is elsewhere */
+	    pptr->next = ptr->next;
+        if (ptr->next != NULL) {
+            ptr->next->previous = pptr;
+        }
+	    free(ptr);
+	    return CMTSuccess;
+        }
+    }
+    return CMTFailure;
+}
+
+PCMT_EVENT CMT_GetEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                               CMUint32 resourceID)
+{
+    PCMT_EVENT ptr;
+    
+    for (ptr = control->cmtEventHandlers; ptr != NULL; ptr = ptr->next) {
+        if ((ptr->type == type) && ((ptr->resourceID == resourceID) || 
+                                    !ptr->resourceID)) {
+            return ptr;
+        }
+    }
+    return NULL;
+}
+
+PCMT_EVENT CMT_GetFirstEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                                    CMUint32 resourceID)
+{
+    PCMT_EVENT ptr;
+
+    for (ptr = control->cmtEventHandlers; ptr != NULL; ptr = ptr->next) {
+        if ((ptr->type == type) && ((ptr->resourceID == resourceID) || 
+                                    !ptr->resourceID)) {
+            return ptr;
+        }
+    }
+    return NULL;
+}
+
+PCMT_EVENT CMT_GetNextEventHandler(PCMT_CONTROL control, PCMT_EVENT e)
+{
+    PCMT_EVENT ptr;
+
+    for (ptr = control->cmtEventHandlers; ptr != NULL || ptr == e; 
+         ptr = ptr->next) {
+    }
+
+    for (; ptr != NULL; ptr = ptr->next) {
+        if ((ptr->type == e->type) && ((ptr->resourceID == e->resourceID) || 
+                                       !ptr->resourceID)) {
+            return ptr;
+        }
+    }
+    return NULL;
+}
+
+void CMT_ProcessEvent(PCMT_CONTROL cm_control)
+{
+    CMTSocket sock; 
+    CMTItem eventData={ 0, NULL, 0 };
+
+    /* Get the control socket */
+    sock = cm_control->sock;
+
+    /* Acquire a lock on the control connection */
+    CMT_LOCK(cm_control->mutex);
+    /* Do another select here to be sure 
+       that the socket is readable */
+    if (cm_control->sockFuncs.select(&sock, 1, 1) != sock) {
+        /* There's no event. */
+        goto done;
+    }
+
+    /* Read the event */
+    if (CMT_ReceiveMessage(cm_control, &eventData) == CMTFailure) {
+        goto done;
+    }
+    CMT_UNLOCK(cm_control->mutex);
+    /* Dispatch the event */
+    CMT_DispatchEvent(cm_control, &eventData);
+    return;
+done:
+    /* Release the lock on the control connection */
+    CMT_UNLOCK(cm_control->mutex);
+}
+
+void CMT_EventLoop(PCMT_CONTROL cm_control)
+{
+    CMTSocket sock;
+
+    /* Get the control socket */
+    sock = cm_control->sock;
+    CMT_ReferenceControlConnection(cm_control);
+    /* Select on the control socket to see if it's readable */
+    while(cm_control->sockFuncs.select(&sock, 1, 0)) {
+      CMT_ProcessEvent(cm_control);
+    }
+    CMT_CloseControlConnection(cm_control);
+    return;
+}
+
+void
+CMT_PromptUser(PCMT_CONTROL cm_control, CMTItem *eventData)
+{
+    char *promptReply  = NULL;
+    CMTItem   response={ 0, NULL, 0 };
+    PromptRequest request;
+    PromptReply reply;
+    void * clientContext;
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(PromptRequestTemplate, &request, eventData) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Copy the client context to a pointer */
+    clientContext = CMT_CopyItemToPtr(request.clientContext);
+
+    if (cm_control->userFuncs.promptCallback == NULL) {
+        goto loser;
+    }
+    promptReply = 
+        cm_control->userFuncs.promptCallback(cm_control->userFuncs.promptArg, 
+                                             request.prompt, clientContext, 1);
+
+    response.type = SSM_EVENT_MESSAGE | SSM_PROMPT_EVENT;
+    if (!promptReply) {
+        /* the user canceled the prompt or other errors occurred */
+        reply.cancel = CM_TRUE;
+    }
+    else {
+        /* note that this includes an empty string (zero length) password */
+        reply.cancel = CM_FALSE;
+    }
+    reply.resID = request.resID;
+    reply.promptReply = promptReply;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(PromptReplyTemplate, &response, &reply) != CMTSuccess) {
+        goto loser;
+    }
+
+    CMT_TransmitMessage(cm_control, &response);
+ loser:
+    if (promptReply != NULL) {
+      cm_control->userFuncs.userFree(promptReply);
+    }
+    return;
+}
+
+void CMT_GetFilePath(PCMT_CONTROL cm_control, CMTItem * eventData)
+{
+    char *fileName=NULL;
+    CMTItem response = { 0, NULL, 0 };
+    FilePathRequest request;
+    FilePathReply reply;
+
+    /* Decode the request */
+    if (CMT_DecodeMessage(FilePathRequestTemplate, &request, eventData) != CMTSuccess) {
+        goto loser;
+    }
+
+    if (cm_control->userFuncs.promptFilePath == NULL) {
+        goto loser;
+    }
+    fileName = 
+     cm_control->userFuncs.promptFilePath(cm_control->userFuncs.filePromptArg,
+                                          request.prompt, request.fileRegEx, 
+                                          request.getExistingFile);
+
+    response.type = SSM_EVENT_MESSAGE | SSM_FILE_PATH_EVENT;
+    reply.resID = request.resID;
+    reply.filePath = fileName;
+
+    /* Encode the reply */
+    if (CMT_EncodeMessage(FilePathReplyTemplate, &response, &reply) != CMTSuccess) {
+        goto loser;
+    }
+
+    CMT_TransmitMessage(cm_control, &response);
+    cm_control->userFuncs.userFree(fileName); 
+loser:
+   return;
+}
+
+void CMT_SavePrefs(PCMT_CONTROL cm_control, CMTItem* eventData)
+{
+    SetPrefListMessage request;
+    int i;
+
+    /* decode the request */
+    if (CMT_DecodeMessage(SetPrefListMessageTemplate, &request, eventData) !=
+        CMTSuccess) {
+        return;
+    }
+
+    if (cm_control->userFuncs.savePrefs == NULL) {
+        /* callback was not registered: bail */
+        return;
+    }
+    cm_control->userFuncs.savePrefs(request.length, 
+                                    (CMTSetPrefElement*)request.list);
+
+    for (i = 0; i < request.length; i++) {
+        if (request.list[i].key != NULL) {
+            free(request.list[i].key);
+        }
+        if (request.list[i].value != NULL) {
+            free(request.list[i].value);
+        }
+    }
+    return;
+}
+
+void CMT_DispatchEvent(PCMT_CONTROL cm_control, CMTItem * eventData)
+{
+    CMUint32 eventType;
+    CMTItem msgCopy;
+
+    /* Init the msgCopy */
+    msgCopy.data = 0;    
+
+    /* Get the event type */
+    if ((eventData->type & SSM_CATEGORY_MASK) != SSM_EVENT_MESSAGE) {
+        /* Somehow there was a message on the socket that was not 
+         * an event message.  Dropping it on the floor.
+         */
+        goto loser;
+    }
+    eventType = (eventData->type & SSM_TYPE_MASK);
+
+    /* We must now dispatch the event based on it's type */
+    switch (eventType) {
+        case SSM_UI_EVENT:
+        {
+            PCMT_EVENT p;
+            UIEvent event;
+            void * clientContext = NULL;
+
+	    /* Copy the message to allow a second try with the old format */
+	    msgCopy.len = eventData->len;
+	    msgCopy.data = calloc(msgCopy.len, 1);
+	    if (msgCopy.data) {
+              memcpy(msgCopy.data, eventData->data, eventData->len);
+	    }
+
+            /* Get the event data first */
+            if (CMT_DecodeMessage(UIEventTemplate, &event, eventData) != CMTSuccess) {
+		/* Attempt to decode using the old format.  Modal is True */
+		if (!msgCopy.data || 
+		    CMT_DecodeMessage(OldUIEventTemplate, &event, &msgCopy) != CMTSuccess) {
+                  goto loser;
+                }
+
+                /* Set default modal value */
+                event.isModal = CM_TRUE;
+            }
+
+            /* Convert the client context to a pointer */
+            clientContext = CMT_CopyItemToPtr(event.clientContext);
+
+            /* Call any handlers for this event */
+            p = CMT_GetEventHandler(cm_control, eventType, event.resourceID);
+            if (!p) {
+                goto loser;
+            }
+            (*(uiHandlerCallback_fn)(p->handler))(event.resourceID, 
+                                                  clientContext, event.width,
+                                                  event.height, event.isModal, event.url, 
+                                                  p->data);
+            break;
+        }
+
+        case SSM_TASK_COMPLETED_EVENT:
+        {
+           PCMT_EVENT p;
+           TaskCompletedEvent event;
+
+            /* Get the event data */
+            if (CMT_DecodeMessage(TaskCompletedEventTemplate, &event, eventData) != CMTSuccess) {
+                goto loser;
+            }
+
+            /* Call handler for this event */
+            p = CMT_GetEventHandler(cm_control, eventType, event.resourceID);
+            if (!p) {
+                goto loser;
+            }
+            (*(taskcompleted_handler_fn)(p->handler))(event.resourceID, 
+                                                      event.numTasks, 
+                                                      event.result, p->data);
+            break;
+        }
+        case SSM_AUTH_EVENT: 
+             CMT_ServicePasswordRequest(cm_control, eventData);
+             break;
+        case SSM_FILE_PATH_EVENT:
+    	     CMT_GetFilePath(cm_control, eventData);
+             break;
+        case SSM_PROMPT_EVENT:
+	         CMT_PromptUser(cm_control, eventData);
+	         break;
+        case SSM_SAVE_PREF_EVENT:
+            CMT_SavePrefs(cm_control, eventData);
+            break;
+        default:
+            break;
+    }
+loser:
+    free(eventData->data);
+    free(msgCopy.data);
+    return;
+}
+

mozilla/security/psm/lib/client/cmthash.c

@@ -0,0 +1,216 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2)
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#include "string.h"
+#else
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+
+CMTStatus CMT_HashCreate(PCMT_CONTROL control, CMUint32 algID, 
+                         CMUint32 * connID)
+{
+    CMTItem message;
+    SingleNumMessage request;
+    DataConnectionReply reply;
+
+    /* Check passed in parameters */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.value = algID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_HASH_STREAM;
+
+    /* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the response */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_HASH_STREAM)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        CMTSocket sock;
+
+        sock = control->sockFuncs.socket(0);
+        if(sock == NULL) {
+            goto loser;
+        }
+        
+        if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+        }
+        /* Send the hello message */
+		control->sockFuncs.send(sock, control->nonce.data, control->nonce.len);
+
+        /* Save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID)
+		    != CMTSuccess) {
+            goto loser;
+        }
+
+        /* Set the connection ID */
+        *connID = reply.connID;
+        return CMTSuccess;
+	} 
+loser:
+    *connID = 0;
+	return CMTFailure;
+}
+
+CMTStatus CMT_HASH_Destroy(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    if (!control) {
+        goto loser;
+    }
+
+    /* Get the cotext implementation data */
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+
+    return CMTFailure;
+}
+
+CMTStatus CMT_HASH_Begin(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    return CMTSuccess;
+}
+
+CMTStatus CMT_HASH_Update(PCMT_CONTROL control, CMUint32 connectionID, const unsigned char * buf, CMUint32 len)
+{
+    CMTSocket sock;
+    CMUint32 sent;
+
+    /* Do some parameter checking */
+    if (!control || !buf) {
+        goto loser;
+    }
+
+    /* Get the data socket */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Write the data to the socket */
+    sent = CMT_WriteThisMany(control, sock, (void*)buf, len);
+    if (sent != len) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+
+    return CMTFailure;
+}
+
+CMTStatus CMT_HASH_End(PCMT_CONTROL control, CMUint32 connectionID, 
+                       unsigned char * result, CMUint32 * resultlen, 
+                       CMUint32 maxLen)
+{
+    CMTItem hash = { 0, NULL, 0 };
+
+    /* Do some parameter checking */
+    if (!control || !result || !resultlen) {
+        goto loser;
+    }
+
+    /* Close the connection */
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Get the context info */
+    if (CMT_GetStringAttribute(control, connectionID, SSM_FID_HASHCONN_RESULT,
+                               &hash) == CMTFailure) {
+        goto loser;
+    }
+    if (!hash.data) {
+        goto loser;
+    }
+
+    *resultlen = hash.len;
+    if (hash.len > maxLen) {
+        memcpy(result, hash.data, maxLen);
+    } else {
+        memcpy(result, hash.data, hash.len);
+    }   
+
+    if (hash.data) {
+        free(hash.data);
+    }
+
+    return CMTSuccess;
+
+loser:
+    if (hash.data) {
+        free(hash.data);
+    }
+
+    return CMTFailure;
+}

mozilla/security/psm/lib/client/cmtimpl.h

@@ -0,0 +1,56 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __CMTIMPL_H_
+#define __CMTIMPL_H_
+
+typedef unsigned long CMT_HANDLE;
+
+struct _CMTControl {
+  CMT_HANDLE channelID;
+  int socketID;
+  CMTStatus (* cmtEventCallback)(struct _CMTControl * control, 
+				 CMTItem * event,  void * arg);
+  void * cmtEventCallbackArg;
+  struct _CMTData * cmtDataConnection;
+} _CMTControl;
+
+
+
+struct _CMTData {
+  CMT_HANDLE channelID;
+  int socketID;
+  struct _CMTData * next;
+  struct _CMTData * previous;
+};
+
+#endif /*__CMTIMPL_H_*/

mozilla/security/psm/lib/client/cmtinit.c

@@ -0,0 +1,486 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2)
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/stat.h>
+#ifndef XP_BEOS
+#include <netinet/tcp.h>
+#endif
+#else
+#ifdef XP_MAC
+#include <Events.h> // for WaitNextEvent
+#else /* Windows */
+#include <windows.h>
+#include <winsock.h>
+#include <direct.h>
+#include <sys/stat.h>
+#endif
+#endif
+
+#include "messages.h"
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include <string.h>
+
+#if defined(XP_UNIX) || defined(XP_BEOS)
+#define DIRECTORY_SEPARATOR '/'
+#elif defined(WIN32) || defined(XP_OS2)
+#define DIRECTORY_SEPARATOR '\\'
+#elif defined XP_MAC
+#define DIRECTORY_SEPARATOR ':'
+#endif
+
+/* Local defines */
+#define CARTMAN_PORT	11111
+#define MAX_PATH_LEN    256
+
+/* write to the cmnav.log */
+#if 0
+#define LOG(x); do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, x); fclose(f); } } while(0);
+#define LOG_S(x); do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, "%s", x); fclose(f); } } while(0);
+#define ASSERT(x); if (!(x)) { LOG("ASSERT:"); LOG(#x); LOG("\n"); exit(-1); }
+#else
+#define LOG(x); ;
+#define LOG_S(x); ;
+#define ASSERT(x); ;
+#endif
+
+static char*
+getCurrWorkDir(char *buf, int maxLen)
+{
+#if defined WIN32
+    return _getcwd(buf, maxLen);
+#elif defined(XP_UNIX) || defined(XP_BEOS)
+    return getcwd(buf, maxLen);
+#else
+    return NULL;
+#endif
+}
+
+static void
+setWorkingDir(char *path)
+{
+#if defined WIN32
+    _chdir(path);
+#elif defined(XP_UNIX) || defined(XP_BEOS)
+    chdir(path);
+#else
+    return;
+#endif
+}
+
+static CMTStatus
+launch_psm(char *executable)
+{
+    char command[MAX_PATH_LEN];
+#ifdef WIN32
+    STARTUPINFO sui;
+    PROCESS_INFORMATION pi;
+    UNALIGNED long *posfhnd;
+    int i;
+    char *posfile;
+
+    sprintf(command,"%s > psmlog", executable);
+    ZeroMemory( &sui, sizeof(sui) );
+    sui.cb = sizeof(sui);
+    sui.cbReserved2 = (WORD)(sizeof( int ) + (3 * (sizeof( char ) + 
+                                                   sizeof( long ))));
+    sui.lpReserved2 = calloc( sui.cbReserved2, 1 );
+    *((UNALIGNED int *)(sui.lpReserved2)) = 3;
+    posfile = (char *)(sui.lpReserved2 + sizeof( int ));
+    posfhnd = (UNALIGNED long *)(sui.lpReserved2 + sizeof( int ) + 
+                                 (3 * sizeof( char )));
+    
+    for ( i = 0, posfile = (char *)(sui.lpReserved2 + sizeof( int )),
+              posfhnd = (UNALIGNED long *)(sui.lpReserved2 + sizeof( int ) + (3 * sizeof( char ))) ;
+          i < 3 ; i++, posfile++, posfhnd++ ) {
+        
+        *posfile = 0;
+        *posfhnd = (long)INVALID_HANDLE_VALUE;
+    }
+    /* Now, fire up PSM */
+    if (!CreateProcess(NULL, command, NULL, NULL, TRUE, DETACHED_PROCESS, 
+                       NULL, NULL, &sui, &pi)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+#elif defined(XP_UNIX) || defined(XP_BEOS)
+    sprintf(command,"./%s &", executable);
+    if (system(command) == -1) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+#else
+    return CMTFailure;
+#endif
+}
+
+PCMT_CONTROL CMT_EstablishControlConnection(char            *inPath, 
+                                            CMT_SocketFuncs *sockFuncs,
+                                            CMT_MUTEX       *mutex)
+{
+    PCMT_CONTROL control;
+    char *executable;
+    char *newWorkingDir;
+    char oldWorkingDir[MAX_PATH_LEN];
+    int i;
+    char *path = NULL;
+    size_t stringLen;
+
+    /*	On the Mac, we do special magic in the Seamonkey PSM component, so
+    	if PSM isn't launched by the time we reach this point, we're not doing well. */
+#ifndef XP_MAC
+
+    struct stat stbuf;
+    
+    /*
+     * Create our own copy of path.
+     * I'd like to do a straight strdup here, but that caused problems
+     * for https.
+     */
+    stringLen = strlen(inPath);
+
+    path = (char*) malloc(stringLen+1);
+    memcpy(path, inPath, stringLen);
+    path[stringLen] = '\0';
+
+    control = CMT_ControlConnect(mutex, sockFuncs);
+    if (control != NULL) {
+        return control;
+    }
+    /*
+     * We have to try to launch it now, so it better be a valid 
+     * path.
+     */
+    if (stat(path, &stbuf) == -1) {
+        goto loser;
+    }
+    /*
+     * Now we have to parse the path and launch the psm server.
+     */
+    executable = strrchr(path, DIRECTORY_SEPARATOR);
+    if (executable != NULL) {
+        *executable = '\0';
+        executable ++;
+        newWorkingDir = path;
+    } else {
+        executable = path;
+        newWorkingDir = NULL;
+    }
+    if (getCurrWorkDir(oldWorkingDir, MAX_PATH_LEN) == NULL) {
+        goto loser;
+    }
+    setWorkingDir(newWorkingDir);
+    if (launch_psm(executable) != CMTSuccess) {
+        goto loser;
+    }
+    setWorkingDir(oldWorkingDir);
+#endif
+
+    /*
+     * Now try to connect to the psm server.  We will try to connect
+     * a maximum of 30 times and then give up.
+     */
+#ifdef WIN32
+    for (i=0; i<30; i++) {
+        Sleep(1000);
+        control = CMT_ControlConnect(mutex, sockFuncs);
+        if (control != NULL) {
+            break;
+        }
+    }
+#elif defined(XP_UNIX) || defined(XP_BEOS)
+    i = 0;
+    while (i<1000) {
+        i += sleep(10);
+	control = CMT_ControlConnect(mutex, sockFuncs);
+	if (control != NULL) {
+	  break;
+	}
+    }
+#elif defined(XP_MAC)
+	for (i=0; i<30; i++) 
+	{
+		EventRecord theEvent;
+		WaitNextEvent(0, &theEvent, 30, NULL);
+		control = CMT_ControlConnect(mutex, sockFuncs);
+		if (control != NULL) 
+			break;
+	}
+
+#else
+    /*
+     * Figure out how to sleep for a while first
+     */
+    for (i=0; i<30; i++) {
+      control = CMT_ControlConnect(mutex, sockFuncs);
+      if (control!= NULL) {
+	break;
+      }
+    }
+#endif
+    if (control == NULL) {
+        goto loser;
+    }
+    if (path) {
+        free (path);
+    }
+    return control;
+ loser:
+    if (control != NULL) {
+        CMT_CloseControlConnection(control);
+    }
+    if (path) {
+        free(path);
+    }
+    return NULL;
+}
+
+
+PCMT_CONTROL CMT_ControlConnect(CMT_MUTEX *mutex, CMT_SocketFuncs *sockFuncs)
+{
+    PCMT_CONTROL control = NULL; 
+    CMTSocket sock=NULL;
+#ifdef XP_UNIX
+    int unixSock = 1;
+    char path[20];
+#else
+    int unixSock = 0;
+    char *path=NULL;
+#endif
+
+    if (sockFuncs == NULL) {
+        return NULL;
+    }
+#ifdef XP_UNIX
+    sprintf(path, "/tmp/.nsmc-%d", (int)geteuid());
+#endif    
+
+    sock = sockFuncs->socket(unixSock);
+    if (sock == NULL) {
+        LOG("Could not create a socket to connect to Control Connection.\n");
+        goto loser;
+    }
+    /* Connect to the psm process */
+    if (sockFuncs->connect(sock, CARTMAN_PORT, path)) {
+	  LOG("Could not connect to Cartman\n");
+	  goto loser;
+    }
+
+#ifdef XP_UNIX
+    if (sockFuncs->verify(sock) != CMTSuccess) {
+        goto loser;
+    }
+#endif
+
+	LOG("Connected to Cartman\n");
+	
+	/* fill in the CMTControl struct */
+	control = (PCMT_CONTROL)calloc(sizeof(CMT_CONTROL), 1);
+	if (control == NULL ) {
+		goto loser;
+	}
+	control->sock = sock;
+    if (mutex != NULL) {
+        control->mutex = (CMT_MUTEX*)calloc(sizeof(CMT_MUTEX),1);
+        if (control->mutex == NULL) {
+            goto loser;
+        }
+        *control->mutex = *mutex;
+    }
+    memcpy(&control->sockFuncs, sockFuncs, sizeof(CMT_SocketFuncs));
+    control->refCount = 1;
+	goto done;
+    
+ loser:
+	if (control != NULL) {
+		free(control);
+    }
+    if (sock != NULL) {
+        sockFuncs->close(sock);
+    }
+	control = NULL;
+    
+ done:
+	return control;
+}
+
+CMTStatus CMT_CloseControlConnection(PCMT_CONTROL control)
+{
+	/* XXX Don't know what to do here yet */
+    if (control != NULL) {
+        CMInt32 refCount;
+        CMT_LOCK(control->mutex);
+        control->refCount--;
+        refCount = control->refCount;
+        CMT_UNLOCK(control->mutex);
+        if (refCount <= 0) {
+            if (control->mutex != NULL) {
+                free (control->mutex);
+            }
+            control->sockFuncs.close(control->sock);
+            free(control);
+        }
+    }
+    
+	return CMTSuccess;
+}
+
+CMTStatus CMT_Hello(PCMT_CONTROL control, CMUint32 version, char* profile, 
+                    char* profileDir)
+{
+	CMTItem message;
+    PCMT_EVENT eventHandler;
+    CMBool doesUI;
+    HelloRequest request;
+    HelloReply reply;
+
+	/* Check the passed parameters */
+	if (!control) {
+		return CMTFailure;
+	}
+	if (!profile) {
+		return CMTFailure;
+	}
+    if (!profileDir) {
+        return CMTFailure;
+    }
+    
+	/* Create the hello message */
+    eventHandler = CMT_GetEventHandler(control, SSM_UI_EVENT, 0);
+    doesUI = (eventHandler == NULL) ? CM_FALSE : CM_TRUE;
+
+    /* Setup the request struct */
+    request.version = version;
+    request.policy = 0; /* no more policy */
+    request.doesUI = doesUI;
+    request.profile = profile;
+    request.profileDir = profileDir;
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_HELLO_MESSAGE;
+
+    if (CMT_EncodeMessage(HelloRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+	/* Send the message and get the response */
+	if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+	}
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_HELLO_MESSAGE)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(HelloReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+	/* Successful response */
+	if (reply.result == 0) {
+            /* Save the nonce value */
+            control->sessionID = reply.sessionID;
+            control->protocolVersion = reply.version;
+            control->port = reply.httpPort;
+            control->nonce = reply.nonce;
+            control->policy = reply.policy;
+            control->serverStringVersion = reply.stringVersion;
+
+            /* XXX Free the messages */
+            return CMTSuccess;
+	}
+loser:
+	/* XXX Free the messages */
+	return CMTFailure;
+}
+
+CMTStatus CMT_PassAllPrefs(PCMT_CONTROL control, int num,
+                           CMTSetPrefElement* list)
+{
+    SetPrefListMessage request;
+    SingleNumMessage reply;
+    CMTItem message;
+
+    if ((control == NULL) || (list == NULL)) {
+        return CMTFailure;
+    }
+
+    /* pack the request */
+    request.length = num;
+    request.list = (SetPrefElement*)list;
+
+    if (CMT_EncodeMessage(SetPrefListMessageTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+    message.type = SSM_REQUEST_MESSAGE | SSM_PREF_ACTION;
+
+    /* send the message */
+    if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PREF_ACTION)) {
+        goto loser;
+    }
+
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* don't really need to check the return value */
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+char* CMT_GetServerStringVersion(PCMT_CONTROL control)
+{
+    if (control == NULL) {
+        return NULL;
+    }
+    return control->serverStringVersion;
+}

mozilla/security/psm/lib/client/cmtjs.c

@@ -0,0 +1,556 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtutils.h"
+#include "cmtjs.h"
+#include "messages.h"
+
+CMTStatus
+CMT_GenerateKeyPair(PCMT_CONTROL control, CMUint32 keyGenContext, 
+		    CMUint32 mechType, CMTItem *param, CMUint32 keySize, 
+		    CMUint32 *keyPairId)
+{
+    CMTItem message;
+    CMTStatus rv;
+    KeyPairGenRequest request = {0, 0, 0, {0, NULL, 0}};
+    SingleNumMessage reply;
+
+    if (!control) {
+        return CMTFailure;
+    }
+
+    request.keyGenCtxtID = keyGenContext;
+    request.genMechanism = mechType;
+    if (param) {
+        request.params = *param;
+    }
+    request.keySize = keySize;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(KeyPairGenRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_CREATE_KEY_PAIR;
+
+    /* Send the message and get the response */
+    rv = CMT_SendMessage(control, &message); 
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_CREATE_KEY_PAIR)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+    *keyPairId = reply.value;
+    return CMTSuccess;
+    
+loser:
+    *keyPairId = 0;
+    return CMTFailure;
+}
+
+
+CMTStatus
+CMT_CreateNewCRMFRequest(PCMT_CONTROL control, CMUint32 keyPairID, 
+			 SSMKeyGenType keyGenType, CMUint32 *reqID)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleNumMessage request;
+    SingleNumMessage reply;
+    
+    if (!control) {
+        return CMTFailure;
+    }
+
+    request.value = keyPairID;
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | 
+                    SSM_CREATE_CRMF_REQ;
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+  
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_CREATE_CRMF_REQ)) {
+        goto loser;
+    }
+
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *reqID = reply.value;
+
+    rv = CMT_SetNumericAttribute(control, *reqID, SSM_FID_CRMFREQ_KEY_TYPE,
+				 keyGenType);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_EncodeCRMFRequest(PCMT_CONTROL control, CMUint32 *crmfReqID, 
+		      CMUint32 numRequests, char ** der)
+{
+    CMTItem   message;
+    CMTStatus  rv;
+    EncodeCRMFReqRequest request;
+    SingleItemMessage reply;
+
+    if (!control) {
+        return CMTFailure;
+    }
+
+    request.numRequests = numRequests;
+    request.reqIDs = (long *) crmfReqID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(EncodeCRMFReqRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | SSM_DER_ENCODE_REQ;
+
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_DER_ENCODE_REQ)) {
+        goto loser;
+    }
+
+    /* XXX Should this be a string? Decode the message */
+    if (CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *der = (char *) reply.item.data;
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_ProcessCMMFResponse(PCMT_CONTROL control, char *nickname,
+			char *certRepString, CMBool doBackup,
+			void *clientContext)
+{
+    CMTItem   message;
+    CMTStatus  rv;
+    CMMFCertResponseRequest request;
+
+    if(!control) {
+        return CMTFailure;
+    }
+
+    request.nickname = nickname;
+    request.base64Der = certRepString;
+    request.doBackup = doBackup;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CMMFCertResponseRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type =  SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | SSM_PROCESS_CMMF_RESP;
+
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_PROCESS_CMMF_RESP)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_CreateResource(PCMT_CONTROL control, SSMResourceType resType,
+		   CMTItem *params, CMUint32 *rsrcId, CMUint32 *errorCode)
+{
+    CMTItem message;
+    CMTStatus rv;
+    CreateResourceRequest request = {0, {0, NULL, 0}};
+    CreateResourceReply reply;
+
+    request.type = resType;
+    if (params) {
+        request.params = *params;
+    } 
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CreateResourceRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_CREATE_RESOURCE;
+    
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_CREATE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(CreateResourceReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *rsrcId = reply.resID;
+    *errorCode = reply.result;
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_SignText(PCMT_CONTROL control, CMUint32 resID, char* stringToSign, char* hostName, char* caOption, CMInt32 numCAs, char** caNames)
+{
+    CMTItem message;
+    SignTextRequest request;
+
+    
+    /* So some basic parameter checking */
+    if (!control || !stringToSign) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resID;
+    request.stringToSign = stringToSign;
+    request.hostName = hostName;
+    request.caOption = caOption;
+    request.numCAs = numCAs;
+    request.caNames = caNames;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(SignTextRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_FORMSIGN_ACTION | SSM_SIGN_TEXT;
+
+    /* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_FORMSIGN_ACTION | SSM_SIGN_TEXT)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_ProcessChallengeResponse(PCMT_CONTROL control, char *challengeString,
+			     char **responseString)
+{
+    CMTItem   message;
+    CMTStatus  rv;
+    SingleStringMessage request;
+    SingleStringMessage reply;
+
+    /* Set the request */
+    request.string = challengeString;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleStringMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | SSM_CHALLENGE;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+    
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_CHALLENGE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleStringMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *responseString = reply.string;
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_FinishGeneratingKeys(PCMT_CONTROL control, CMUint32 keyGenContext)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleNumMessage request;
+
+    /* Set up the request */
+    request.value = keyGenContext;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_FINISH_KEY_GEN;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the reply */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_FINISH_KEY_GEN)) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_GetLocalizedString(PCMT_CONTROL        control,
+                       SSMLocalizedString  whichString,
+                       char              **localizedString)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleNumMessage request;
+    GetLocalizedTextReply reply;
+
+    /* Set up the request */
+    request.value = whichString;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_LOCALIZED_TEXT;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_LOCALIZED_TEXT)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(GetLocalizedTextReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    if (reply.whichString != whichString) {
+        goto loser;
+    }
+    *localizedString = reply.localizedString;
+    return CMTSuccess;
+ loser:
+    *localizedString = NULL;
+    return rv; 
+}
+
+CMTStatus
+CMT_AddNewModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 char         *libraryPath,
+                 unsigned long pubMechFlags,
+                 unsigned long pubCipherFlags)
+{
+    CMTItem message;
+    CMTStatus rv;
+    AddNewSecurityModuleRequest request;
+    SingleNumMessage reply;
+
+    /* Set up the request */
+    request.moduleName = moduleName;
+    request.libraryPath = libraryPath;
+    request.pubMechFlags = pubMechFlags;
+    request.pubCipherFlags = pubCipherFlags;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(AddNewSecurityModuleRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_ADD_NEW_MODULE;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_ADD_NEW_MODULE)) {
+        goto loser;
+    }
+
+    /* Decode the response */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    return (CMTStatus) reply.value;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_DeleteModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 int          *moduleType)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleStringMessage request;
+    SingleNumMessage reply;
+
+    /* Set up the request */
+    request.string = moduleName;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleStringMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_DEL_MODULE;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_DEL_MODULE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *moduleType = reply.value;
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_LogoutAllTokens(PCMT_CONTROL control)
+{
+  CMTItem message;
+  CMTStatus rv;
+
+  message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_LOGOUT_ALL;
+  message.data = NULL;
+  message.len  = 0;
+
+  rv = CMT_SendMessage(control, &message);
+  if (rv != CMTSuccess) {
+    return rv;
+  }
+  if (message.type !=  (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | 
+			SSM_LOGOUT_ALL)) {
+    return CMTFailure;
+  }
+  return CMTSuccess;
+}
+
+CMTStatus CMT_GetSSLCapabilities(PCMT_CONTROL control, CMInt32 *capabilites)
+{
+    SingleNumMessage reply;
+    CMTItem message;
+    CMTStatus rv;
+
+    message.type = (SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | 
+                    SSM_ENABLED_CIPHERS);
+    message.data = NULL;
+    message.len  = 0;
+
+    rv = CMT_SendMessage(control, &message);
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION |
+			 SSM_ENABLED_CIPHERS)) {
+        goto loser;
+    }
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, 
+                          &message) != CMTSuccess) {
+        goto loser;
+    }
+    *capabilites = reply.value;
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}

mozilla/security/psm/lib/client/cmtjs.h

@@ -0,0 +1,555 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef _CMTJS_H_
+#define _CMTJS_H_
+#include "cmtcmn.h"
+#include "ssmdefs.h"
+#include "rsrcids.h"
+/*
+ * Define some constants.
+ */
+
+/*
+ * These defines are used in conjuction with the function
+ * CMT_AddNewModule.
+ */
+#define PUBLIC_MECH_RSA_FLAG         0x00000001ul
+#define PUBLIC_MECH_DSA_FLAG         0x00000002ul
+#define PUBLIC_MECH_RC2_FLAG         0x00000004ul
+#define PUBLIC_MECH_RC4_FLAG         0x00000008ul
+#define PUBLIC_MECH_DES_FLAG         0x00000010ul
+#define PUBLIC_MECH_DH_FLAG          0x00000020ul
+#define PUBLIC_MECH_FORTEZZA_FLAG    0x00000040ul
+#define PUBLIC_MECH_RC5_FLAG         0x00000080ul
+#define PUBLIC_MECH_SHA1_FLAG        0x00000100ul
+#define PUBLIC_MECH_MD5_FLAG         0x00000200ul
+#define PUBLIC_MECH_MD2_FLAG         0x00000400ul
+ 
+#define PUBLIC_MECH_RANDOM_FLAG      0x08000000ul
+#define PUBLIC_MECH_FRIENDLY_FLAG    0x10000000ul
+#define PUBLIC_OWN_PW_DEFAULTS       0X20000000ul
+#define PUBLIC_DISABLE_FLAG          0x40000000ul
+
+
+/*
+ * This is the lone supported constant for the Cipher flag
+ * for CMT_AddNewModule
+ */
+#define PUBLIC_CIPHER_FORTEZZA_FLAG  0x00000001ul
+
+CMT_BEGIN_EXTERN_C
+
+/*
+ * FUNCTION: CMT_GenerateKeyPair
+ * -----------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    keyGenContext
+ *        The Resource ID of a key gen context to use for creating the
+ *        key pair.
+ *    mechType
+ *        A PKCS11 mechanism used to generate the key pair. Valid values are:
+ *          CKM_RSA_PKCS_KEY_PAIR_GEN    0x00000000
+ *          CKM_DSA_KEY_PAIR_GEN         0x00000010
+ *        The definition of these values can be found at 
+ *        http://www.rsa.com/rsalabs/pubs/pkcs11.html
+ *        The psm module currently supports v2.01 of PKCS11
+ *    params
+ *        This parameter will be used to pass parameters to the Key Pair
+ *        generation process.  Currently this feature is not supported, so 
+ *        pass in NULL for this parameter.
+ *    keySize
+ *        The size (in bits) of the key to generate.
+ *    keyPairId
+ *        A pointer to pre-allocated memory where the function can place
+ *        the value of the resource ID of the key pair that gets created.
+ *
+ * NOTES:
+ * This function will send a message to the psm server requesting that 
+ * a public/private key pair be generated. The key gen context will queue
+ * the request. You can send as many key gen requests as you want with a
+ * given key gen context. After sending all the key gen requests, the user
+ * must call CMT_FinishGeneratingKeys so that the key gen context actually
+ * generates the keys.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates the request for key generation
+ * was queued successfully and the corresponding resource ID can be found
+ * at *keyPairId.  Any other return value indicates an error and the value
+ * at *keyPairId should be ignored.
+ */
+CMTStatus
+CMT_GenerateKeyPair(PCMT_CONTROL control, CMUint32 keyGenContext, 
+		    CMUint32 mechType, CMTItem *params, CMUint32 keySize, 
+		    CMUint32 *keyPairId);
+
+/*
+ * FUNCTION: CMT_FinishGeneratingKeys
+ * ----------------------------------
+ * INPUTS
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    keyGenContext
+ *        The resource ID of the key gen context which should finish 
+ *        generating its key pairs.
+ * NOTES
+ * This function will send a message to the psm server notifying the key 
+ * gen context with the resource ID of keyGenContext to finish generating
+ * all of the key gen requests it has queued up. After each key gen has 
+ * finished, the psm server will send a SSM_TASK_COMPLETED_EVENT. So in order
+ * to detect when all of the key gens are done, the user should register 
+ * an event handler.  See comments for CMT_RegisterEventHandler for information
+ * on how to successfully register event handler callbacks. You must register
+ * the event handler with keyGenContext as the target resource ID for this
+ * to work correctly.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates the key gen context has started to
+ * generate the key pairs in its queue. Any other return value indicates an
+ * error and the key pairs will not be generated.
+ */
+CMTStatus
+CMT_FinishGeneratingKeys(PCMT_CONTROL control, CMUint32 keyGenContext);
+
+/*
+ * FUNCTION: CMT_CreateNewCRMFRequest
+ * ----------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    keyPairID
+ *        The resource ID of the key pair that should be associated with
+ *        the CRMF request created. At the time this function is called,
+ *        key pair should have already been created. 
+ *    keyGenType
+ *        An enumeration that explains how the key pair will be used.
+ *        Look at the definition of SSMKeyGenType in ssmdefs.h for valid
+ *        values and their affects on the request.
+ *    reqID
+ *        A pointer to a pre-allocatd chunk of memory where the library 
+ *        can place the resource ID of the new CRMF request.
+ * NOTES:
+ * This function sends a message to the psm server requesting that a new 
+ * CRMF resource object be created. Each CRMF request must be associated with 
+ * a public/private key pair, that is why the keyPairID parameter exists.
+ * The keyGenType parameter is used to initialize the request, eg set the
+ * correct keyUsage extension.
+ * 
+ * Before encoding a CRMF request, the user will want to set the appropriate
+ * attributes to build up the request. The supported attributes are:
+ *
+ * Attribute Enumeration          Attribute Type       What value means
+ * ---------------------          --------------       ----------------
+ * SSM_FID_CRMFREQ_REGTOKEN       String               The value to encode as 
+ *                                                     the registration token
+ *                                                     value for the request.
+ *
+ * SSM_FID_CRMFREQ_AUTHENTICATOR String                The value to encode as
+ *                                                     authenticator control
+ *                                                     in the request.
+ * 
+ * SSM_FID_DN                    String                The RFC1485 formatted
+ *                                                     DN to include in the
+ *                                                     CRMF request.
+ *
+ * For information on how to properly set the attribute of a resource, refer
+ * to the comments for the functions CMT_SetNumericAttribute and 
+ * CMT_SetStringAttribute.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates a new CRMF resource was created by
+ * the psm server and has the resource ID placed at *reqID. Any other return
+ * value indicates an error and the value at *reqID should be ignored.
+ */
+CMTStatus
+CMT_CreateNewCRMFRequest(PCMT_CONTROL control, CMUint32 keyPairID, 
+			 SSMKeyGenType keyGenType, CMUint32 *reqID);
+
+/*
+ * FUNCTION: CMT_EncodeCRMFRequest
+ * ------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    crmfReqID
+ *        An array of resource ID's for CRMF objects to be encoded.
+ *    numRequests
+ *        The length of the array crmfReqID that is passed in.
+ *    der
+ *        A pointer to a pre-allocated pointer for a char* where the library
+ *        can place the final DER-encoding of the requests.
+ * NOTES
+ * This function will send a message to the psm server requesting that 
+ * a number of CRMF requests be encoded into their appropriate DER 
+ * representation. The DER that is sent back will be of the type 
+ * CertReqMessages as define in the internet draft for CRMF. To look at the
+ * draft, visit the following URL: 
+ * http://search.ietf.org/internet-drafts/internet-draft-ietf-pkix-crmf-01.txt
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates psm successfully encoded the requests
+ * and placed the base64 DER encoded request at *der. Any other return value
+ * indicates an error and the value at *der should be ignored.
+ */
+CMTStatus
+CMT_EncodeCRMFRequest(PCMT_CONTROL control, CMUint32 *crmfReqID, 
+		      CMUint32 numRequests, char ** der);
+
+/*
+ * FUNCTION: CMT_ProcessCMMFResponse
+ * ---------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    nickname
+ *        The nickname that should be associated with the certificate 
+ *        contained in the CMMF Response.
+ *    certRepString
+ *        This is the base 64 encoded CertRepContent that issues a certificate.
+ *        The psm server will decode the base 64 data and then parse the
+ *        CertRepContent.
+ *    doBackup
+ *        A boolean value indicating whether or not psm should initiate the
+ *        process of backing up the newly issued certificate into a PKCS-12
+ *        file.
+ *    clientContext
+ *         Client supplied data pointer that is returned to the client during
+ *         a UI event.
+ * NOTES:
+ * This function takes a CertRepContent as defined in the CMMF internet draft
+ * (http://search.ietf.org/internet-drafts/draft-ietf-pkix-cmmf-02.txt) and
+ * imports the certificate into the user's database. The certificate will have
+ * the string value of nickanme as it's nickname when added to the database
+ * unless another certificate with that same Distinguished Name (DN) already
+ * exists in the database, in which case the nickname of the certificate that
+ * already exists will be used. If the value passed in for doBackup is 
+ * non-zero, then the psm server will initiate the process of backing up the
+ * certificate(s) that were just imported.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates the certificate(s) were successfully
+ * added to the database. Any other return value means the certificate(s) could
+ * not be successfully added to the database.
+ */
+CMTStatus
+CMT_ProcessCMMFResponse(PCMT_CONTROL control, char *nickname, 
+			char *certRepString, CMBool doBackup,
+			void *clientContext);
+
+/*
+ * FUNCTION: CMT_CreateResource
+ * ----------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    resType
+ *        The enumeration representing the resource type to create.
+ *    params
+ *        A resource dependent binary string that will be sent to the psm 
+ *        server. Each resource will expect a binary string it defines.
+ *    rsrcId
+ *        A pointer to a pre-allocated chunk of memory where the library
+ *        can place the resource ID of the newly created resource.
+ *    errorCode
+ *        A pointer to a pre-allocated chunk of memory where the library
+ *        can place the errorCode returned by the psm server after creating
+ *        the resource.
+ * NOTES:
+ * This function sends a message to the psm server requesting that a new 
+ * resource be created.  The params parameter depends on the type of resource
+ * being created.  Below is a table detailing the format of the params for 
+ * a given resource type. Only the resource types listed below can be created
+ * by calling this function.
+ *
+ * Resource Type constant                  Value for params
+ * ------------------------------          ----------------
+ * SSM_RESTYPE_KEYGEN_CONTEXT              NULL
+ * SSM_RESTYPE_SECADVISOR_CONTEXT          NULL
+ * SSM_RESTYPE_SIGNTEXT                    NULL
+ *
+ * RETURN
+ * A return value of CMTSuccess means the psm server received the request and
+ * processed the create resource create. If the value at *errorCode is zero,
+ * then the value at *rsrcId is the resource ID of the newly created resource.
+ * Otherwise, creating the new resource failed and *errorCode contains the
+ * error code returned by the psm server. ???What are the return values and
+ * what do they mean. Any other return value indicates there was an error 
+ * in the communication with the psm server and the values at *rsrcId and 
+ * *errorCode should be ignored.
+ */
+CMTStatus
+CMT_CreateResource(PCMT_CONTROL control, SSMResourceType resType,
+		   CMTItem *params, CMUint32 *rsrcId, CMUint32 *errorCode);
+
+/*
+ * FUNCTION: CMT_SignText
+ * ----------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    resID
+ *        The resource ID of an SSMSignTextResource.
+ *    stringToSign
+ *        The string that the psm server should sign.
+ *    hostName
+ *        The host name of the site that is requesting a string to be
+ *        signed.  This is used for displaying the UI that tells the user
+ *        a web site has requested the use sign some text.
+ *    caOption
+ *        If the value is "auto" then psm will select the certificate
+ *        to use for signing automatically.
+ *        If the value is "ask" then psm will display a list of 
+ *        certificates for signing.
+ *    numCAs
+ *        The number of CA names included in the array caNames passed in as
+ *        the last parameter to this function.
+ *    caNames
+ *        An array of CA Names to use for filtering the user certs to use
+ *        for signing the text.
+ * NOTES
+ * This function will sign the text passed via the parameter stringToSign.
+ * The function will also cause the psm server to send some UI notifying the
+ * user that a site has requested the user sign some text.  The hostName 
+ * parameter is used in the UI to inform the user which site is requesting
+ * the signed text.  The caOption is used to determine if the psm server 
+ * should automatically select which personal cert to use in signing the
+ * text.  The caNames array is ussed to narrow down the field of personal
+ * certs to use when signing the text. In other words, only personal certs 
+ * trusted by the CA's passed in will be used.
+ *
+ * RETURN
+ * If the function returns CMTSuccess, that indicates the psm server 
+ * successfully signed the text.  The signed text can be retrieved by 
+ * calling CMT_GetStringResource and passing in SSM_FID_SIGNTEXT_RESULT
+ * as the field ID. Any other return value indicates an error meaning the
+ * string was not signed successfully.
+ */
+CMTStatus
+CMT_SignText(PCMT_CONTROL control, CMUint32 resID, char* stringToSign,
+             char* hostName, char *caOption, CMInt32 numCAs, char** caNames);
+
+/*
+ * FUNCTION: CMT_ProcessChallengeResponse
+ * --------------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    challengeString
+ *        The base64 encoded Challenge string received as the 
+ *        Proof-Of-Possession Challenge in response to CRMF request that
+ *        specified Challenge-Reponse as the method for Proof-Of-Possession.
+ *    responseString
+ *        A pointer to pre-allocated char* where the library can place a
+ *        copy of the bas64 encoded response to the challenge presented.
+ * NOTES
+ * This function takes the a challenge--that is encrypted with the public key
+ * of a certificate we created--and decrypts it with the private key we 
+ * generated.  The format of the challenge is as follows:
+ *
+ * Challenge ::= SEQUENCE { 
+ *      owf                 AlgorithmIdentifier  OPTIONAL, 
+ *      -- MUST be present in the first Challenge; MAY be omitted in any 
+ *      -- subsequent Challenge in POPODecKeyChallContent (if omitted, 
+ *      -- then the owf used in the immediately preceding Challenge is 
+ *      -- to be used). 
+ *      witness             OCTET STRING, 
+ *      -- the result of applying the one-way function (owf) to a 
+ *      -- randomly-generated INTEGER, A.  [Note that a different 
+ *      -- INTEGER MUST be used for each Challenge.] 
+ *      sender              GeneralName, 
+ *      -- the name of the sender. 
+ *      key                 OCTET STRING, 
+ *      -- the public key used to encrypt the challenge.  This will allow 
+ *      -- the client to find the appropriate key to do the decryption. 
+ *      challenge           OCTET STRING 
+ *      -- the encryption (under the public key for which the cert. 
+ *      -- request is being made) of Rand, where Rand is specified as 
+ *      --   Rand ::= SEQUENCE { 
+ *      --      int      INTEGER, 
+ *      --       - the randomly-generated INTEGER A (above) 
+ *      --      senderHash  OCTET STRING 
+ *      --       - the result of applying the one-way function (owf) to 
+ *      --       - the sender's general name 
+ *      --   } 
+ *      -- the size of "int" must be small enough such that "Rand" can be 
+ *      -- contained within a single PKCS #1 encryption block. 
+ *  } 
+ * This challenge is based on the Challenge initially defined in the CMMF
+ * internet draft, but differs in that this structure includes the sender
+ * as part of the challenge along with the public key and includes a has
+ * of the sender in the encrypted Rand structure.  The reason for including
+ * the key is to facilitate looking up the key that should be used to 
+ * decipher the challenge.  Including the hash of the sender in the encrypted
+ * Rand structure makes the challenge smaller and allows it to fit in 
+ * one RSA block. 
+ *
+ * The response is of the type POPODecKeyRespContent as defined in the CMMF
+ * internet draft.
+ *
+ * RETURN
+ * A return value of CMTSuccess indicates psm successfully parsed and processed
+ * the challenge and created a response.  The base64 encoded response to the
+ * challenge is placed at *responseString.  Any other return value indicates
+ * an error and the value at *responseString should be ignored.
+ */
+CMTStatus
+CMT_ProcessChallengeResponse(PCMT_CONTROL control, char *challengeString,
+			     char **responseString);
+
+/*
+ * FUNCTION: CMT_GetLocalizedString
+ * --------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    whichString
+ *        The enumerated value corresponding to the localized string to 
+ *        retrieve from the psm server
+ *    localizedString
+ *        A pointer to a pre-allocated char* where the library can place 
+ *        copy of the localized string retrieved from the psm server.
+ * NOTES
+ * This function retrieves a localized string from the psm server.  These 
+ * strings are useful for strings that aren't localized in the client 
+ * making use of the psm server, but need to be displayed by the user. Look
+ * in protocol.h for the enumerations of the localized strings that can 
+ * be fetched from psm via this method.
+ *
+ * RETURN
+ * A return value of CMTSuccess indicates the localized string was retrieved
+ * successfully and the localized value is located at *localizedString.  Any
+ * other return value indicates an error and the value at *localizedString
+ * should be ignored.
+ */
+CMTStatus 
+CMT_GetLocalizedString(PCMT_CONTROL        control, 
+                       SSMLocalizedString  whichString,
+                       char              **localizedString); 
+
+/*
+ * FUNCTION: CMT_DeleteModule
+ * --------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    moduleName
+ *        The name of the PKCS11 module to delete.
+ *    moduleType
+ *        A pointer to a pre-allocated integer where the library can place
+ *        a value that tells what the type of module was deleted.
+ * NOTES
+ * This function will send a message to the psm server requesting the server 
+ * delete a PKCS-11 module stored in psm's security module database. moduleName
+ * is the value passed in as moduleName when the module was added to the 
+ * security module database of psm.
+ * The values that may be returned by psm for moduleType are:
+ *
+ *    0      The module was an external module developped by a third party
+ *           that was added to the psm security module.
+ *
+ *    1      The module deleted was the internal PKCS-11 module that comes
+ *           built in with the psm server.
+ *
+ *    2      The module that was deleted was the FIPS  internal module.
+ *
+ * RETURN
+ * A return value of CMTSuccess indicates the security module was successfully
+ * delete from the psm security module database and the value at *moduleType
+ * will tell what type of module was deleted.
+ * Any other return value indicates an error and the value at *moduleType 
+ * should be ignored.
+ */
+CMTStatus
+CMT_DeleteModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 int          *moduleType);
+
+
+/*
+ * FUNCTION: CMT_AddNewModule
+ * --------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    moduleName
+ *        The name to be associated with the module once it is added to 
+ *        the psm security module database.
+ *    libraryPath
+ *        The path to the library to be  loaded.  The library should be 
+ *        loadable at run-time.
+ *    pubMechFlags
+ *        A bit vector indicating all cryptographic mechanisms that should
+ *        be turned on by default.  This module will become the default 
+ *        handler for the mechanisms that are set by this bit vector.
+ *    pubCipherFlags
+ *        A bit vector indicating all SSL or S/MIME cipher functions
+ *        supported by the module. Most modules will pas in 0x0 for this
+ *        parameter.
+ * NOTES:
+ * This function sends a message to the psm server and requests the .so
+ * file on UNIX or .dll file on Windows be loaded as a PKCS11 module and 
+ * be stored in the psm security module database.  The module will be stored
+ * with the name moduleName that is passed in and will always expect the 
+ * library to live at the path passed in via the parameter libraryPath.
+ * The pubMechFlags tell the psm server how this module should be used.
+ * Valid values are the #define constants defined at the beginning of
+ * this file.
+ * 
+ * RETURN
+ * A return value of CMTSuccess indicates the module was successfully loaded
+ * and placed in the security module database of psm.  Any other return value
+ * indicates an error and means the module was not loaded successfully and
+ * not stored in the psm server's security module database.
+ */
+CMTStatus
+CMT_AddNewModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 char         *libraryPath,
+                 unsigned long pubMechFlags,
+                 unsigned long pubCipherFlags);
+
+CMT_END_EXTERN_C
+
+#endif /*_CMTJS_H_*/

mozilla/security/psm/lib/client/cmtmac.c

@@ -0,0 +1,75 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#include "cmtmac.h"
+#include "macsocket.h"
+#include "stdlib.h"
+
+#ifndef XP_MAC
+#error Link with the builtin strdup() on your platform.
+#endif
+
+
+static void 
+my_strcpy(char *dest, const char *source)
+{
+	char *i = dest;
+	const char *j = source;
+	while(*j)
+		*i++ = *j++;
+	*i = '\0';
+}
+
+static int
+my_strlen(const char *str)
+{
+	const char *c = str;
+	int i = 0;
+	
+	while(*c++ != '\0')
+		i++;
+	return i;
+}
+
+char * strdup(const char *oldstr)
+{
+	/* used to keep the mac client library from referring to strdup elsewhere */
+	char *newstr;
+	
+	newstr = (char *) malloc(my_strlen(oldstr)+1);
+	if (newstr)
+		my_strcpy(newstr, oldstr);
+	return newstr;
+}
+

mozilla/security/psm/lib/client/cmtmac.h

@@ -0,0 +1,40 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#ifndef __CMTMAC_H__
+#define __CMTMAC_H__
+
+char * strdup(const char *str);
+
+#endif

mozilla/security/psm/lib/client/cmtpasswd.c

@@ -0,0 +1,119 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/************************************************************************
+ * Code to handle password requests from the the PSM module.
+ * 
+ ************************************************************************
+ */
+
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+
+void CMT_SetAppFreeCallback(PCMT_CONTROL control, 
+			    applicationFreeCallback_fn f)
+{
+  control->userFuncs.userFree = f;
+}
+    
+void CMT_ServicePasswordRequest(PCMT_CONTROL cm_control, CMTItem * requestData)
+{ 
+  CMTItem response = {0, NULL, 0};
+  PasswordRequest request;
+  PasswordReply reply;
+  void * clientContext;
+
+  /********************************************
+   *  What we trying to do here: 
+   *  1) Throw up a dialog box and request a password.
+   *  2) Create a message and send it to the PSM module.
+   ********************************************
+   */
+  
+  /* Decode the request */
+  if (CMT_DecodeMessage(PasswordRequestTemplate, &request, requestData) != CMTSuccess) {
+      goto loser;
+  }
+
+  /* Copy the client context to a pointer */
+  clientContext = CMT_CopyItemToPtr(request.clientContext);
+
+  if (cm_control->userFuncs.promptCallback == NULL) {
+      goto loser;
+  }
+  reply.passwd = 
+    cm_control->userFuncs.promptCallback(cm_control->userFuncs.promptArg, 
+					 request.prompt, clientContext, 1);
+  reply.tokenID = request.tokenKey;
+  if (!reply.passwd) {
+      /* the user cancelled the prompt or other errors occurred */
+      reply.result = -1;
+  }
+  else {
+      /* note that this includes an empty string (zero length password) */
+      reply.result = 0;
+  }
+
+  /* Encode the reply */
+  if (CMT_EncodeMessage(PasswordReplyTemplate, &response, &reply) != CMTSuccess) {
+      goto loser;
+  }
+
+  /* Set the message response type */
+  response.type = SSM_EVENT_MESSAGE | SSM_AUTH_EVENT;
+  CMT_TransmitMessage(cm_control, &response);
+  goto done;
+loser:
+  /* something has gone wrong */
+
+done:
+  /*clean up anyway */
+  /* We can't just free up memory allocated by the host
+     application because the versions of free may not match up.
+     When you run the plug-in with an optimized older browser,
+     you'll see tons of Asserts (why they still have asserts in an
+     optimized build is a different question, but without them 
+     I wouldn't have figured out this problem) about a pointer not
+     being a valid heap pointer and eventually crash.  This was 
+     the offending free line.
+     So we need to call a function within the browser that 
+     calls the free linked in with it.  js_free is
+     such a function.  But this is extremely ugly.
+   */
+  if (reply.passwd) 
+    cm_control->userFuncs.userFree(reply.passwd);
+  if (request.prompt) 
+    free(request.prompt);
+  return;
+}
+

mozilla/security/psm/lib/client/cmtpkcs7.c

@@ -0,0 +1,636 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2)
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/time.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#else /* Windows */
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+
+typedef struct _CMTP7Private {
+    CMTPrivate priv;
+    CMTP7ContentCallback cb;
+    void *cb_arg;
+} CMTP7Private;
+
+CMTStatus CMT_PKCS7DecoderStart(PCMT_CONTROL control, void* clientContext, CMUint32 * connectionID, CMInt32 * result,
+                                CMTP7ContentCallback cb, void *cb_arg)
+{
+    CMTItem message;
+    CMTStatus rv;
+    CMTP7Private *priv=NULL;
+    SingleItemMessage request;
+    DataConnectionReply reply;
+
+    /* Check passed in parameters */
+    if (!control) {
+        goto loser;
+    }
+
+    request.item = CMT_CopyPtrToItem(clientContext);
+
+    /* Encode message */
+    if (CMT_EncodeMessage(SingleItemMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7DECODE_STREAM;
+
+    /* Send the message. */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7DECODE_STREAM)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        CMTSocket sock;
+
+        priv = (CMTP7Private *)malloc(sizeof(CMTP7Private));
+        if (priv == NULL)
+            goto loser;
+        priv->priv.dest = (CMTReclaimFunc) free;
+        priv->cb = cb;
+        priv->cb_arg = cb_arg;
+        sock = control->sockFuncs.socket(0);
+        if (sock == NULL) {
+            goto loser;
+        }
+ 
+       if (control->sockFuncs.connect(sock, (short)reply.port, 
+                                      NULL) != CMTSuccess) {
+            goto loser;
+        }
+ 
+        if (control->sockFuncs.send(sock, control->nonce.data, 
+                                    control->nonce.len) != control->nonce.len){
+            goto loser;
+        }
+
+        /* Save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID)
+            != CMTSuccess) {
+            goto loser;
+        }
+        *connectionID = reply.connID;
+
+        rv = CMT_SetPrivate(control, reply.connID, &priv->priv);
+        if (rv != CMTSuccess)
+            goto loser;
+
+        return CMTSuccess;
+    } 
+
+loser:
+    if (priv) {
+        free(priv);
+    }
+
+	*result = reply.result;
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7DecoderUpdate(PCMT_CONTROL control, CMUint32 connectionID, const char * buf, CMUint32 len)
+{
+    CMUint32 sent;
+    CMTP7Private *priv;
+    unsigned long nbytes;
+    char read_buf[128];
+    CMTSocket sock, ctrlsock, selSock, sockArr[2];
+
+    /* Do some parameter checking */
+    if (!control || !buf) {
+        goto loser;
+    }
+
+    /* Get the data socket */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    /* Write the data to the socket */
+    sent = CMT_WriteThisMany(control, sock, (void*)buf, len);
+    if (sent != len) {
+        goto loser;
+    }
+
+	ctrlsock = control->sock;
+	sockArr[0] = ctrlsock;
+	sockArr[1] = sock;
+    while ((selSock = control->sockFuncs.select(sockArr,2,1))) 
+    {
+		if (selSock == ctrlsock) {
+			CMT_ProcessEvent(control);
+		} else {
+	        nbytes = control->sockFuncs.recv(sock, read_buf, sizeof(read_buf));
+		    if (nbytes == -1) {
+			    goto loser;
+			}
+			if (nbytes == 0) {
+	            break;
+		    }
+			priv->cb(priv->cb_arg, read_buf, nbytes);
+		}
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+                                                                                
+CMTStatus CMT_PKCS7DecoderFinish(PCMT_CONTROL control, CMUint32 connectionID, 
+                                 CMUint32 * resourceID)
+{
+    CMTP7Private *priv;
+    long nbytes;
+    char buf[128];
+    CMTSocket sock, ctrlsock, selSock, sockArr[2];
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    ctrlsock = control->sock;
+    /* drain socket before we close it */
+    control->sockFuncs.shutdown(sock);
+    sockArr[0] = sock;
+    sockArr[1] = ctrlsock;
+    /* Let's see if doing a poll first gets rid of a weird bug where we
+     * lock up the client.
+     */
+#ifndef XP_MAC
+    if (control->sockFuncs.select(sockArr,2,1) != NULL)
+#endif
+	{
+        while (1) {
+            selSock = control->sockFuncs.select(sockArr,2,0);
+            if (selSock == ctrlsock) {
+                CMT_ProcessEvent(control);
+            } else if (selSock == sock) {
+                nbytes = control->sockFuncs.recv(sock, buf, sizeof(buf));
+                if (nbytes < 0) {
+                    goto loser;
+                } else if (nbytes == 0) {
+                    break;
+                }
+                priv->cb(priv->cb_arg, buf, nbytes);
+            }
+        }
+    }
+    
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Get the PKCS7 content info */
+    if (CMT_GetRIDAttribute(control, connectionID, SSM_FID_P7CONN_CONTENT_INFO,
+                            resourceID) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+    if (control) {
+        CMT_CloseDataConnection(control, connectionID);
+    }
+    
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7DestroyContentInfo(PCMT_CONTROL control, CMUint32 resourceID)
+{
+    if (!control) {
+        goto loser;
+    }
+
+    /* Delete the resource */
+    if (CMT_DestroyResource(control, resourceID, SSM_FID_P7CONN_CONTENT_INFO) == CMTFailure) {
+        goto loser;
+    }
+    return CMTSuccess;
+
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7VerifyDetachedSignature(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 certUsage, CMUint32 hashAlgID, CMUint32 keepCerts, CMTItem* digest, CMInt32 * result)
+{
+    CMTItem message;
+    VerifyDetachedSigRequest request;
+    SingleNumMessage reply;
+
+    /* Do some parameter checking */
+    if (!control || !digest || !result) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.pkcs7ContentID = resourceID;
+    request.certUsage = certUsage;
+    request.hashAlgID = hashAlgID;
+    request.keepCert = (CMBool) keepCerts;
+    request.hash = *digest;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(VerifyDetachedSigRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_VERIFY_DETACHED_SIG;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING |SSM_VERIFY_DETACHED_SIG)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *result = reply.value;
+    return CMTSuccess;
+loser:
+	*result = reply.value;
+	return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7VerifySignature(PCMT_CONTROL control, CMUint32 pubKeyAlgID,
+                                   CMTItem *pubKeyParams, CMTItem *signerPubKey,
+                                   CMTItem *computedHash, CMTItem *signature,
+                                   CMInt32 *result)
+{
+	return CMTFailure;
+}
+
+CMTStatus CMT_CreateSigned(PCMT_CONTROL control, CMUint32 scertRID,
+                           CMUint32 ecertRID, CMUint32 dig_alg,
+                           CMTItem *digest, CMUint32 *ciRID, CMInt32 *errCode)
+{
+    CMTItem message;
+    CreateSignedRequest request;
+    CreateContentInfoReply reply;
+
+    /* Do some parameter checking */
+    if (!control || !scertRID || !ecertRID || !digest || !ciRID) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.scertRID = scertRID;
+    request.ecertRID = ecertRID;
+    request.dig_alg = dig_alg;
+    request.digest = *digest;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CreateSignedRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_SIGNED;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_SIGNED)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *ciRID = reply.ciRID;
+    if (reply.result == 0) {
+		return CMTSuccess;
+	} 
+
+loser:
+    if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) == CMTSuccess) {
+        *errCode = reply.errorCode;
+    } else {
+        *errCode = 0;
+    }
+	return CMTFailure;
+}
+
+CMTStatus CMT_CreateEncrypted(PCMT_CONTROL control, CMUint32 scertRID,
+                              CMUint32 *rcertRIDs, CMUint32 *ciRID)
+{
+    CMTItem message;
+    CMInt32 nrcerts;
+    CreateEncryptedRequest request;
+    CreateContentInfoReply reply;
+
+    /* Do some parameter checking */
+    if (!control || !scertRID || !rcertRIDs || !ciRID) {
+        goto loser;
+    }
+
+    /* Calculate the number of certs */
+    for (nrcerts =0; rcertRIDs[nrcerts] != 0; nrcerts++) {
+        /* Nothing */
+        ;
+    }
+
+    /* Set up the request */
+    request.scertRID = scertRID;
+    request.nrcerts = nrcerts;
+    request.rcertRIDs = (long *) rcertRIDs;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CreateEncryptedRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_ENCRYPTED;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message response type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_ENCRYPTED)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *ciRID = reply.ciRID;
+    if (reply.result == 0) {
+		return CMTSuccess;
+	} 
+loser:
+	return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7EncoderStart(PCMT_CONTROL control, CMUint32 ciRID,
+                                CMUint32 *connectionID, CMTP7ContentCallback cb,
+                                void *cb_arg)
+{
+    CMTItem message;
+    CMTStatus rv;
+    CMTP7Private *priv;
+    PKCS7DataConnectionRequest request;
+    DataConnectionReply reply;
+
+    /* Check passed in parameters */
+    if (!control || !ciRID) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = ciRID;
+    request.clientContext.len = 0;
+    request.clientContext.data = NULL;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(PKCS7DataConnectionRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7ENCODE_STREAM;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7ENCODE_STREAM)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        CMTSocket sock;
+
+        priv = (CMTP7Private *)malloc(sizeof(CMTP7Private));
+        if (priv == NULL)
+            goto loser;
+        priv->priv.dest = (CMTReclaimFunc) free;
+        priv->cb = cb;
+        priv->cb_arg = cb_arg;
+
+        sock = control->sockFuncs.socket(0);
+        if (sock == NULL) {
+            goto loser;
+        }
+        if (control->sockFuncs.connect(sock, (short)reply.port, 
+                                       NULL) != CMTSuccess) {
+            goto loser;
+        }
+        if (control->sockFuncs.send(sock, control->nonce.data, 
+                                   control->nonce.len) != control->nonce.len) {
+            goto loser;
+        }
+        /* Save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID)
+            != CMTSuccess) {
+            goto loser;
+        }
+        *connectionID = reply.connID;
+
+        rv = CMT_SetPrivate(control, reply.connID, &priv->priv);
+        if (rv != CMTSuccess)
+            goto loser;
+        return CMTSuccess;
+    } 
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7EncoderUpdate(PCMT_CONTROL control, CMUint32 connectionID,
+                                 const char *buf, CMUint32 len)
+{
+    CMUint32 sent;
+    CMTP7Private *priv;
+    unsigned long nbytes;
+    char read_buf[128];
+    CMTSocket sock, ctrlsock, sockArr[2], selSock;
+
+    /* Do some parameter checking */
+    if (!control || !connectionID || !buf) {
+        goto loser;
+    }
+
+    /* Get the data socket */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    /* Write the data to the socket */
+    sent = CMT_WriteThisMany(control, sock, (void*)buf, len);
+    if (sent != len) {
+        goto loser;
+    }
+	ctrlsock = control->sock;
+	sockArr[0] = ctrlsock;
+	sockArr[1] = sock;
+    while ((selSock = control->sockFuncs.select(sockArr, 2, 1)) != NULL) 
+    {
+		if (selSock == ctrlsock) {
+			CMT_ProcessEvent(control);
+		} else {
+	        nbytes = control->sockFuncs.recv(sock, read_buf, sizeof(read_buf));
+		    if (nbytes == -1) {
+			    goto loser;
+			} else if (nbytes == 0) {
+	            break;
+		    } else {
+			    priv->cb(priv->cb_arg, read_buf, nbytes);
+			}
+		}
+    }
+    return CMTSuccess;
+
+loser:
+
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7EncoderFinish(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    CMTP7Private *priv;
+    unsigned long nbytes;
+    char buf[128];
+    CMTSocket sock, ctrlsock, sockArr[2], selSock;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    ctrlsock = control->sock;
+    sockArr[0] = ctrlsock;
+    sockArr[1] = sock;
+    control->sockFuncs.shutdown(sock);
+    while (1) {
+        selSock = control->sockFuncs.select(sockArr, 2, 0);
+        if (selSock == ctrlsock) {
+            CMT_ProcessEvent(control);
+        } else if (selSock == sock) {
+            nbytes = control->sockFuncs.recv(sock, buf, sizeof(buf));
+            if (nbytes < 0) {
+                goto loser;
+            } else if (nbytes == 0) {
+                break;
+            } else {
+                priv->cb(priv->cb_arg, buf, nbytes);
+            }
+        }
+    }
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+    if (control) {
+        CMT_CloseDataConnection(control, connectionID);
+    }
+    
+    return CMTFailure;
+}

mozilla/security/psm/lib/client/cmtres.c

@@ -0,0 +1,479 @@
+/* -*- mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2)
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#else
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include <string.h>
+
+CMTStatus CMT_GetNumericAttribute(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 fieldID, CMInt32 *value)
+{
+    CMTItem message;
+    GetAttribRequest request;
+    GetAttribReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(GetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_NUMERIC_ATTRIBUTE;
+
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_NUMERIC_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(GetAttribReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *value = reply.value.u.numeric;
+
+    /* Success */
+    if (reply.result == 0) {
+        return CMTSuccess;
+    } 
+
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_SetNumericAttribute(PCMT_CONTROL control, CMUint32 resourceID,
+				  CMUint32 fieldID, CMInt32 value)
+{
+    CMTItem message;
+    SetAttribRequest request;
+
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+    request.value.type = SSM_NUMERIC_ATTRIBUTE;
+    request.value.u.numeric = value;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(SetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+                   SSM_SET_ATTRIBUTE | SSM_NUMERIC_ATTRIBUTE;
+
+    if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | 
+                              SSM_SET_ATTRIBUTE    | SSM_NUMERIC_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_PadStringValue(CMTItem *dest, CMTItem src)
+{
+    dest->data = NewArray(unsigned char, src.len+1);
+    if (dest->data == NULL) {
+        return CMTFailure;
+    }
+    memcpy(dest->data, src.data, src.len);
+    dest->data[src.len] = '\0';
+    dest->len = src.len;
+    free(src.data);
+    return CMTSuccess;
+}
+
+CMTStatus CMT_GetStringAttribute(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 fieldID, CMTItem *value)
+{
+    CMTItem message;
+    GetAttribRequest request;
+    GetAttribReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(GetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_STRING_ATTRIBUTE;
+    
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_STRING_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    /* Decode the response */
+    if (CMT_DecodeMessage(GetAttribReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        return CMT_PadStringValue(value, reply.value.u.string);
+    } 
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_SetStringAttribute(PCMT_CONTROL control, CMUint32 resourceID,
+		       CMUint32 fieldID, CMTItem *value)
+{
+    CMTItem message;
+    SetAttribRequest request;
+    
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+    request.value.type = SSM_STRING_ATTRIBUTE;
+    request.value.u.string = *value;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+                   SSM_SET_ATTRIBUTE | SSM_STRING_ATTRIBUTE;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message request type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | 
+                         SSM_SET_ATTRIBUTE    | SSM_STRING_ATTRIBUTE)) {
+        goto loser;
+    }
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_DuplicateResource(PCMT_CONTROL control, CMUint32 resourceID,
+				CMUint32 *newResID)
+{
+    CMTItem message;
+    SingleNumMessage request;
+    DupResourceReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.value = resourceID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_DUPLICATE_RESOURCE;
+
+    /* Send the mesage */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_DUPLICATE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DupResourceReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *newResID = reply.resID;
+        return CMTSuccess;
+    } 
+
+loser:
+    *newResID = 0;
+    return CMTFailure;
+}
+
+CMTStatus CMT_DestroyResource(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 resourceType)
+{
+    CMTItem message;
+    DestroyResourceRequest request;
+    SingleNumMessage reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.resType = resourceType;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(DestroyResourceRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_DESTROY_RESOURCE;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_DESTROY_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.value == 0) {
+        return CMTSuccess;
+    }
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_PickleResource(PCMT_CONTROL control, CMUint32 resourceID, CMTItem * pickledResource)
+{
+    CMTItem message;
+    SingleNumMessage request;
+    PickleResourceReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.value = resourceID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_PICKLE_RESOURCE;
+
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_PICKLE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(PickleResourceReplyTemplate, &reply,&message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *pickledResource = reply.blob;
+        return CMTSuccess;
+    } 
+
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_UnpickleResource(PCMT_CONTROL control, CMUint32 resourceType, CMTItem pickledResource, CMUint32 * resourceID)
+{
+    CMTItem message;
+    UnpickleResourceRequest request;
+    UnpickleResourceReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resourceType = resourceType;
+    request.resourceData = pickledResource;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(UnpickleResourceRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_UNPICKLE_RESOURCE;
+    
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_UNPICKLE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(UnpickleResourceReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *resourceID = reply.resID;
+        return CMTSuccess;
+    } 
+
+loser:
+    *resourceID = 0;
+    return CMTFailure;
+}
+
+CMTStatus CMT_GetRIDAttribute(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 fieldID, CMUint32 *value)
+{
+    CMTItem message;
+    GetAttribRequest request;
+    GetAttribReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(GetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_RID_ATTRIBUTE;
+
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message response type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_RID_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(GetAttribReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *value = reply.value.u.rid;
+        return CMTSuccess;
+    } 
+loser:
+    return CMTFailure;
+}
+ 

mozilla/security/psm/lib/client/cmtrng.c

@@ -0,0 +1,270 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  cmtrng.c -- Support for PSM random number generator and the seeding
+              thereof with data from the client.
+
+  Created by mwelch 1999 Oct 21
+ */
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+#include <string.h>
+
+CMTStatus
+CMT_EnsureInitializedRNGBuf(PCMT_CONTROL control)
+{
+    if (control->rng.outBuf == NULL)
+    {
+        control->rng.outBuf = (char *) calloc(RNG_OUT_BUFFER_LEN, sizeof(char));
+        if (control->rng.outBuf == NULL)
+            goto loser;
+
+        control->rng.validOutBytes = 0;
+        control->rng.out_cur = control->rng.outBuf;
+        control->rng.out_end = control->rng.out_cur + RNG_OUT_BUFFER_LEN;
+        
+        control->rng.inBuf = (char *) calloc(RNG_IN_BUFFER_LEN, sizeof(char));
+        if (control->rng.outBuf == NULL)
+            goto loser;
+    }
+
+    return CMTSuccess;
+
+ loser:
+    if (control->rng.outBuf != NULL)
+    {
+        free(control->rng.outBuf);
+        control->rng.outBuf = NULL;
+    }
+    if (control->rng.inBuf != NULL)
+    {
+        free(control->rng.inBuf);
+        control->rng.inBuf = NULL;
+    }
+
+    return CMTFailure;
+}
+
+
+size_t 
+CMT_RequestPSMRandomData(PCMT_CONTROL control, 
+                         void *buf, CMUint32 maxbytes)
+{
+    SingleNumMessage req;
+    SingleItemMessage reply;
+    CMTItem message;
+    size_t rv = 0;
+    
+    /* Parameter checking */
+    if (!control || !buf || (maxbytes == 0))
+        goto loser;
+
+    /* Initialization. */
+    memset(&reply, 0, sizeof(SingleItemMessage));
+
+    /* Ask PSM for the data. */
+    req.value = maxbytes;
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &req) != CMTSuccess)
+        goto loser;
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_MISC_ACTION | SSM_MISC_GET_RNG_DATA;
+    
+    /* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure)
+        goto loser;
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_MISC_ACTION | SSM_MISC_GET_RNG_DATA))
+        goto loser;
+
+    /* Decode message */
+    if (CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message) != CMTSuccess)
+        goto loser;
+
+    /* Success - fill the return buf with what we got */
+    if (reply.item.len > maxbytes)
+        reply.item.len = maxbytes;
+
+    memcpy(buf, reply.item.data, reply.item.len);
+    rv = reply.item.len;
+
+ loser:
+    if (reply.item.data)
+        free(reply.item.data);
+    if (message.data)
+        free(message.data);
+
+    return rv;
+}
+
+size_t 
+CMT_GenerateRandomBytes(PCMT_CONTROL control, 
+                        void *buf, CMUint32 maxbytes)
+{
+    CMUint32 remaining = maxbytes;
+    CMT_RNGState *rng = &(control->rng);
+    char *walk = (char *) buf;
+
+    /* Is there already enough in the incoming cache? */
+    while(remaining > rng->validInBytes)
+    {
+        /* Get what we have on hand. */
+        memcpy(walk, rng->in_cur, rng->validInBytes);
+        walk += rng->validInBytes;
+        remaining -= rng->validInBytes;
+
+        /* Request a buffer from PSM. */
+        rng->validInBytes = CMT_RequestPSMRandomData(control, 
+                                                     rng->inBuf, 
+                                                     RNG_IN_BUFFER_LEN);
+        if (rng->validInBytes == 0)
+            return (maxbytes - remaining); /* call failed */
+        rng->in_cur = rng->inBuf;
+    }
+    if (remaining > 0)
+    {
+        memcpy(walk, rng->in_cur, remaining);
+        rng->in_cur += remaining;
+        rng->validInBytes -= remaining;
+    }
+    return maxbytes;
+}
+
+void
+cmt_rng_xor(void *dstBuf, void *srcBuf, int len)
+{
+    unsigned char *s = (unsigned char*) srcBuf;
+    unsigned char *d = (unsigned char*) dstBuf;
+    unsigned char tmp;
+    int i;
+
+    for(i=0; i<len; i++, s++, d++)
+    {
+        tmp = *d;
+        /* I wish C had circular shift operators. So do others on the team. */
+        tmp = ((tmp << 1) | (tmp >> 7));
+        *d = tmp ^ *s;
+    }
+}
+
+CMTStatus 
+CMT_RandomUpdate(PCMT_CONTROL control, void *data, size_t numbytes)
+{
+    size_t dataLeft = numbytes, cacheLeft;
+    char *walk = (char *) data;
+
+    if (CMT_EnsureInitializedRNGBuf(control) != CMTSuccess)
+        goto loser;
+
+    /* If we have more than what the buffer can handle, wrap around. */
+    cacheLeft = (control->rng.out_end - control->rng.out_cur);
+    while (dataLeft >= cacheLeft)
+    {
+        cmt_rng_xor(control->rng.out_cur, walk, cacheLeft);
+        walk += cacheLeft;
+        dataLeft -= cacheLeft;
+
+        control->rng.out_cur = control->rng.outBuf;
+
+        /* Max out used space */
+        control->rng.validOutBytes = cacheLeft = RNG_OUT_BUFFER_LEN;
+    }
+
+    /* 
+       We now have less seed data available than we do space in the buf.
+       Write what we have and update validOutBytes if we're not looping already.
+     */
+    cmt_rng_xor(control->rng.out_cur, walk, dataLeft);
+    control->rng.out_cur += dataLeft;
+    if (control->rng.validOutBytes < RNG_OUT_BUFFER_LEN)
+        control->rng.validOutBytes += dataLeft;
+
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+size_t
+CMT_GetNoise(PCMT_CONTROL control, void *buf, CMUint32 maxbytes)
+{
+    /* ### mwelch - GetNoise and GenerateRandomBytes can be the 
+       same function now, because presumably the RNG is being 
+       seeded with environmental noise on the PSM end before we 
+       make any of these requests */
+    return CMT_GenerateRandomBytes(control, buf, maxbytes);
+}
+
+CMTStatus 
+CMT_FlushPendingRandomData(PCMT_CONTROL control)
+{
+    CMTItem message;
+
+    memset(&message, 0, sizeof(CMTItem));
+
+    if (CMT_EnsureInitializedRNGBuf(control) != CMTSuccess)
+        return CMTFailure; /* couldn't initialize RNG buffer */
+
+    if (control->rng.validOutBytes == 0)
+        return CMTSuccess; /* no random data available == we're flushed */
+
+    /* We have random data available. Send this to PSM.
+       We're sending an event, so no reply is needed. */
+    message.type = SSM_EVENT_MESSAGE 
+        | SSM_MISC_ACTION 
+        | SSM_MISC_PUT_RNG_DATA;
+    message.len = control->rng.validOutBytes;
+    message.data = (unsigned char *) calloc(message.len, sizeof(char));
+    if (!message.data)
+        goto loser;
+    memcpy(message.data, control->rng.outBuf, message.len);
+
+    if (CMT_TransmitMessage(control, &message) == CMTFailure)
+        goto loser;
+
+    /* Clear the RNG ring buffer, we've used that data */
+    control->rng.out_cur = control->rng.outBuf;
+    control->rng.validOutBytes = 0;
+    /* zero the buffer, because we XOR in new data */
+    memset(control->rng.outBuf, 0, RNG_OUT_BUFFER_LEN);
+
+    goto done;
+ loser:
+    if (message.data)
+        free(message.data);
+    return CMTFailure;
+ done:
+    return CMTSuccess;
+}

mozilla/security/psm/lib/client/cmtsdr.c

@@ -0,0 +1,237 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  cmtsdr.c -- Support for the Secret Decoder Ring, which provides
+      encryption and decryption using stored keys.
+
+  Created by thayes 18 April 2000
+ */
+#include "stddef.h"
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "protocolshr.h"
+#include "rsrcids.h"
+#include <string.h>
+
+#undef PROCESS_LOCALLY
+
+/* Encryption result - contains the key id and the resulting data */
+/* An empty key id indicates that NO encryption was performed */
+typedef struct EncryptionResult
+{
+  CMTItem keyid;
+  CMTItem data;
+} EncryptionResult;
+
+/* Constants for testing */
+static const char *kPrefix = "Encrypted:";
+
+static CMTItem
+CMT_CopyDataToItem(const unsigned char *data, CMUint32 len)
+{
+  CMTItem item;
+
+  item.data = (unsigned char*) calloc(len, 1);
+  item.len = len;
+  memcpy(item.data, data, len);
+
+  return item;
+}
+
+
+static CMTStatus
+tmp_SendMessage(PCMT_CONTROL control, CMTItem *message)
+{
+#ifndef PROCESS_LOCALLY
+  return CMT_SendMessage(control, message);
+#else
+  if (message->type == SSM_SDR_ENCRYPT_REQUEST) 
+    return CMT_DoEncryptionRequest(message);
+  else if (message->type == SSM_SDR_DECRYPT_REQUEST)
+    return CMT_DoDecryptionRequest(message);
+
+  return CMTFailure;
+#endif
+}
+/* End test code */
+
+CMTStatus
+CMT_SDREncrypt(PCMT_CONTROL control, void *ctx,
+               const unsigned char *key, CMUint32 keyLen,
+               const unsigned char *data, CMUint32 dataLen,
+               unsigned char **result, CMUint32 *resultLen)
+{
+  CMTStatus rv = CMTSuccess;
+  CMTItem message;
+  EncryptRequestMessage request;
+  SingleItemMessage reply;
+
+  /* Fill in the request */
+  request.keyid = CMT_CopyDataToItem(key, keyLen);
+  request.data = CMT_CopyDataToItem(data, dataLen);
+  request.ctx = CMT_CopyPtrToItem(ctx);
+
+  reply.item.data = 0;
+  reply.item.len = 0;
+  message.data = 0;
+  message.len = 0;
+
+  /* Encode */
+  rv = CMT_EncodeMessage(EncryptRequestTemplate, &message, &request);
+  if (rv != CMTSuccess) {
+    goto loser;
+  }
+
+  message.type = SSM_SDR_ENCRYPT_REQUEST;
+
+  /* Send */
+  /* if (CMT_SendMessage(control, &message) != CMTSuccess) goto loser; */
+  rv = tmp_SendMessage(control, &message);
+  if (rv != CMTSuccess) goto loser;
+
+  if (message.type != SSM_SDR_ENCRYPT_REPLY) { rv = CMTFailure; goto loser; }
+
+  rv = CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message);
+  if (rv != CMTSuccess)
+    goto loser;
+
+  *result = reply.item.data;
+  *resultLen = reply.item.len;
+
+  reply.item.data = 0;
+
+loser:
+  if (message.data) free(message.data);
+  if (request.keyid.data) free(request.keyid.data);
+  if (request.data.data) free(request.data.data);
+  if (request.ctx.data) free(request.ctx.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv; /* need return value */
+}
+
+CMTStatus
+CMT_SDRDecrypt(PCMT_CONTROL control, void *ctx,
+               const unsigned char *data, CMUint32 dataLen,
+               unsigned char **result, CMUint32 *resultLen)
+{
+  CMTStatus rv;
+  CMTItem message;
+  DecryptRequestMessage request;
+  SingleItemMessage reply;
+
+  /* Fill in the request */
+  request.data = CMT_CopyDataToItem(data, dataLen);
+  request.ctx = CMT_CopyPtrToItem(ctx);
+
+  reply.item.data = 0;
+  reply.item.len = 0;
+  message.data = 0;
+  message.len = 0;
+
+  /* Encode */
+  rv = CMT_EncodeMessage(DecryptRequestTemplate, &message, &request);
+  if (rv != CMTSuccess) {
+    goto loser;
+  }
+
+  message.type = SSM_SDR_DECRYPT_REQUEST;
+
+  /* Send */
+  /* if (CMT_SendMessage(control, &message) != CMTSuccess) goto loser; */
+  rv = tmp_SendMessage(control, &message);
+  if (rv != CMTSuccess) goto loser;
+
+  if (message.type != SSM_SDR_DECRYPT_REPLY) { rv = CMTFailure; goto loser; }
+
+  rv = CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message);
+  if (rv != CMTSuccess)
+    goto loser;
+
+  *result = reply.item.data;
+  *resultLen = reply.item.len;
+
+  reply.item.data = 0;
+
+loser:
+  if (message.data) free(message.data);
+  if (request.data.data) free(request.data.data);
+  if (request.ctx.data) free(request.ctx.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv; /* need return value */
+}
+
+CMTStatus
+CMT_SDRChangePassword(PCMT_CONTROL control, void *ctx)
+{
+  CMTStatus rv = CMTSuccess;
+  CMTItem message;
+  SingleItemMessage request;
+  SingleNumMessage reply;
+
+  /* Fill in the request */
+  request.item = CMT_CopyPtrToItem(ctx);
+
+  message.data = 0;
+  message.len = 0;
+
+  /* Encode */
+  rv = CMT_EncodeMessage(SingleItemMessageTemplate, &message, &request);
+  if (rv != CMTSuccess) {
+    goto loser;
+  }
+
+  message.type = (SSM_REQUEST_MESSAGE|SSM_MISC_ACTION|SSM_MISC_UI|SSM_UI_CHANGE_PASSWORD);
+
+  /* Send */
+  rv = CMT_SendMessage(control, &message);
+  if (rv != CMTSuccess) goto loser;
+
+  if (message.type != 
+     (SSM_REPLY_OK_MESSAGE|SSM_MISC_ACTION|SSM_MISC_UI|SSM_UI_CHANGE_PASSWORD)) { 
+    rv = CMTFailure;
+    goto loser; 
+  }
+
+  rv = CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message);
+  if (rv != CMTSuccess)
+    goto loser;
+
+loser:
+  if (request.item.data) free(request.item.data);
+  if (message.data) free(message.data);
+
+  return rv; /* need return value */
+}

mozilla/security/psm/lib/client/cmtssl.c

@@ -0,0 +1,467 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2)
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#else /* windows */
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+
+
+
+CMTStatus CMT_OpenSSLConnection(PCMT_CONTROL control, CMTSocket sock,
+                                SSMSSLConnectionRequestType flags, 
+                                CMUint32 port, char * hostIP, 
+                                char * hostName, CMBool forceHandshake, void* clientContext)
+{
+	CMTItem message;
+    SSLDataConnectionRequest request;
+    DataConnectionReply reply;
+    CMUint32 sent;
+	
+	/* Do some parameter checking */
+	if (!control || !hostIP || !hostName) {
+		goto loser;
+	}
+
+    request.flags = flags;
+    request.port = port;
+    request.hostIP = hostIP;
+    request.hostName = hostName;
+    request.forceHandshake = forceHandshake;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+
+    /* Encode message */
+    if (CMT_EncodeMessage(SSLDataConnectionRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_SSL_CONNECTION;
+    
+	/* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_SSL_CONNECTION)) {
+        goto loser;
+    }
+
+    /* Decode message */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+	/* Success */
+	if (reply.result == 0) {
+	  if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+	  }
+	  sent = CMT_WriteThisMany(control, sock, control->nonce.data, 
+                               control->nonce.len);
+	  if (sent != control->nonce.len) {
+            goto loser;
+	  }
+	  
+	  /* Save connection info */
+	  if (CMT_AddDataConnection(control, sock, reply.connID)
+	      != CMTSuccess) {
+	    goto loser;
+	  }
+
+	  return CMTSuccess;
+	} 
+	
+loser:
+	return CMTFailure;
+}
+
+CMTStatus CMT_GetSSLDataErrorCode(PCMT_CONTROL control, CMTSocket sock,
+                                  CMInt32* errorCode)
+{
+    CMUint32 connID;
+
+    if (!control || !errorCode) {
+        goto loser;
+    }
+
+    /* get the data connection */
+    if (CMT_GetDataConnectionID(control, sock, &connID) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* get the PR error */
+    if (CMT_GetNumericAttribute(control, connID, SSM_FID_SSLDATA_ERROR_VALUE,
+                                errorCode) != CMTSuccess) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_ReleaseSSLSocketStatus(PCMT_CONTROL control, CMTSocket sock)
+{
+    CMUint32 connectionID;
+
+    if (!control || !sock) {
+        goto loser;
+    }
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+        goto loser;
+    }
+    if (CMT_SetNumericAttribute(control, connectionID, 
+                                SSM_FID_SSLDATA_DISCARD_SOCKET_STATUS,
+                                0) != CMTSuccess) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_GetSSLSocketStatus(PCMT_CONTROL control, CMTSocket sock, 
+                                 CMTItem* pickledStatus, CMInt32* level)
+{
+    CMUint32 connectionID;
+    SingleNumMessage request;
+    CMTItem message;
+    PickleSecurityStatusReply reply;
+
+    if (!control || !pickledStatus || !level) {
+        goto loser;
+    }
+
+	/* get the data connection */
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+		goto loser;
+	}
+
+    /* set up the request */
+    request.value = connectionID;
+
+    /* encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+        SSM_CONSERVE_RESOURCE | SSM_PICKLE_SECURITY_STATUS;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION |
+                         SSM_CONSERVE_RESOURCE | SSM_PICKLE_SECURITY_STATUS)) {
+        goto loser;
+    }
+
+    /* decode the reply */
+    if (CMT_DecodeMessage(PickleSecurityStatusReplyTemplate, &reply, &message)
+        != CMTSuccess) {
+        goto loser;
+    }
+
+    /* success */
+    if (reply.result == 0) {
+        *pickledStatus = reply.blob;
+        *level = reply.securityLevel;
+        return CMTSuccess;
+    }
+
+loser:
+    return CMTFailure;
+}
+
+
+CMTStatus CMT_OpenTLSConnection(PCMT_CONTROL control, CMTSocket sock,
+                                CMUint32 port, char* hostIP, char* hostName)
+{
+    TLSDataConnectionRequest request;
+    CMTItem message;
+    DataConnectionReply reply;
+    CMUint32 sent;
+
+    /* do some parameter checking */
+    if (!control || !hostIP || !hostName) {
+        goto loser;
+    }
+
+    request.port = port;
+    request.hostIP = hostIP;
+    request.hostName = hostName;
+
+    /* encode the message */
+    if (CMT_EncodeMessage(TLSDataConnectionRequestTemplate, &message, &request)
+        != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | 
+        SSM_TLS_CONNECTION;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | 
+                         SSM_TLS_CONNECTION)) {
+        goto loser;
+    }
+
+    /* decode the message */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* success */
+    if (reply.result == 0) {
+        if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+        }
+        sent = CMT_WriteThisMany(control, sock, control->nonce.data, 
+                                 control->nonce.len);
+        if (sent != control->nonce.len) {
+            goto loser;
+        }
+
+        /* save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID) != CMTSuccess) {
+            goto loser;
+        }
+
+        return CMTSuccess;
+    }
+loser:
+    return CMTFailure;
+}
+
+
+CMTStatus CMT_TLSStepUp(PCMT_CONTROL control, CMTSocket sock, 
+                        void* clientContext)
+{
+    TLSStepUpRequest request;
+    SingleNumMessage reply;
+    CMTItem message;
+    CMUint32 connectionID;
+
+    /* check arguments */
+    if (!control || !sock) {
+        goto loser;
+    }
+
+    /* get the data connection ID */
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set up the request */
+    request.connID = connectionID;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+
+    /* encode the request */
+    if (CMT_EncodeMessage(TLSStepUpRequestTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_TLS_STEPUP;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION |
+                         SSM_TLS_STEPUP)) {
+        goto loser;
+    }
+
+    /* decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    return (CMTStatus) reply.value;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_OpenSSLProxyConnection(PCMT_CONTROL control, CMTSocket sock,
+                                     CMUint32 port, char* hostIP, 
+                                     char* hostName)
+{
+    TLSDataConnectionRequest request;
+    CMTItem message;
+    DataConnectionReply reply;
+    CMUint32 sent;
+
+    /* do some parameter checking */
+    if (!control || !hostIP || !hostName) {
+        goto loser;
+    }
+
+    request.port = port;
+    request.hostIP = hostIP;
+    request.hostName = hostName;
+
+    /* encode the message */
+    if (CMT_EncodeMessage(TLSDataConnectionRequestTemplate, &message, &request)
+        != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | 
+        SSM_PROXY_CONNECTION;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | 
+                         SSM_PROXY_CONNECTION)) {
+        goto loser;
+    }
+
+    /* decode the message */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* success */
+    if (reply.result == 0) {
+        if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+        }
+        sent = CMT_WriteThisMany(control, sock, control->nonce.data, 
+                                 control->nonce.len);
+        if (sent != control->nonce.len) {
+            goto loser;
+        }
+
+        /* save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID) != CMTSuccess) {
+            goto loser;
+        }
+
+        return CMTSuccess;
+    }
+loser:
+    return CMTFailure;
+}
+
+
+CMTStatus CMT_ProxyStepUp(PCMT_CONTROL control, CMTSocket sock, 
+                        void* clientContext, char* remoteUrl)
+{
+    ProxyStepUpRequest request;
+    SingleNumMessage reply;
+    CMTItem message;
+    CMUint32 connectionID;
+
+    /* check arguments */
+    if (!control || !sock || !remoteUrl) {
+        goto loser;
+    }
+
+    /* get the data connection ID */
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set up the request */
+    request.connID = connectionID;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+    request.url = remoteUrl;
+
+    /* encode the request */
+    if (CMT_EncodeMessage(ProxyStepUpRequestTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+        SSM_PROXY_STEPUP;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION |
+                         SSM_PROXY_STEPUP)) {
+        goto loser;
+    }
+
+    /* decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    return (CMTStatus) reply.value;
+loser:
+    return CMTFailure;
+}

mozilla/security/psm/lib/client/cmtutils.c

@@ -0,0 +1,648 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2)
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#else /* Windows */
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "newproto.h"
+#include <string.h>
+
+/* Local defines */
+#if 0
+#define PSM_WAIT_BEFORE_SLEEP           (CM_TicksPerSecond() * 60)
+#define PSM_SPINTIME                    PSM_WAIT_BEFORE_SLEEP
+#define PSM_KEEP_CONNECTION_ALIVE       (PSM_WAIT_BEFORE_SLEEP * 900)
+#endif
+
+/* If you want to dump the messages sent between the plug-in and the PSM 
+ * server, then remove the comment for the appropriate define.
+ */
+#if 0
+#define PRINT_SEND_MESSAGES
+#define PRINT_RECEIVE_MESSAGES
+#endif
+
+#ifdef PRINT_SEND_MESSAGES
+#ifndef DEBUG_MESSAGES
+#define DEBUG_MESSAGES
+#endif /*DEBUG_MESSAGES*/
+#endif /*PRINT_SEND_MESSAGES*/
+
+#ifdef PRINT_RECEIVE_MESSAGES
+#ifndef DEBUG_MESSAGES
+#define DEBUG_MESSAGES
+#endif /*DEBUG_MESSAGES*/
+#endif /*PRINT_RECEIVE_MESSAGES*/
+
+#ifdef DEBUG_MESSAGES
+#define LOG(x) do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, x); fclose(f); } } while(0);
+#define LOG_S(x) do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, "%s", x); fclose(f); } } while(0);
+#define ASSERT(x) if (!(x)) { LOG("ASSERT:"); LOG(#x); LOG("\n"); exit(-1); }
+#else
+#define LOG(x)
+#define LOG_S(x)
+#define ASSERT(x)
+#endif
+
+CMUint32
+cmt_Strlen(char *str)
+{
+    CMUint32 len = strlen(str);
+    return sizeof(CMInt32) + (((len + 3)/4)*4);
+}
+
+CMUint32
+cmt_Bloblen(CMTItem *blob)
+{
+    return sizeof(CMInt32) + (((blob->len +3)/4)*4);
+}
+
+char *
+cmt_PackString(char *buf, char *str)
+{
+    CMUint32 len = strlen(str);
+    CMUint32 networkLen = htonl(len);
+    CMUint32 padlen = ((len + 3)/4)*4;
+
+    memcpy(buf, &networkLen, sizeof(CMUint32));
+    memcpy(buf + sizeof(CMUint32), str, len);
+    memset(buf + sizeof(CMUint32) + len, 0, padlen - len);
+
+    return buf+sizeof(CMUint32)+padlen;
+}
+
+char *
+cmt_PackBlob(char *buf, CMTItem *blob)
+{
+    CMUint32 len = blob->len;
+    CMUint32 networkLen = htonl(len);
+    CMUint32 padlen = (((blob->len + 3)/4)*4);
+
+    *((CMUint32*)buf) = networkLen;
+    memcpy(buf + sizeof(CMUint32), blob->data, len);
+    memset(buf + sizeof(CMUint32) + len, 0, padlen - len);
+
+    return buf + sizeof(CMUint32) + padlen;
+}
+
+char *
+cmt_UnpackString(char *buf, char **str)
+{
+    char *p = NULL;
+    CMUint32 len, padlen;
+
+    /* Get the string length */
+    len = ntohl(*(CMUint32*)buf);
+
+    /* Get the padded length */
+    padlen = ((len + 3)/4)*4;
+
+    /* Allocate the string and copy the data */
+    p = (char *) malloc(len + 1);
+    if (!p) {
+        goto loser;
+    }
+    /* Copy the data and NULL terminate */
+    memcpy(p, buf+sizeof(CMUint32), len);
+    p[len] = 0;
+
+    *str = p;
+    return buf+sizeof(CMUint32)+padlen;
+loser:
+    *str = NULL;
+    if (p) {
+        free(p);
+    }
+    return buf+sizeof(CMUint32)+padlen;
+}
+
+char *
+cmt_UnpackBlob(char *buf, CMTItem **blob)
+{
+    CMTItem *p = NULL;
+    CMUint32 len, padlen;
+
+    /* Get the blob length */
+    len = ntohl(*(CMUint32*)buf);
+    
+    /* Get the padded length */
+    padlen = ((len + 3)/4)*4;
+
+    /* Allocate the CMTItem for the blob */
+    p = (CMTItem*)malloc(sizeof(CMTItem));
+    if (!p) {
+        goto loser;
+    }
+    p->len = len;
+    p->data = (unsigned char *) malloc(len);
+    if (!p->data) {
+        goto loser;
+    }
+
+    /* Copy that data across */
+    memcpy(p->data, buf+sizeof(CMUint32), len);
+    *blob = p;
+
+    return buf+sizeof(CMUint32)+padlen;
+
+loser:
+    *blob = NULL;
+    CMT_FreeMessage(p);
+
+    return buf+sizeof(CMUint32)+padlen;
+}
+
+#ifdef DEBUG_MESSAGES
+void prettyPrintMessage(CMTItem *msg)
+{
+  int numLines = ((msg->len+7)/8);
+  char curBuffer[9], *cursor, string[2], hexVal[8];
+  char hexArray[25];
+  int i, j, numToCopy;
+
+  /*Try printing out 8 bytes at a time. */
+  LOG("\n**********************************************************\n");
+  LOG("About to pretty Print Message\n\n");
+  curBuffer[9] = '\0';
+  hexArray[24] = '\0';
+  hexVal[2] = '\0';
+  string[1] = '\0';
+  LOG("Header Info\n");
+  LOG("Message Type: ");
+  sprintf(hexArray, "%lx\n", msg->type);
+  LOG(hexArray);
+  LOG("Message Length: ");
+  sprintf (hexArray, "%ld\n\n", msg->len);
+  LOG(hexArray);
+  LOG("Body of Message\n");
+  for (i=0, cursor=msg->data; i<numLines; i++, cursor+=8) {
+    /* First copy over the buffer to our local array */
+    numToCopy = ((msg->len - (unsigned int)((unsigned long)cursor-(unsigned long)msg->data)) < 8) ?
+                msg->len - (unsigned int)((unsigned long)cursor-(unsigned long)msg->data) : 8;
+    memcpy(curBuffer, cursor, 8);
+    for (j=0;j<numToCopy;j++) {
+      string[0] = curBuffer[j];
+      if (isprint(curBuffer[j])) {
+	string[0] = curBuffer[j];
+      } else {
+	string[0] = ' ';
+      }
+      LOG(string);
+    }
+    string[0] = ' ';
+    for (;j<8;j++) {
+      LOG(string);
+    }
+    LOG("\t");
+    for (j=0; j<numToCopy; j++) {
+      sprintf (hexVal,"%.2x", 0x0ff & (unsigned short)curBuffer[j]);
+      LOG(hexVal);
+      LOG(" ");
+    }
+    LOG("\n");
+  }
+  LOG("Done Pretty Printing Message\n");
+  LOG("**********************************************************\n\n");
+}
+#endif
+
+CMTStatus CMT_ReadMessageDispatchEvents(PCMT_CONTROL control, CMTItem* message)
+{
+    CMTStatus status;
+    CMBool done = CM_FALSE;
+    CMUint32 msgCategory;
+    
+    /* We have to deal with other types of data on the socket and */
+    /* handle them accordingly */
+    while (!done) {
+    	status = CMT_ReceiveMessage(control, message);
+        if (status != CMTSuccess) {
+            goto loser;
+        }
+        msgCategory = (message->type & SSM_CATEGORY_MASK);
+        switch (msgCategory) {
+            case SSM_REPLY_OK_MESSAGE:
+                done = CM_TRUE;
+                break;
+            case SSM_REPLY_ERR_MESSAGE:
+                done = CM_TRUE;
+                break;
+            case SSM_EVENT_MESSAGE:
+                CMT_DispatchEvent(control, message);
+                break;
+            /* XXX FIX THIS!!! For the moment I'm ignoring all other types */
+            default:
+                break;
+        }
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_SendMessage(PCMT_CONTROL control, CMTItem* message)
+{
+	CMTStatus status;
+#ifdef PRINT_SEND_MESSAGES
+    LOG("About to print message sent to PSM\n");
+    prettyPrintMessage(message);
+#endif
+
+    /* Acquire lock on the control connection */
+    CMT_LOCK(control->mutex);
+
+    /* Try to send pending random data */
+    if (message->type != (SSM_REQUEST_MESSAGE | SSM_HELLO_MESSAGE))
+    {
+        /* If we've already said hello, then flush random data
+           just before sending the request. */
+        status = CMT_FlushPendingRandomData(control);
+        if (status != CMTSuccess)
+            goto loser;
+    }
+    
+	status = CMT_TransmitMessage(control, message);
+	if (status != CMTSuccess) {
+		goto loser;
+	}
+
+    if (CMT_ReadMessageDispatchEvents(control, message) != CMTSuccess) {
+        goto loser;
+    }
+    /* Release the control connection lock */
+    CMT_UNLOCK(control->mutex);
+	return CMTSuccess;
+loser:
+    /* Release the control connection lock */
+    CMT_UNLOCK(control->mutex);
+	return CMTFailure;
+}
+
+CMTStatus CMT_TransmitMessage(PCMT_CONTROL control, CMTItem * message)
+{
+    CMTMessageHeader header;
+	CMUint32 sent, rv;
+
+    /* Set up the message header */
+    header.type = htonl(message->type);
+    header.len = htonl(message->len);
+
+	/* Send the message header */
+	sent = CMT_WriteThisMany(control, control->sock, 
+                             (void *)&header, sizeof(CMTMessageHeader));
+	if (sent != sizeof(CMTMessageHeader)) {
+		goto loser;
+	}
+
+	/* Send the message body */
+	sent = CMT_WriteThisMany(control, control->sock, (void *)message->data, 
+                             message->len);
+	if (sent != message->len) {
+		goto loser;
+	}
+
+    /* Free the buffer */
+    free(message->data);
+    message->data = NULL;
+	return CMTSuccess;
+
+loser:
+	return CMTFailure;
+}
+
+CMTStatus CMT_ReceiveMessage(PCMT_CONTROL control, CMTItem * response)
+{
+    CMTMessageHeader header;
+    CMUint32 numread, rv;
+
+    /* Get the message header */
+    numread = CMT_ReadThisMany(control, control->sock, 
+                            (void *)&header, sizeof(CMTMessageHeader));
+    if (numread != sizeof(CMTMessageHeader)) {
+        goto loser;
+    }
+
+    response->type = ntohl(header.type);
+    response->len = ntohl(header.len);
+    response->data = (unsigned char *) malloc(response->len);
+    if (response->data == NULL) {
+        goto loser;
+    }
+
+    numread = CMT_ReadThisMany(control, control->sock, 
+                            (void *)(response->data), response->len); 
+    if (numread != response->len) {
+        goto loser;
+    }
+
+#ifdef PRINT_RECEIVE_MESSAGES
+    LOG("About to print message received from PSM.\n");
+    prettyPrintMessage(response);
+#endif /*PRINT_RECEIVE_MESSAGES*/
+    return CMTSuccess;
+loser:
+    if (response->data) {
+        free(response->data);
+    }
+    return CMTFailure;
+}
+
+CMUint32 CMT_ReadThisMany(PCMT_CONTROL control, CMTSocket sock, 
+                          void * buffer, CMUint32 thisMany)
+{
+	CMUint32 total = 0;
+  
+	while (total < thisMany) {
+		int got;
+		got = control->sockFuncs.recv(sock, (void*)((char*)buffer + total),
+                                      thisMany-total);
+		if (got < 0 ) {
+			break;
+		} 
+		total += got;
+	} 
+	return total;
+}
+ 
+CMUint32 CMT_WriteThisMany(PCMT_CONTROL control, CMTSocket sock, 
+                           void * buffer, CMUint32 thisMany)
+{
+	CMUint32 total = 0;
+  
+	while (total < thisMany) {
+		CMInt32 got;
+		got = control->sockFuncs.send(sock, (void*)((char*)buffer+total), 
+                                      thisMany-total);
+		if (got < 0) {
+			break;
+		}
+		total += got;
+	}
+	return total;
+}
+
+CMTItem* CMT_ConstructMessage(CMUint32 type, CMUint32 length)
+{
+    CMTItem * p;
+
+    p = (CMTItem*)malloc(sizeof(CMTItem));
+    if (!p) {
+	goto loser;
+    }
+
+    p->type = type;
+    p->len = length;
+    p->data = (unsigned char *) malloc(length);
+    if (!p->data) {
+	goto loser;
+    }
+    return p;
+
+loser:
+    CMT_FreeMessage(p);
+    return NULL;
+}
+
+void CMT_FreeMessage(CMTItem * p)
+{
+    if (p != NULL) {
+	if (p->data != NULL) {
+	    free(p->data);
+	}
+	free(p);
+    }
+}
+
+CMTStatus CMT_AddDataConnection(PCMT_CONTROL control, CMTSocket sock, 
+                                CMUint32 connectionID)
+{
+	PCMT_DATA ptr;
+
+	/* This is the first connection */
+	if (control->cmtDataConnections == NULL) {
+		control->cmtDataConnections = ptr = 
+            (PCMT_DATA)calloc(sizeof(CMT_DATA), 1);
+		if (!ptr) {
+			goto loser;
+		}
+	} else {
+	    /* Position at the last entry */
+	    for (ptr = control->cmtDataConnections; (ptr != NULL && ptr->next 
+                                                 != NULL); ptr = ptr->next);
+		ptr->next = (PCMT_DATA)calloc(sizeof(CMT_DATA), 1);
+		if (!ptr->next) {
+			goto loser;
+		} 
+		/* Fix up the pointers */
+		ptr->next->previous = ptr;
+		ptr = ptr->next;
+	}
+
+	/* Fill in the data */
+	ptr->sock = sock;
+	ptr->connectionID = connectionID;
+
+	return CMTSuccess;
+loser:
+	return CMTFailure;
+}
+
+int
+CMT_DestroyDataConnection(PCMT_CONTROL control, CMTSocket sock)
+{
+    PCMT_DATA ptr, pptr = NULL;
+    int rv=CMTSuccess;
+
+    if (!control) return rv;
+
+    control->sockFuncs.close(sock);
+    for (ptr = control->cmtDataConnections; ptr != NULL;
+	 pptr = ptr, ptr = ptr->next) {
+	if (ptr->sock == sock) {
+	    if (pptr == NULL) {
+		/* node is at head */
+		control->cmtDataConnections = ptr->next;
+		if (ptr->priv != NULL)
+		    ptr->priv->dest(ptr->priv);
+		free(ptr);
+		return rv;
+	    }
+	    /* node is elsewhere */
+	    pptr->next = ptr->next;
+	    if (ptr->priv != NULL)
+	        ptr->priv->dest(ptr->priv);
+	    free(ptr);
+	    return rv;
+	}
+    }
+    return rv;
+}
+
+CMTStatus CMT_CloseDataConnection(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    /* PCMT_DATA ptr, pptr = NULL; */
+    CMTSocket sock;
+    /* int rv;*/
+
+    /* Get the socket for this connection */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Free data connection associated with this socket */
+    if (CMT_DestroyDataConnection(control, sock) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_GetDataConnectionID(PCMT_CONTROL control, CMTSocket sock, CMUint32 * connectionID)
+{
+	PCMT_DATA ptr;
+
+	for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+		if (ptr->sock == sock) {
+			*connectionID = ptr->connectionID;
+			return CMTSuccess;
+		}
+	}
+
+	return CMTFailure;
+}
+
+CMTStatus CMT_GetDataSocket(PCMT_CONTROL control, CMUint32 connectionID, CMTSocket * sock)
+{
+	PCMT_DATA ptr;
+
+	for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+		if (ptr->connectionID == connectionID) {
+			*sock = ptr->sock;
+			return CMTSuccess;
+		}
+	}
+
+	return CMTFailure;
+}
+
+
+CMTStatus CMT_SetPrivate(PCMT_CONTROL control, CMUint32 connectionID,
+			 CMTPrivate *cmtpriv)
+{
+  PCMT_DATA ptr;
+
+  for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+    if (ptr->connectionID == connectionID) {
+      ptr->priv = cmtpriv;
+      return CMTSuccess;
+    }
+  }
+  return CMTFailure;
+}
+
+CMTPrivate *CMT_GetPrivate(PCMT_CONTROL control, CMUint32 connectionID)
+{
+  PCMT_DATA ptr;
+
+  for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+    if (ptr->connectionID == connectionID) {
+      return ptr->priv;
+    }
+  }
+  return NULL;
+}
+
+void CMT_FreeItem(CMTItem *p)
+{
+  CMT_FreeMessage(p);
+}
+
+CMTItem CMT_CopyPtrToItem(void* p)
+{
+    CMTItem value = {0, NULL, 0};
+
+    if (!p) {
+        return value;
+    }
+
+    value.len = sizeof(p);
+    value.data = (unsigned char *) malloc(value.len);
+    memcpy(value.data, &p, value.len);
+
+    return value;
+}
+
+void * CMT_CopyItemToPtr(CMTItem value)
+{
+    void * p = NULL;
+
+    if (value.len == sizeof(void*)) {
+        memcpy(&p, value.data, value.len);
+    }
+
+    return p;
+}
+
+CMTStatus CMT_ReferenceControlConnection(PCMT_CONTROL control)
+{    CMT_LOCK(control->mutex);
+    control->refCount++;
+    CMT_UNLOCK(control->mutex);
+    return CMTSuccess;
+}
+
+void
+CMT_LockConnection(PCMT_CONTROL control)
+{
+    CMT_LOCK(control->mutex);
+}
+
+void
+CMT_UnlockConnection(PCMT_CONTROL control)
+{
+    CMT_UNLOCK(control->mutex);
+}

mozilla/security/psm/lib/client/cmtutils.h

@@ -0,0 +1,77 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __CMTUTILS_H__
+#define __CMTUTILS_H__
+
+#include "cmtcmn.h"
+
+#define New(type) (type*)malloc(sizeof(type))
+#define NewArray(type, size) (type*)malloc(sizeof(type)*(size))
+
+PCMT_EVENT CMT_GetEventHandler(PCMT_CONTROL control, CMUint32 type,
+                               CMUint32 resourceID);
+
+CMUint32 cmt_Strlen(char *str);
+char *cmt_PackString(char *buf, char *str);
+char *cmt_UnpackString(char *buf, char **str);
+
+CMUint32 cmt_Bloblen(CMTItem* len);
+char *cmt_PackBlob(char *buf, CMTItem * blob);
+char *cmt_UnpackBlob(char *buf, CMTItem **blob);
+
+CMTStatus CMT_SendMessage(PCMT_CONTROL control, CMTItem* message);
+CMTStatus CMT_TransmitMessage(PCMT_CONTROL control, CMTItem * message);
+CMTStatus CMT_ReceiveMessage(PCMT_CONTROL control, CMTItem * response);
+CMTStatus CMT_ReadMessageDispatchEvents(PCMT_CONTROL control, 
+					CMTItem* message);
+CMUint32 CMT_ReadThisMany(PCMT_CONTROL control, CMTSocket sock, 
+			  void * buffer, CMUint32 thisMany);
+CMUint32 CMT_WriteThisMany(PCMT_CONTROL control, CMTSocket sock, 
+			   void * buffer, CMUint32 thisMany);
+CMTItem* CMT_ConstructMessage(CMUint32 type, CMUint32 length);
+void CMT_FreeMessage(CMTItem * p);
+CMTStatus CMT_AddDataConnection(PCMT_CONTROL control, CMTSocket sock, CMUint32 connectionID);
+CMTStatus CMT_GetDataConnectionID(PCMT_CONTROL control, CMTSocket sock, CMUint32 * connectionID);
+CMTStatus CMT_GetDataSocket(PCMT_CONTROL control, CMUint32 connectionID, CMTSocket * sock);
+CMTStatus CMT_CloseDataConnection(PCMT_CONTROL control, CMUint32 connectionID);
+CMTStatus CMT_SetPrivate(PCMT_CONTROL control, CMUint32 connectionID,
+			 CMTPrivate *cmtpriv);
+CMTPrivate *CMT_GetPrivate(PCMT_CONTROL control, CMUint32 connectionID);
+void CMT_ServicePasswordRequest(PCMT_CONTROL cm_control, CMTItem * requestData);
+void CMT_ProcessEvent(PCMT_CONTROL cm_control);
+void CMT_DispatchEvent(PCMT_CONTROL cm_control, CMTItem * eventData);
+CMTItem CMT_CopyPtrToItem(void* p);
+void * CMT_CopyItemToPtr(CMTItem value);
+
+#endif /* __CMTUTILS_H__ */
+

mozilla/security/psm/lib/client/config.mk

@@ -0,0 +1,44 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+PROGRAM        =
+

mozilla/security/psm/lib/client/makefile.win

@@ -0,0 +1,125 @@
+#// 
+#// The contents of this file are subject to the Mozilla Public
+#// License Version 1.1 (the "License"); you may not use this file
+#// except in compliance with the License. You may obtain a copy of
+#// the License at http://www.mozilla.org/MPL/
+#// 
+#// Software distributed under the License is distributed on an "AS
+#// IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+#// implied. See the License for the specific language governing
+#// rights and limitations under the License.
+#// 
+#// The Original Code is the Netscape security libraries.
+#// 
+#// The Initial Developer of the Original Code is Netscape
+#// Communications Corporation.  Portions created by Netscape are 
+#// Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+#// Rights Reserved.
+#// 
+#// Contributor(s):
+#// 
+#// Alternatively, the contents of this file may be used under the
+#// terms of the GNU General Public License Version 2 or later (the
+#// "GPL"), in which case the provisions of the GPL are applicable 
+#// instead of those above.  If you wish to allow use of your 
+#// version of this file only under the terms of the GPL and not to
+#// allow others to use your version of this file under the MPL,
+#// indicate your decision by deleting the provisions above and
+#// replace them with the notice and other provisions required by
+#// the GPL.  If you do not delete the provisions above, a recipient
+#// may use your version of this file under either the MPL or the
+#// GPL.
+#// 
+IGNORE_MANIFEST=1
+#//------------------------------------------------------------------------
+#//
+#// Makefile to build the ssl library
+#//
+#//------------------------------------------------------------------------
+
+!if "$(MOZ_BITS)" == "16"
+!ifndef MOZ_DEBUG
+OPTIMIZER=-Os -UDEBUG -DNDEBUG
+!endif
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Specify the depth of the current directory relative to the
+#// root of NS
+#//
+#//------------------------------------------------------------------------
+DEPTH= ..\..\..\..
+
+!ifndef MAKE_OBJ_TYPE
+MAKE_OBJ_TYPE=EXE
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Make Variables here: (ie. PDFFILE, MAPFILE, ...)
+#//
+#//------------------------------------------------------------------------
+LIBNAME=cmt
+PDBFILE=$(LIBNAME).pdb
+
+LINCS = -I$(PUBLIC)\security \
+	-I$(PUBLIC)\nspr \
+        -I$(DEPTH)\include \
+	-I..\include
+
+!ifndef OS_CONFIG
+OS_CONFIG = WIN$(MOZ_BITS)
+!endif
+
+LCFLAGS = -DEXPORT_VERSION -DLIB_BUILD
+
+#//------------------------------------------------------------------------
+#// 
+#// Define the files necessary to build the target (ie. OBJS)
+#//
+#//------------------------------------------------------------------------
+OBJS=                         \
+    .\$(OBJDIR)\cmtinit.obj  \
+    .\$(OBJDIR)\cmtssl.obj   \
+    .\$(OBJDIR)\cmtutils.obj  \
+    .\$(OBJDIR)\cmtpkcs7.obj \
+    .\$(OBJDIR)\cmthash.obj \
+    .\$(OBJDIR)\cmtcert.obj \
+    .\$(OBJDIR)\cmtres.obj \
+    .\$(OBJDIR)\cmtjs.obj \
+    .\$(OBJDIR)\cmtevent.obj \
+    .\$(OBJDIR)\cmtpasswd.obj \
+    .\$(OBJDIR)\cmtadvisor.obj \
+    .\$(OBJDIR)\cmtrng.obj \
+	.\$(OBJDIR)\cmtsdr.obj \
+    $(NULL)
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Targets here (ie. PROGRAM, LIBRARY, DLL, ...)
+#// (these must be defined before the common makefiles are included)
+#//
+#//------------------------------------------------------------------------
+LIBRARY=.\$(OBJDIR)\$(LIBNAME).lib
+
+#//------------------------------------------------------------------------
+#//
+#// install headers
+#//
+#//------------------------------------------------------------------------
+INSTALL_DIR=$(PUBLIC)\security
+INSTALL_FILE_LIST=cmtcmn.h cmtjs.h cmtclist.h
+
+#//------------------------------------------------------------------------
+#//
+#// Include the common makefile rules
+#//
+#//------------------------------------------------------------------------
+include <$(DEPTH)/config/rules.mak>
+
+install:: $(LIBRARY)
+    $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib
+
+export:: INSTALL_FILES
+

mozilla/security/psm/lib/client/manifest.mn

@@ -0,0 +1,64 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+CORE_DEPTH = ../../..
+DEPTH = ../../..
+
+EXPORTS = \
+	cmtcmn.h \
+	cmtjs.h  \
+	cmtclist.h \
+	$(NULL)
+
+MODULE = security
+
+CSRCS = cmtinit.c  \
+	cmtssl.c   \
+	cmtutils.c \
+	cmtcert.c  \
+	cmthash.c  \
+	cmtpkcs7.c \
+	cmtres.c   \
+	cmtjs.c    \
+	cmtevent.c \
+        cmtpasswd.c \
+	cmtadvisor.c \
+	cmtrng.c \
+	cmtsdr.c \
+	$(NULL)
+
+REQUIRES = nspr security
+
+LIBRARY_NAME = cmt
+
+INCLUDES += -I$(CORE_DEPTH)/include

mozilla/security/psm/lib/client/sample/Makefile

@@ -0,0 +1,128 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+ifneq ($(OS_ARCH), WINNT)
+ifeq ($(OS_ARCH), Linux)
+# On linux, we link with libstdc++
+CPLUSPLUSRUNTIME = -L /usr/lib -lstdc++ -lm
+else
+# libC, presumably, is what we must link with elsewhere
+CPLUSPLUSRUNTIME = -lC -lm
+endif
+endif
+
+ifeq ($(OS_ARCH), SunOS)
+ifeq ($(OS_RELEASE), 5.5.1)
+OS_LIBS += -ldl -lsocket -lnsl -lthread -lposix4
+endif
+ifeq ($(OS_RELEASE), 5.6)
+OS_LIBS += -ldl -lsocket -lnsl -lthread -lposix4
+endif
+endif
+
+ifeq ($(OS_ARCH), Linux)
+ifdef USE_PTHREADS
+# Replace OS_LIBS, because the order of libpthread, libdl, and libc are
+# very important. Otherwise you get horrible crashes.
+OS_LIBS = -lpthread -ldl -lc
+endif
+endif
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+ifeq ($(OS_ARCH), WINNT)
+LDFLAGS += /NODEFAULTLIB:library
+endif
+
+EXTRA_LIBS = \
+	$(DIST)/lib/$(LIB_PREFIX)cmt.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)protocol.$(LIB_SUFFIX) \
+	$(NULL)
+
+ifeq ($(OS_ARCH), WINNT)
+EXTRA_LIBS += 	wsock32.lib \
+		winmm.lib \
+		$(NULL)
+endif
+
+link:
+	if test -f $(PROGRAM); then	\
+		echo "rm $(PROGRAM)";	\
+		rm $(PROGRAM);		\
+	fi;				\
+	gmake				\
+
+build_sample:
+ifneq ($(OS_ARCH),WINNT)
+	cd $(CORE_DEPTH)/coreconf; gmake
+endif
+	cd $(CORE_DEPTH)/security; gmake import; gmake export
+	cd ../../protocol; gmake
+	cd ..; gmake
+	gmake
+

mozilla/security/psm/lib/client/sample/appsock.c

@@ -0,0 +1,250 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "appsock.h"
+
+#ifdef XP_UNIX
+#include <netinet/tcp.h>
+#include <errno.h>
+#endif
+
+CMT_SocketFuncs socketFuncs = {
+    APP_GetSocket,
+    APP_Connect,
+    APP_VerifyUnixSocket,
+    APP_Send,
+    APP_Select,
+    APP_Receive,
+    APP_Shutdown,
+    APP_Close
+};
+
+CMTSocket APP_GetSocket(int unixSock)
+{
+    APPSocket *sock;
+    int on = 1;
+
+#ifndef XP_UNIX
+    if (unixSock) {
+        return NULL;
+    }
+#endif
+
+    sock = malloc(sizeof(APPSocket));
+    if (sock == NULL) {
+        return NULL;
+    }
+    if (unixSock) {
+        sock->sock = socket(AF_UNIX, SOCK_STREAM, 0);
+    } else {
+        sock->sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    }
+    if (sock->sock < 0) {
+        free(sock);
+        return NULL;
+    }
+    if (!unixSock && 
+        setsockopt(sock->sock, IPPROTO_TCP, TCP_NODELAY, (const char*)&on,
+                   sizeof(on))) {
+        free(sock);
+        return NULL;
+    }
+
+    sock->isUnix = unixSock;
+#ifdef XP_UNIX
+    memset (&sock->servAddr, 0, sizeof(struct sockaddr_un));
+#endif
+    return (CMTSocket)sock;
+}
+
+CMTStatus APP_Connect(CMTSocket sock, short port, char *path)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+    struct sockaddr_in iServAddr;
+    const struct sockaddr *servAddr;
+    size_t addrLen;
+    int error;
+
+    if (cmSock->isUnix){
+#ifndef XP_UNIX
+        return CMTFailure;
+#else
+        cmSock->servAddr.sun_family = AF_UNIX;
+	memcpy(&cmSock->servAddr.sun_path, path, strlen(path)+1);
+        servAddr = (const struct sockaddr*)&cmSock->servAddr;
+        addrLen = sizeof(cmSock->servAddr);
+#endif
+    } else {
+        iServAddr.sin_family = AF_INET;
+        iServAddr.sin_port = htons(port);
+        iServAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+        servAddr = (const struct sockaddr*)&iServAddr;
+        addrLen = sizeof(struct sockaddr_in);
+    }
+    while (connect(cmSock->sock, servAddr, addrLen) != 0) {
+#ifdef WIN32
+        error = WSAGetLastError();
+        if (error == WSAEISCONN) {
+            break;
+        }
+        if ((error != WSAEINPROGRESS) && (error != WSAEWOULDBLOCK) && 
+            (error!= WSAEINVAL)) {
+            goto loser;
+        }
+#else
+        error = errno;
+        if (error == EISCONN) {
+            break;
+        }
+        if (error != EINPROGRESS) {
+            goto loser;
+        }
+#endif
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus APP_VerifyUnixSocket(CMTSocket sock)
+{
+#ifndef XP_UNIX
+    return CMTFailure;
+#else
+    APPSocket *cmSock = (APPSocket*)sock;
+    int rv;
+    struct stat statbuf;
+
+    if (!cmSock->isUnix) {
+        return CMTFailure;
+    }
+    rv = stat(cmSock->servAddr.sun_path, &statbuf);
+    if (rv < 0) {
+        goto loser;
+    }
+    if (statbuf.st_uid != geteuid()) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    close(cmSock->sock);
+    free(cmSock);
+    return CMTFailure;
+#endif
+}
+
+size_t APP_Send(CMTSocket sock, void *buffer, size_t length)
+{
+    APPSocket *cmSock = (APPSocket*) sock;
+
+    return send(cmSock->sock, buffer, length, 0);
+}
+
+CMTSocket APP_Select(CMTSocket *socks, int numsocks, int poll)
+{
+    APPSocket **sockArr = (APPSocket**)socks;
+    SOCKET nsocks = 0;
+    int i, rv;
+    struct timeval timeout;
+    fd_set readfds;
+
+#ifdef WIN32
+win_startover:
+#endif
+    FD_ZERO(&readfds);
+    for (i=0; i<numsocks; i++) {
+        FD_SET(sockArr[i]->sock, &readfds);
+        if (sockArr[i]->sock > nsocks) {
+            nsocks = sockArr[i]->sock;
+        }
+    }
+    if (poll) {
+        timeout.tv_sec = 0;
+        timeout.tv_usec = 0;
+    }
+    rv = select(nsocks+1, &readfds, NULL, NULL, (poll) ? &timeout : NULL);
+
+#ifdef WIN32
+    /* XXX Win95/98 Bug (Q177346)
+     *     select() with no timeout might return even if there is no data
+     *     pending or no error has occurred.  To get around this problem,
+     *     we loop if these erroneous conditions happen.
+     */
+    if (poll == 0 && rv == 0) {
+        goto win_startover;
+    }
+#endif
+
+    /* Figure out which socket was selected */
+    if (rv == -1 || rv == 0) {
+        goto loser;
+    }
+    for (i=0; i<numsocks; i++) {
+        if (FD_ISSET(sockArr[i]->sock, &readfds)) {
+            return (CMTSocket)sockArr[i];
+        }
+    }
+ loser:
+    return NULL;
+}
+
+size_t APP_Receive(CMTSocket sock, void *buffer, size_t bufSize)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+
+    return recv(cmSock->sock, buffer, bufSize, 0);
+}
+
+CMTStatus APP_Shutdown(CMTSocket sock)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+    int rv;
+
+    rv = shutdown(cmSock->sock, 1);
+    return (rv == 0) ? CMTSuccess : CMTFailure;
+}
+
+CMTStatus APP_Close(CMTSocket sock)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+    int rv;
+
+#ifdef XP_UNIX
+    rv = close(cmSock->sock);
+#else
+    rv = closesocket(cmSock->sock);
+#endif
+    free(cmSock);
+    return (rv == 0) ? CMTSuccess : CMTFailure;
+}

mozilla/security/psm/lib/client/sample/appsock.h

@@ -0,0 +1,69 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef _APPSOCK_H_
+#define _APPSOCK_H_
+#include "cmtcmn.h"
+
+#ifdef XP_UNIX
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+
+typedef int SOCKET;
+#endif
+
+typedef struct APPSocketStr {
+    SOCKET sock;
+    int    isUnix;
+#ifdef XP_UNIX
+    struct sockaddr_un servAddr;
+#endif 
+} APPSocket; 
+
+extern CMT_SocketFuncs socketFuncs;
+
+CMTStatus APP_Close(CMTSocket sock);
+CMTStatus APP_Shutdown(CMTSocket sock);
+size_t APP_Receive(CMTSocket sock, void *buffer, size_t bufSize);
+CMTSocket APP_Select(CMTSocket *socks, int numsocks, int poll);
+size_t APP_Send(CMTSocket sock, void *buffer, size_t length);
+CMTStatus APP_VerifyUnixSocket(CMTSocket sock);
+CMTStatus APP_Connect(CMTSocket sock, short port, char *path);
+CMTSocket APP_GetSocket(int unixSock);
+
+
+#endif /* _APPSOCK_H_ */

mozilla/security/psm/lib/client/sample/config.mk

@@ -0,0 +1,44 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(PROGRAM)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+LIBRARY        =
+

mozilla/security/psm/lib/client/sample/manifest.mn

@@ -0,0 +1,52 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+CORE_DEPTH = ../../../../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE	= cmtsample
+
+EXPORTS = \
+	$(NULL)
+
+CSRCS = \
+	sample.c \
+	appsock.c \
+	$(NULL)
+INCLUDES += -I../../protocol -I..
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = security
+
+PROGRAM  = cmtsample
+

mozilla/security/psm/lib/client/sample/sample.c

@@ -0,0 +1,346 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "cmtjs.h"
+#include "appsock.h"
+#include <stdarg.h>
+#include <string.h>
+
+#ifdef XP_UNIX
+#include <netdb.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#endif
+
+#ifdef WIN32
+#include <direct.h>
+#endif
+
+/*
+ * This is a simple program that tries to detect if the psm server is loaded.
+ * If the server is not loaded, it will start it.  The program will then 
+ * connect to the server and fetch an HTML page from an SSL server.
+ *
+ * NOTE: This sample program does not implement a mutex for the libraries.
+ * If implementing a threaded application, then pass in a mutex structure
+ * so that connections to the psm server happen in a thread safe manner.
+ */
+
+#define NUM_CONNECT_TRIES 10
+#define READ_BUFFER_SIZE  1024
+void
+usage(void)
+{
+    printf("Usage:\n"
+           "\tcmtsample <secure site>\n\n"
+           "This program will then echo the retrieved HTML to the screen\n");
+}
+
+void
+errorMessage(int err,char *msg, ...)
+{
+    va_list args;
+    
+    va_start(args, msg);
+    fprintf (stderr, "cmtSample%s: ", (err) ? " error" : "");
+    vfprintf (stderr, msg, args);
+    fprintf (stderr, "\n");
+    va_end(args);
+    if (err) {
+        exit (err);
+    }
+}
+
+#ifdef XP_UNIX
+#define FILE_PATH_SEPARATOR '/'
+#elif defined (WIN32)
+#define FILE_PATH_SEPARATOR '\\'
+#else
+#error Tell me what the file path separator is.
+#endif
+
+PCMT_CONTROL
+connect_to_psm(void)
+{
+    PCMT_CONTROL control=NULL;
+    char path[256], *tmp;
+
+#ifdef XP_UNIX
+    if (getcwd(path,256) == NULL) {
+      return NULL;
+    }
+#elif defined(WIN32)
+    if (_getcwd(path,256) == NULL) {
+      return NULL;
+    }
+#else
+#error Teach me how to get the current working directory.
+#endif
+    tmp = &path[strlen(path)];
+    sprintf(tmp,"%c%s", FILE_PATH_SEPARATOR, "psm");
+    return CMT_EstablishControlConnection(path, &socketFuncs, NULL);
+}
+
+#define HTTPS_STRING "https://"
+
+char*
+extract_host_from_url(char *url)
+{
+    char *start, *end, *retString=NULL;
+
+    while(isspace(*url)) {
+        url++;
+    }
+    url = strdup(url);
+    start = strstr(url, HTTPS_STRING);
+    if (start == NULL) {
+        return NULL;
+    }
+    start += strlen(HTTPS_STRING);
+    /*
+     * Figure out the end of the host name.
+     */
+    end = strchr(start, ':');
+    if (end != NULL) {
+        *end = '\0';
+    } else {
+        end = strchr(start, '/');
+        if (end != NULL) {
+            *end = '\0';
+        } else {
+            end = strchr(start, ' ');
+            if (end != NULL) {
+                *end = '\0';
+            }
+        }
+    }
+    retString = strdup(start);
+    return retString;
+}
+
+CMUint32
+get_port_from_url(char *url)
+{
+    char *colon, *port;
+
+    url = strdup(url);
+    colon = strrchr(url, ':');
+    if (colon == NULL ||
+        !isdigit(colon[1])) {
+        /* Return the default SSL port. */
+        free(url);
+        return 443;
+    }
+    colon++;
+    port = colon;
+    while(isdigit(*colon))
+        colon++;
+    colon[1] = '\0';
+    free(url);
+    return (CMUint32)atol(port);
+}
+
+char*
+extract_get_target(char *url)
+{
+    char *slash;
+
+    slash = strstr(url, "//");
+    slash += 2;
+    slash = strchr(slash, '/');
+    if (slash != NULL)
+        return strdup (slash);
+    else 
+        return strdup ("/");
+}
+
+/*
+ * We'll use this function for prompting for a password.
+ */
+char*
+passwordCallback(void *arg, char *prompt, void *cotext, int isPaswd)
+{
+    char input[256];
+    
+    printf(prompt);
+    fgets(input, 256, stdin);
+
+    return strdup(input);
+}
+
+void
+freeCallback(char *userInput)
+{
+  free (userInput);
+}
+
+#define NUM_PREFS 2
+
+int 
+main(int argc, char **argv)
+{
+  PCMT_CONTROL control;
+    CMTSocket sock, selSock;
+    char *hostname;
+    struct hostent *host;
+    char *ipAddress;
+    char buffer[READ_BUFFER_SIZE];
+    size_t bytesRead;
+    struct sockaddr_in destAddr;
+    char *getString;
+    char requestString[256];
+    char *profile;
+    CMTSetPrefElement prefs[NUM_PREFS];
+    char profileDir[256];
+
+#ifdef WIN32
+    WORD WSAVersion = 0x0101;
+    WSADATA WSAData;
+
+    WSAStartup (WSAVersion, &WSAData);
+#endif
+
+    if (argc < 2) {
+        usage();
+        return 1;
+    }
+    errorMessage (0,"cmtsample v1.0");
+    errorMessage (0,"Will try connecting to site %s", argv[1]);
+    if (strstr(argv[1], "https://") == NULL) {
+        errorMessage(2,"%s is not a secure site", argv[1]);
+    }
+    control = connect_to_psm();
+    if (control == NULL) {
+        errorMessage(3, "Could not connect to the psm server");
+    }
+    /* 
+     * Now we have to send the hello message.
+     */
+
+#ifdef WIN32
+    profile = strdup("default");
+    sprintf(profileDir,"%s", "c:\\default");
+#elif defined (XP_UNIX)
+    profile = getenv("LOGNAME");
+    sprintf(profileDir, "%s/.netscape", getenv("HOME"));
+#else
+#error Teach me how to fill in the user profile.
+#endif
+    if (CMT_Hello(control, PROTOCOL_VERSION,
+		  profile, profileDir) != CMTSuccess)
+    {
+        errorMessage(10, "Failed to send the Hello Message.");
+    }
+    CMT_SetPromptCallback(control, passwordCallback, NULL);
+    CMT_SetAppFreeCallback(control, freeCallback);
+    /*
+     * Now pass along some preferences to psm.  We'll pass hard coded
+     * ones here, but apps should figure out a way to manage their user's
+     * preferences.
+     */
+    prefs[0].key   = "security.enable_ssl2";
+    prefs[0].value = "true";
+    prefs[0].type  = CMT_PREF_BOOL;
+    prefs[1].key   = "security.enable_ssl3";
+    prefs[1].value = "true";
+    prefs[1].type  = CMT_PREF_BOOL;
+    CMT_PassAllPrefs(control, NUM_PREFS, prefs);
+    hostname = extract_host_from_url(argv[1]);
+    host = gethostbyname(hostname);
+    if (host == NULL) {
+        errorMessage(11, "gethostbyname for %s failed", hostname);
+    }
+    if (host->h_length != 4) {
+        errorMessage(4, "Site %s uses IV v6 socket.  Not supported by psm.");
+    }
+    
+    /* Create the socket we will use to get the decrypted data back from
+     * the psm server.
+     */
+    sock = APP_GetSocket(0);
+    if (sock == NULL) {
+        errorMessage(5, "Could not create new socket for communication with "
+                        "the psm server.");
+    }
+    memcpy(&(destAddr.sin_addr.s_addr), host->h_addr, host->h_length);
+    ipAddress = inet_ntoa(destAddr.sin_addr);
+    errorMessage(0, "Mapped %s to the following IP address: %s", argv[1],
+                 ipAddress);
+
+    if (CMT_OpenSSLConnection(control, sock, SSM_REQUEST_SSL_DATA_SSL,
+                              get_port_from_url(argv[1]), ipAddress, 
+                              hostname, CM_FALSE, NULL) != CMTSuccess) {
+        errorMessage(6, "Could not open SSL connection to %s.", argv[1]);
+    }
+
+    getString = extract_get_target(argv[1]);
+    sprintf(requestString, 
+            "GET %s HTTP/1.0\r\n"
+            "\r\n", getString, hostname);
+    APP_Send(sock, requestString, strlen(requestString));
+    /*
+     * Now all we have to do is sit here and fetch the data from the
+     * socket.
+     */
+    errorMessage (0, "About to print out the fetched page.");
+    while ((selSock=APP_Select(&sock, 1, 0)) != NULL) {
+        if (selSock == sock) {
+            bytesRead = APP_Receive(sock, buffer, READ_BUFFER_SIZE-1);
+            if (bytesRead == -1 || bytesRead == 0) {
+                break;
+            }
+            buffer[bytesRead] = '\0';
+            fprintf(stderr, buffer);
+        }
+    }
+    fprintf(stderr,"\n");
+    if (bytesRead == -1) {
+        errorMessage(7, "Error receiving decrypted data from psm.");
+    }
+    errorMessage(0, "Successfully read the entire page.");
+    if (CMT_DestroyDataConnection(control, sock) != CMTSuccess) {
+        errorMessage(8, "Error destroygin the SSL data connection "
+                     "with the psm server.");
+    }
+    if (CMT_CloseControlConnection(control) != CMTSuccess) {
+        errorMessage(9, "Error closing the control connection.");
+    }
+    return 0;
+}
+
+
+
+

mozilla/security/psm/lib/client/test.c

@@ -0,0 +1,99 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmt.h"
+
+CMTStatus myCallback(CMTControl * control, CMTItem * event, void * arg);
+
+int main(int argc, char ** argv)
+{
+  CMTItem * msg, * event = NULL;
+  CMTStatus status;
+  int socket, datasocket;
+  int sent;
+  CMTControl * connect;
+  char * buffer = "some weird text that I feel like passing to server";
+  
+  connect = CMT_ControlConnect(myCallback, event);
+  
+  msg = CMT_ConstructMessage(10);
+
+  msg->type = (int)CMTClientMessage;
+  sprintf((char *)msg->data, "first msg!");
+
+  status = CMT_SendMessage(connect, msg, event);
+  if (status != SECSuccess)
+    perror("CMT_SendMessage");
+  
+  CMT_FreeEvent(event);
+  event = NULL;
+
+  sprintf((char *)msg->data, "second msg");
+  status = CMT_SendMessage(connect, msg, event);
+  if (status != SECSuccess)
+    perror("CMT_SendMessage");
+
+  datasocket = CMT_DataConnect(connect, NULL);
+  if (datasocket < 0) 
+    perror("CMT_DataConnect");
+  
+  sent = write(datasocket, (void *)buffer, strlen(buffer));
+  sent = write(datasocket, (void *)buffer, strlen(buffer));
+
+  close(datasocket);
+  
+  msg->type = (int)CMTClientMessage;
+  sprintf((char *)msg->data, "third msg!");
+  status = CMT_SendMessage(connect, msg, event);
+  if (status != SECSuccess)
+    perror("CMT_SendMessage"); 
+  
+  status = CMT_CloseControlConnection(connect);
+  if (status != SECSuccess)
+    perror("CMT_CloseControl");
+  
+  CMT_FreeMessage(msg);
+  CMT_FreeEvent(event);
+}
+
+CMTStatus myCallback(CMTControl * control, CMTItem * event, void * arg)
+{
+  if (event) 
+    printf("Event received is : type %d, data %s\n", event->type, event->data);
+  else printf("No event!\n");
+  if (arg) 
+    printf("Arg is %s\n", (char *)arg);
+  else printf("No arg!\n");
+
+
+  return SECSuccess;
+}

mozilla/security/psm/lib/macbuild/PSMPrefix.h

@@ -0,0 +1,3 @@
+
+
+#include "MacPrefix.h"

mozilla/security/psm/lib/macbuild/PSMPrefix_debug.h

@@ -0,0 +1,2 @@
+
+#include "MacPrefix_debug.h"

mozilla/security/psm/lib/makefile.win

@@ -0,0 +1,27 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..
+include <$(DEPTH)/config/config.mak>
+
+DIRS = client protocol
+
+include <$(DEPTH)\config\rules.mak>

mozilla/security/psm/lib/manifest.mn

@@ -0,0 +1,43 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+#
+
+CORE_DEPTH = ../..
+DEPTH      = ../..
+
+DIRS = protocol client
+
+#
+# these dirs are not built at the moment
+#
+#NOBUILD_DIRS = jar

mozilla/security/psm/lib/nlslayer/Makefile.in

@@ -0,0 +1,56 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+LIBRARY_NAME = nlslayer
+MODULE = security
+
+EXPORTS = \
+	nlslayer.h \
+	$(NULL)
+
+CPPSRCS  = nlslayer.cpp \
+	 $(NULL)
+
+override NO_SHARED_LIB=1
+override NO_STATIC_LIB=
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/security/psm/lib/nlslayer/makefile.win

@@ -0,0 +1,45 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..\..
+
+include <$(DEPTH)\config\config.mak>
+
+LIBRARY_NAME=nlslayer
+
+CPPSRCS =				\
+	nlslayer.cpp		\
+	$(NULL)
+
+CPP_OBJS =					\
+	.\$(OBJDIR)\nlslayer.obj		\
+	$(NULL)
+
+MODULE=security
+
+LIBRARY_NAME = nlslayer
+LIBRARY=.\$(OBJDIR)\$(DLLNAME).dll
+
+include <$(DEPTH)\config\rules.mak>
+
+install:: $(LIBRARY)
+
+clobber::

mozilla/security/psm/lib/nlslayer/nlslayer.cpp

@@ -0,0 +1,343 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#include "nspr.h"
+#include "nscore.h"
+#include "nsString.h"
+#include "nsIServiceManager.h"
+#include "nsIStringBundle.h"
+#include "nsIDateTimeFormat.h"
+#include "nsDateTimeFormatCID.h"
+#include "nsICharsetConverterManager.h"
+extern "C" {
+#include "nlslayer.h"
+}
+
+static NS_DEFINE_IID(kStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
+static NS_DEFINE_IID(kIStringBundleServiceIID, NS_ISTRINGBUNDLESERVICE_IID);
+static NS_DEFINE_CID(kDateTimeCID, NS_DATETIMEFORMAT_CID);
+static NS_DEFINE_CID(kCharsetConverterManagerCID, NS_ICHARSETCONVERTERMANAGER_CID);
+
+static nsIUnicodeEncoder *encoderUTF8 = nsnull;
+static nsIUnicodeDecoder *decoderUTF8 = nsnull;
+
+static nsIUnicodeEncoder *encoderASCII = nsnull;
+static nsIUnicodeDecoder *decoderASCII = nsnull;
+
+#define TEXT_BUNDLE	    "resource:/ui/psm_text.properties"
+#define UI_BUNDLE		"resource:/ui/psm_ui.properties"
+#define BIN_BUNDLE		"resource:/ui/psm_bin.properties"
+#define DOC_BUNDLE		"resource:/ui/psm_doc.properties"
+
+extern "C" {
+static nsIStringBundle* nlsCreateBundle(char* bundleURL);
+static char* nlsGetUTF8StringFromBundle(nsIStringBundle *bundle, const char *name);
+static nsIStringBundle * bundles[4] = {NULL, NULL, NULL, NULL};
+}
+
+
+extern "C" PRBool nlsInit()
+{
+	nsICharsetConverterManager *ccm = nsnull;
+	nsAutoString charsetUTF8 = NS_ConvertASCIItoUCS2("UTF-8");
+	nsAutoString charsetASCII = NS_ConvertASCIItoUCS2("ISO-8859-1");
+	PRBool ret = PR_FALSE;
+	nsresult res;
+
+#if !defined(XP_MAC)
+	res = NS_InitXPCOM(NULL, NULL);
+	NS_ASSERTION( NS_SUCCEEDED(res), "NS_InitXPCOM failed" );
+
+	// Register components
+	res = nsComponentManager::AutoRegister(nsIComponentManager::NS_Startup,
+                                                 NULL /* default */);
+	if(NS_FAILED(res)) {
+		goto loser;
+	}
+#endif
+
+	// Create the bundles
+	bundles[0] = nlsCreateBundle(TEXT_BUNDLE);
+	bundles[1] = nlsCreateBundle(UI_BUNDLE);
+	bundles[2] = nlsCreateBundle(BIN_BUNDLE);
+	bundles[3] = nlsCreateBundle(DOC_BUNDLE);
+
+	// Create a unicode encoder and decoder
+	res = nsServiceManager::GetService(kCharsetConverterManagerCID,
+										NS_GET_IID(nsICharsetConverterManager),
+										(nsISupports**)&ccm);
+
+	if (NS_FAILED(res) || (nsnull == ccm)) {
+		goto loser;
+	}
+
+	res = ccm->GetUnicodeEncoder(&charsetUTF8, &encoderUTF8);
+	if (NS_FAILED(res) || (nsnull == encoderUTF8)) {
+		goto loser;
+	}
+
+	res = ccm->GetUnicodeDecoder(&charsetUTF8, &decoderUTF8);
+	if (NS_FAILED(res) || (nsnull == decoderUTF8)) {
+		goto loser;
+	}
+
+	res = ccm->GetUnicodeEncoder(&charsetASCII, &encoderASCII);
+	if (NS_FAILED(res) || (nsnull == encoderASCII)) {
+		goto loser;
+	}
+
+	res = ccm->GetUnicodeDecoder(&charsetASCII, &decoderASCII);
+	if (NS_FAILED(res) || (nsnull == decoderASCII)) {
+		goto loser;
+	}
+
+	ret = PR_TRUE;
+	goto done;
+loser:
+	NS_IF_RELEASE(bundles[0]);
+	NS_IF_RELEASE(bundles[1]);
+	NS_IF_RELEASE(bundles[2]);
+	NS_IF_RELEASE(bundles[3]);
+	NS_IF_RELEASE(encoderUTF8);
+	NS_IF_RELEASE(decoderUTF8);
+	NS_IF_RELEASE(encoderASCII);
+	NS_IF_RELEASE(decoderASCII);
+done:
+	return ret;
+}
+
+extern "C" nsIStringBundle* nlsCreateBundle(char* bundleURL)
+{
+	nsresult ret;
+	nsIStringBundleService *service = nsnull;
+	nsIStringBundle* bundle = nsnull;
+	nsILocale *locale = nsnull;
+
+	// Get the string bundle service
+	ret = nsServiceManager::GetService(kStringBundleServiceCID,
+										kIStringBundleServiceIID,
+										(nsISupports**)&service);
+	if (NS_FAILED(ret)) {
+		return NULL;
+	}
+
+	// Create the bundle
+	ret = service->CreateBundle(bundleURL, locale, &bundle);
+	if (NS_FAILED(ret)) {
+		return NULL;
+	}
+
+	NS_IF_RELEASE(service);
+
+	return bundle;
+}
+
+extern "C" char* nlsGetUTF8StringFromBundle(nsIStringBundle *bundle, const char *name)
+{
+	nsresult ret;
+
+	nsString key = NS_ConvertASCIItoUCS2(name);
+	nsString value;
+	PRUnichar * p = NULL;
+	ret = bundle->GetStringFromName(key.GetUnicode(), &p);
+	if (NS_FAILED(ret)) {
+		return NULL;
+	}
+	value = p;
+
+	// XXX This is a hack to get cr and lf chars in string. 
+	// See bug# 21418
+	value.ReplaceSubstring(NS_ConvertASCIItoUCS2("<psm:cr>"), NS_ConvertASCIItoUCS2("\r"));
+	value.ReplaceSubstring(NS_ConvertASCIItoUCS2("<psm:lf>"), NS_ConvertASCIItoUCS2("\n"));
+	return value.ToNewUTF8String();
+}
+
+extern "C" char* nlsGetUTF8String(const char *name)
+{
+	int i;
+	char *value = NULL;
+
+	for (i=0;i<4;i++) {
+		value = nlsGetUTF8StringFromBundle(bundles[i], name);
+		if (value) {
+			break;
+		}
+	}
+	return value;
+}
+
+extern "C" void * nlsNewDateFormat()
+{
+	nsIComponentManager *comMgr;
+	nsIDateTimeFormat *dateTimeFormat = nsnull;
+	nsresult rv;
+
+	rv = NS_GetGlobalComponentManager(&comMgr);
+	if (NS_FAILED(rv)) {
+		return NULL;
+	}
+	rv = comMgr->CreateInstance(kDateTimeCID, nsnull, NS_GET_IID(nsIDateTimeFormat), (void**)&dateTimeFormat);
+	if (NS_FAILED(rv)) {
+		return NULL;
+	}
+	return dateTimeFormat;
+}
+
+extern "C" void nlsFreeDateFormat(void * p)
+{
+	nsIDateTimeFormat *dateTimeFormat = (nsIDateTimeFormat*)p;
+
+	NS_IF_RELEASE(dateTimeFormat);
+}
+
+extern "C" char * nslPRTimeToUTF8String(void* p, PRInt64 t)
+{
+	nsIDateTimeFormat *dateTimeFormat = (nsIDateTimeFormat*)p;
+	nsString dateTime;
+	nsresult rv;
+
+	rv = dateTimeFormat->FormatPRTime(nsnull, kDateFormatShort, kTimeFormatNoSeconds, PRTime(t), dateTime);
+	if (NS_FAILED(rv)) {
+		return nsnull;
+	}
+
+	return dateTime.ToNewUTF8String();
+}
+
+extern "C" PRBool nlsUnicodeToUTF8(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen)
+{
+	PRBool ret = PR_FALSE;
+	nsIUnicodeEncoder *enc = encoderUTF8;
+	PRInt32 dstLength;
+	nsresult res;
+
+	res = enc->GetMaxLength((const PRUnichar *)inBuf, inBufBytes, &dstLength);
+	if (NS_FAILED(res) || (dstLength > maxOutBufLen)) {
+		goto loser;
+	}
+
+	res = enc->Convert((const PRUnichar *)inBuf, (PRInt32*)&inBufBytes, (char*)outBuf, &dstLength);
+	if (NS_FAILED(res)) {
+		goto loser;
+	}
+
+	outBuf[dstLength] = '\0';
+	*outBufLen = dstLength;
+	ret = PR_TRUE;
+
+loser:
+	return ret;
+}
+
+extern "C" PRBool nlsUTF8ToUnicode(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen)
+{
+	PRBool ret = PR_FALSE;
+	PRInt32 dstLength;
+	nsIUnicodeDecoder *dec = decoderUTF8;
+	nsresult res;
+
+	res = dec->GetMaxLength((const char*)inBuf, inBufBytes, &dstLength);
+	if (NS_FAILED(res) || (dstLength > maxOutBufLen)) {
+		goto loser;
+	}
+
+	res = dec->Convert((const char *)inBuf, (PRInt32*)&inBufBytes, (PRUnichar*)outBuf, &dstLength);
+	if (NS_FAILED(res)) {
+		goto loser;
+	}
+
+	*outBufLen = (unsigned int)dstLength*sizeof(PRUnichar);
+
+	ret = PR_TRUE;
+
+loser:
+	return ret;
+}
+
+extern "C" PRBool nlsUnicodeToASCII(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen)
+{
+	PRBool ret = PR_FALSE;
+	nsIUnicodeEncoder *enc = encoderASCII;
+	PRInt32 dstLength;
+	nsresult res;
+
+	res = enc->GetMaxLength((const PRUnichar *)inBuf, inBufBytes, &dstLength);
+	if (NS_FAILED(res) || (dstLength > maxOutBufLen)) {
+		goto loser;
+	}
+
+	res = enc->Convert((const PRUnichar *)inBuf, (PRInt32*)&inBufBytes, (char*)outBuf, &dstLength);
+	if (NS_FAILED(res)) {
+		goto loser;
+	}
+
+	outBuf[dstLength] = '\0';
+	*outBufLen = dstLength;
+	ret = PR_TRUE;
+
+loser:
+	return ret;
+}
+
+extern "C" PRBool nlsASCIIToUnicode(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen)
+{
+	PRBool ret = PR_FALSE;
+	PRInt32 dstLength;
+	nsIUnicodeDecoder *dec = decoderASCII;
+	nsresult res;
+
+	res = dec->GetMaxLength((const char*)inBuf, inBufBytes, &dstLength);
+	if (NS_FAILED(res) || (dstLength > maxOutBufLen)) {
+		goto loser;
+	}
+
+	res = dec->Convert((const char *)inBuf, (PRInt32*)&inBufBytes, (PRUnichar*)outBuf, &dstLength);
+	if (NS_FAILED(res)) {
+		goto loser;
+	}
+	*outBufLen = (unsigned int)dstLength*sizeof(PRUnichar) + 2; // Extra NULL characters
+	outBuf[*outBufLen] = NULL;
+	outBuf[*outBufLen - 1] = NULL;
+	ret = PR_TRUE;
+
+loser:
+	return ret;
+}

mozilla/security/psm/lib/nlslayer/nlslayer.h

@@ -0,0 +1,56 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#ifndef _NLSLAYER_H_
+#define _NLSLAYER_H_
+
+PRBool nlsInit();
+char* nlsGetUTF8String(const char *name);
+void * nlsNewDateFormat();
+void nlsFreeDateFormat(void * p);
+char * nslPRTimeToUTF8String(void* p, PRInt64 t);
+PRBool nlsUnicodeToUTF8(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen);
+PRBool nlsUTF8ToUnicode(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen);
+PRBool nlsUnicodeToASCII(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen);
+PRBool nlsASCIIToUnicode(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen);
+
+#endif /* _NLSLAYER_H_ */
+

mozilla/security/psm/lib/protocol/MANIFEST

@@ -0,0 +1,3 @@
+obscure.h
+rsrcids.h
+ssmdefs.h

mozilla/security/psm/lib/protocol/Makefile

@@ -0,0 +1,74 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include config.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+

mozilla/security/psm/lib/protocol/Makefile.in

@@ -0,0 +1,64 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+LIBRARY_NAME = protocol
+MODULE = security
+
+EXPORTS = \
+	protocol.h \
+	protocolf.h \
+	protocolport.h \
+	protocolnspr20.h \
+	protocolshr.h \
+	ssmdefs.h \
+	rsrcids.h \
+	messages.h \
+	newproto.h \
+	$(NULL)
+
+
+CSRCS  = newproto.c \
+	 templates.c \
+	 protocolshr.c \
+	 $(NULL)
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/security/psm/lib/protocol/config.mk

@@ -0,0 +1,44 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+PROGRAM        =
+

mozilla/security/psm/lib/protocol/makefile.win

@@ -0,0 +1,124 @@
+#// 
+#// The contents of this file are subject to the Mozilla Public
+#// License Version 1.1 (the "License"); you may not use this file
+#// except in compliance with the License. You may obtain a copy of
+#// the License at http://www.mozilla.org/MPL/
+#// 
+#// Software distributed under the License is distributed on an "AS
+#// IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+#// implied. See the License for the specific language governing
+#// rights and limitations under the License.
+#// 
+#// The Original Code is the Netscape security libraries.
+#// 
+#// The Initial Developer of the Original Code is Netscape
+#// Communications Corporation.  Portions created by Netscape are 
+#// Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+#// Rights Reserved.
+#// 
+#// Contributor(s):
+#// 
+#// Alternatively, the contents of this file may be used under the
+#// terms of the GNU General Public License Version 2 or later (the
+#// "GPL"), in which case the provisions of the GPL are applicable 
+#// instead of those above.  If you wish to allow use of your 
+#// version of this file only under the terms of the GPL and not to
+#// allow others to use your version of this file under the MPL,
+#// indicate your decision by deleting the provisions above and
+#// replace them with the notice and other provisions required by
+#// the GPL.  If you do not delete the provisions above, a recipient
+#// may use your version of this file under either the MPL or the
+#// GPL.
+#// 
+IGNORE_MANIFEST=1
+#//------------------------------------------------------------------------
+#//
+#// Makefile to build the ssl library
+#//
+#//------------------------------------------------------------------------
+
+!if "$(MOZ_BITS)" == "16"
+!ifndef MOZ_DEBUG
+OPTIMIZER=-Os -UDEBUG -DNDEBUG
+!endif
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Specify the depth of the current directory relative to the
+#// root of NS
+#//
+#//------------------------------------------------------------------------
+DEPTH= ..\..\..\..
+
+!ifndef MAKE_OBJ_TYPE
+MAKE_OBJ_TYPE=EXE
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Make Variables here: (ie. PDFFILE, MAPFILE, ...)
+#//
+#//------------------------------------------------------------------------
+LIBNAME=protocol
+PDBFILE=$(LIBNAME).pdb
+
+LINCS = -I$(PUBLIC)\security \
+	-I$(PUBLIC)\nspr \
+        -I$(DEPTH)\include \
+	-I..\include
+
+!ifndef OS_CONFIG
+OS_CONFIG = WIN$(MOZ_BITS)
+!endif
+
+LCFLAGS = -DEXPORT_VERSION -DLIB_BUILD
+
+#//------------------------------------------------------------------------
+#// 
+#// Define the files necessary to build the target (ie. OBJS)
+#//
+#//------------------------------------------------------------------------
+OBJS=                         \
+    .\$(OBJDIR)\newproto.obj  \
+    .\$(OBJDIR)\templates.obj \
+    .\$(OBJDIR)\protocolshr.obj \
+    $(NULL)
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Targets here (ie. PROGRAM, LIBRARY, DLL, ...)
+#// (these must be defined before the common makefiles are included)
+#//
+#//------------------------------------------------------------------------
+LIBRARY=.\$(OBJDIR)\$(LIBNAME).lib
+
+#//------------------------------------------------------------------------
+#//
+#// install headers
+#//
+#//------------------------------------------------------------------------
+INSTALL_DIR=$(PUBLIC)\security
+INSTALL_FILE_LIST= protocol.h \
+   protocolf.h \
+   protocolport.h \
+   protocolnspr20.h \
+   protocolshr.h \
+   ssmdefs.h \
+   rsrcids.h \
+   messages.h \
+   newproto.h \
+   $(NULL)
+
+#//------------------------------------------------------------------------
+#//
+#// Include the common makefile rules
+#//
+#//------------------------------------------------------------------------
+include <$(DEPTH)/config/rules.mak>
+
+install:: $(LIBRARY)
+    $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib
+
+export:: INSTALL_FILES
+

mozilla/security/psm/lib/protocol/manifest.mn

@@ -0,0 +1,65 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+CORE_DEPTH = ../../..
+
+EXPORTS = \
+	protocol.h \
+	protocolf.h \
+	protocolport.h \
+	protocolnspr20.h \
+	protocolshr.h \
+	ssmdefs.h \
+	rsrcids.h \
+	messages.h \
+	newproto.h \
+	$(NULL)
+
+MODULE = security
+CSRCS  = newproto.c \
+	 protocolshr.c \
+	 templates.c \
+	 $(NULL)
+
+ifeq ($(subst /,_,$(shell uname -s)),OS2)
+	CSRCS += os2_rand.c
+endif
+
+#	mac_rand.c
+#	unix_rand.c
+#	win_rand.c
+#	prelib.c
+
+REQUIRES = security dbm nspr
+
+LIBRARY_NAME = protocol

mozilla/security/psm/lib/protocol/messages.h

@@ -0,0 +1,620 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __MESSAGES_H__
+#define __MESSAGES_H__
+
+#include "newproto.h"
+
+typedef struct SingleNumMessage {
+  CMInt32 value;
+} SingleNumMessage;
+
+extern CMTMessageTemplate SingleNumMessageTemplate[];
+
+typedef struct SingleStringMessage {
+  char *string;
+} SingleStringMessage;
+
+extern CMTMessageTemplate SingleStringMessageTemplate[];
+
+typedef struct SingleItemMessage {
+  CMTItem item;
+} SingleItemMessage;
+
+extern CMTMessageTemplate SingleItemMessageTemplate[];
+
+typedef struct HelloRequest {
+  CMInt32 version;
+  CMInt32 policy;
+  CMBool doesUI;
+  char *profile;
+  char* profileDir;
+} HelloRequest;
+
+extern CMTMessageTemplate HelloRequestTemplate[];
+
+typedef struct HelloReply {
+  CMInt32 result;
+  CMInt32 sessionID;
+  CMInt32 version;
+  CMInt32 httpPort;
+  CMInt32 policy;
+  CMTItem nonce;
+  char *stringVersion;
+} HelloReply;
+
+extern CMTMessageTemplate HelloReplyTemplate[];
+
+typedef struct SSLDataConnectionRequest {
+  CMInt32 flags;
+  CMInt32 port;
+  char *hostIP;
+  char *hostName;
+  CMBool forceHandshake;
+  CMTItem clientContext;
+} SSLDataConnectionRequest;
+
+extern CMTMessageTemplate SSLDataConnectionRequestTemplate[];
+
+typedef struct TLSDataConnectionRequest {
+    CMInt32 port;
+    char* hostIP;
+    char* hostName;
+} TLSDataConnectionRequest;
+
+extern CMTMessageTemplate TLSDataConnectionRequestTemplate[];
+
+typedef struct TLSStepUpRequest {
+    CMUint32 connID;
+    CMTItem clientContext;
+} TLSStepUpRequest;
+
+extern CMTMessageTemplate TLSStepUpRequestTemplate[];
+
+typedef struct ProxyStepUpRequest {
+    CMUint32 connID;
+    CMTItem clientContext;
+    char* url;
+} ProxyStepUpRequest;
+
+extern CMTMessageTemplate ProxyStepUpRequestTemplate[];
+
+typedef struct PKCS7DataConnectionRequest {
+    CMUint32 resID;
+    CMTItem clientContext;
+} PKCS7DataConnectionRequest;
+
+extern CMTMessageTemplate PKCS7DataConnectionRequestTemplate[];
+
+typedef struct DataConnectionReply {
+  CMInt32 result;
+  CMInt32 connID;
+  CMInt32 port;
+} DataConnectionReply;
+
+extern CMTMessageTemplate DataConnectionReplyTemplate[];
+
+typedef struct UIEvent {
+  CMInt32 resourceID;
+  CMInt32 width;
+  CMInt32 height;
+  CMBool isModal;
+  char *url;
+  CMTItem clientContext;
+} UIEvent;
+
+extern CMTMessageTemplate UIEventTemplate[];
+extern CMTMessageTemplate OldUIEventTemplate[];
+
+typedef struct TaskCompletedEvent {
+  CMInt32 resourceID;
+  CMInt32 numTasks;
+  CMInt32 result;
+} TaskCompletedEvent;
+
+extern CMTMessageTemplate TaskCompletedEventTemplate[];
+
+typedef struct VerifyDetachedSigRequest {
+  CMInt32 pkcs7ContentID;
+  CMInt32 certUsage;
+  CMInt32 hashAlgID;
+  CMBool keepCert;
+  CMTItem hash;
+} VerifyDetachedSigRequest;
+
+extern CMTMessageTemplate VerifyDetachedSigRequestTemplate[];
+
+typedef struct CreateSignedRequest {
+  CMInt32 scertRID;
+  CMInt32 ecertRID;
+  CMInt32 dig_alg;
+  CMTItem digest;
+} CreateSignedRequest;
+
+extern CMTMessageTemplate CreateSignedRequestTemplate[];
+
+typedef struct CreateContentInfoReply {
+  CMInt32 ciRID;
+  CMInt32 result;
+  CMInt32 errorCode;
+} CreateContentInfoReply;
+
+extern CMTMessageTemplate CreateContentInfoReplyTemplate[];
+
+typedef struct CreateEncryptedRequest {
+  CMInt32 scertRID;
+  CMInt32 nrcerts;
+  CMInt32 *rcertRIDs;
+} CreateEncryptedRequest;
+
+extern CMTMessageTemplate CreateEncryptedRequestTemplate[];
+
+typedef struct CreateResourceRequest {
+  CMInt32 type;
+  CMTItem params;
+} CreateResourceRequest;
+
+extern CMTMessageTemplate CreateResourceRequestTemplate[];
+
+typedef struct CreateResourceReply {
+  CMInt32 result;
+  CMInt32 resID;
+} CreateResourceReply;
+
+extern CMTMessageTemplate CreateResourceReplyTemplate[];
+
+typedef struct GetAttribRequest {
+  CMInt32 resID;
+  CMInt32 fieldID;
+} GetAttribRequest;
+
+extern CMTMessageTemplate GetAttribRequestTemplate[];
+
+typedef struct GetAttribReply {
+  CMInt32 result;
+  SSMAttributeValue value;
+} GetAttribReply;
+
+extern CMTMessageTemplate GetAttribReplyTemplate[];
+
+typedef struct SetAttribRequest {
+  CMInt32 resID;
+  CMInt32 fieldID;
+  SSMAttributeValue value;
+} SetAttribRequest;
+
+extern CMTMessageTemplate SetAttribRequestTemplate[];
+
+typedef struct PickleResourceReply {
+    CMInt32 result;
+    CMTItem blob;
+} PickleResourceReply;
+
+extern CMTMessageTemplate PickleResourceReplyTemplate[];
+
+typedef struct UnpickleResourceRequest {
+  CMInt32 resourceType;
+  CMTItem resourceData;
+} UnpickleResourceRequest;
+
+extern CMTMessageTemplate UnpickleResourceRequestTemplate[];
+
+typedef struct UnpickleResourceReply {
+    CMInt32 result;
+    CMInt32 resID;
+} UnpickleResourceReply;
+
+extern CMTMessageTemplate UnpickleResourceReplyTemplate[];
+
+typedef struct PickleSecurityStatusReply {
+    CMInt32 result;
+    CMInt32 securityLevel;
+    CMTItem blob;
+} PickleSecurityStatusReply;
+
+extern CMTMessageTemplate PickleSecurityStatusReplyTemplate[];
+
+typedef struct DupResourceReply {
+    CMInt32 result;
+    CMUint32 resID;
+} DupResourceReply;
+
+extern CMTMessageTemplate DupResourceReplyTemplate[];
+
+typedef struct DestroyResourceRequest {
+  CMInt32 resID;
+  CMInt32 resType;
+} DestroyResourceRequest;
+
+extern CMTMessageTemplate DestroyResourceRequestTemplate[];
+
+typedef struct VerifyCertRequest {
+  CMInt32 resID;
+  CMInt32 certUsage;
+} VerifyCertRequest;
+
+extern CMTMessageTemplate VerifyCertRequestTemplate[];
+
+typedef struct AddTempCertToDBRequest {
+  CMInt32 resID;
+  char *nickname;
+  CMInt32 sslFlags;
+  CMInt32 emailFlags;
+  CMInt32 objSignFlags;
+} AddTempCertToDBRequest;
+
+extern CMTMessageTemplate AddTempCertToDBRequestTemplate[];
+
+typedef struct MatchUserCertRequest {
+  CMInt32 certType;
+  CMInt32 numCANames;
+  char **caNames;
+} MatchUserCertRequest;
+
+extern CMTMessageTemplate MatchUserCertRequestTemplate[];
+
+typedef struct MatchUserCertReply {
+  CMInt32 numCerts;
+  CMInt32 *certs;
+} MatchUserCertReply;
+
+extern CMTMessageTemplate MatchUserCertReplyTemplate[];
+
+typedef struct EncodeCRMFReqRequest {
+    CMInt32 numRequests;
+    CMInt32 * reqIDs;
+} EncodeCRMFReqRequest;
+
+extern CMTMessageTemplate EncodeCRMFReqRequestTemplate[];
+
+typedef struct CMMFCertResponseRequest {
+    char *nickname;
+    char *base64Der;
+    CMBool doBackup;
+    CMTItem clientContext;
+} CMMFCertResponseRequest;
+
+extern CMTMessageTemplate CMMFCertResponseRequestTemplate[];
+
+typedef struct PasswordRequest {
+    CMInt32 tokenKey;
+    char *prompt;
+    CMTItem clientContext;
+} PasswordRequest;
+
+extern CMTMessageTemplate PasswordRequestTemplate[];
+
+typedef struct PasswordReply {
+    CMInt32 result;
+    CMInt32 tokenID;
+    char * passwd;
+} PasswordReply;
+
+extern CMTMessageTemplate PasswordReplyTemplate[];
+
+typedef struct KeyPairGenRequest {
+    CMInt32 keyGenCtxtID;
+    CMInt32 genMechanism;
+    CMInt32 keySize;
+    CMTItem params;
+} KeyPairGenRequest;
+
+extern CMTMessageTemplate KeyPairGenRequestTemplate[];
+
+typedef struct DecodeAndCreateTempCertRequest {
+    CMInt32 type;
+    CMTItem cert;
+} DecodeAndCreateTempCertRequest;
+
+extern CMTMessageTemplate DecodeAndCreateTempCertRequestTemplate[];
+
+typedef struct GenKeyOldStyleRequest {
+    char *choiceString;
+    char *challenge;
+    char *typeString;
+    char *pqgString;
+} GenKeyOldStyleRequest;
+
+extern CMTMessageTemplate GenKeyOldStyleRequestTemplate[];
+
+typedef struct GenKeyOldStyleTokenRequest {
+    CMInt32 rid;
+    CMInt32 numtokens;
+    char ** tokenNames;
+} GenKeyOldStyleTokenRequest;
+
+extern CMTMessageTemplate GenKeyOldStyleTokenRequestTemplate[];
+
+typedef struct GenKeyOldStyleTokenReply {
+    CMInt32 rid;
+    CMBool cancel;
+    char * tokenName;
+} GenKeyOldStyleTokenReply;
+
+extern CMTMessageTemplate GenKeyOldStyleTokenReplyTemplate[];
+
+typedef struct GenKeyOldStylePasswordRequest {
+    CMInt32 rid;
+    char * tokenName;
+    CMBool internal;
+    CMInt32 minpwdlen;
+    CMInt32 maxpwdlen;
+} GenKeyOldStylePasswordRequest;
+
+extern CMTMessageTemplate GenKeyOldStylePasswordRequestTemplate[];
+
+typedef struct GenKeyOldStylePasswordReply {
+    CMInt32 rid;
+    CMBool cancel;
+    char * password;
+} GenKeyOldStylePasswordReply;
+
+extern CMTMessageTemplate GenKeyOldStylePasswordReplyTemplate[];
+
+typedef struct GetKeyChoiceListRequest {
+    char *type;
+    char *pqgString;
+} GetKeyChoiceListRequest;
+
+extern CMTMessageTemplate GetKeyChoiceListRequestTemplate[];
+
+typedef struct GetKeyChoiceListReply {
+    CMInt32 nchoices;
+    char **choices;
+} GetKeyChoiceListReply;
+
+extern CMTMessageTemplate GetKeyChoiceListReplyTemplate[];
+
+typedef struct AddNewSecurityModuleRequest {
+    char *moduleName;
+    char *libraryPath;
+    CMInt32 pubMechFlags;
+    CMInt32 pubCipherFlags;
+} AddNewSecurityModuleRequest;
+
+extern CMTMessageTemplate AddNewSecurityModuleRequestTemplate[];
+
+typedef struct FilePathRequest {
+    CMInt32 resID;
+    char *prompt;
+    CMBool getExistingFile;
+    char *fileRegEx;
+} FilePathRequest;
+
+extern CMTMessageTemplate FilePathRequestTemplate[];
+
+typedef struct FilePathReply {
+    CMInt32 resID;
+    char *filePath;
+} FilePathReply;
+
+extern CMTMessageTemplate FilePathReplyTemplate[];
+
+typedef struct PasswordPromptReply {
+    CMInt32 resID;
+    char *promptReply;
+} PasswordPromptReply;
+
+extern CMTMessageTemplate PasswordPromptReplyTemplate[];
+
+typedef struct SignTextRequest {
+    CMInt32 resID;
+    char *stringToSign;
+    char *hostName;
+    char *caOption;
+    CMInt32 numCAs;
+    char** caNames;
+} SignTextRequest;
+
+extern CMTMessageTemplate SignTextRequestTemplate[];
+
+typedef struct GetLocalizedTextReply {
+    CMInt32 whichString;
+    char *localizedString;
+} GetLocalizedTextReply;
+
+extern CMTMessageTemplate GetLocalizedTextReplyTemplate[];
+
+typedef struct ImportCertReply {
+    CMInt32 result;
+    CMInt32 resID;
+} ImportCertReply;
+
+extern CMTMessageTemplate ImportCertReplyTemplate[];
+
+typedef struct PromptRequest {
+    CMInt32 resID;
+    char *prompt;
+    CMTItem clientContext;
+} PromptRequest;
+
+extern CMTMessageTemplate PromptRequestTemplate[];
+
+typedef struct PromptReply {
+    CMInt32 resID;
+    CMBool cancel;
+    char *promptReply;
+} PromptReply;
+
+extern CMTMessageTemplate PromptReplyTemplate[];
+
+typedef struct RedirectCompareReqeust {
+    CMTItem socketStatus1Data;
+    CMTItem socketStatus2Data;
+} RedirectCompareRequest;
+
+extern CMTMessageTemplate RedirectCompareRequestTemplate[];
+
+typedef struct DecodeAndAddCRLRequest {
+    CMTItem  derCrl;
+    CMUint32 type;
+    char *url;
+} DecodeAndAddCRLRequest;
+
+extern CMTMessageTemplate DecodeAndAddCRLRequestTemplate[];
+
+typedef struct SecurityAdvisorRequest {
+    CMInt32 infoContext;
+    CMInt32 resID;
+    char * hostname;
+	char * senderAddr;
+    CMUint32 encryptedP7CInfo;
+    CMUint32 signedP7CInfo;
+    CMInt32 decodeError;
+    CMInt32 verifyError;
+	CMBool encryptthis;
+	CMBool signthis;
+	CMInt32 numRecipients;
+	char ** recipients;
+} SecurityAdvisorRequest;
+
+extern CMTMessageTemplate SecurityAdvisorRequestTemplate[];
+
+/* "SecurityConfig" javascript related message templates */
+typedef struct SCAddTempCertToPermDBRequest {
+    CMTItem certKey;
+    char* trustStr;
+    char* nickname;
+} SCAddTempCertToPermDBRequest;
+
+extern CMTMessageTemplate SCAddTempCertToPermDBRequestTemplate[];
+
+typedef struct SCDeletePermCertsRequest {
+    CMTItem certKey;
+    CMBool deleteAll;
+} SCDeletePermCertsRequest;
+
+extern CMTMessageTemplate SCDeletePermCertsRequestTemplate[];
+
+typedef struct TimeMessage {
+    CMInt32 year;
+    CMInt32 month;
+    CMInt32 day;
+    CMInt32 hour;
+    CMInt32 minute;
+    CMInt32 second;
+} TimeMessage;
+
+extern CMTMessageTemplate TimeMessageTemplate[];
+
+typedef struct CertEnumElement {
+    char* name;
+    CMTItem certKey;
+} CertEnumElement;
+
+typedef struct SCCertIndexEnumReply {
+      int length;
+      CertEnumElement* list;
+} SCCertIndexEnumReply;
+
+extern CMTMessageTemplate SCCertIndexEnumReplyTemplate[];
+
+/* Test message */
+typedef struct TestListElement {
+	char * name;
+	char * value;
+} TestListElement;
+
+typedef struct TestList {
+	char *listName;
+	int numElements;
+	TestListElement *elements;
+} TestList;
+
+extern CMTMessageTemplate TestListTemplate[];
+
+/* Preference-related structs */
+typedef struct SetPrefElement {
+    char* key;
+    char* value;
+    CMInt32 type;
+} SetPrefElement;
+
+typedef struct SetPrefListMessage {
+    int length;
+    SetPrefElement* list;
+} SetPrefListMessage;
+
+extern CMTMessageTemplate SetPrefListMessageTemplate[];
+
+typedef struct GetPrefElement {
+    char* key;
+    CMInt32 type;
+} GetPrefElement;
+
+typedef struct GetPrefListRequest {
+    int length;
+    GetPrefElement* list;
+} GetPrefListRequest;
+
+extern CMTMessageTemplate GetPrefListRequestTemplate[];
+
+typedef struct GetCertExtension {
+    CMUint32 resID;
+    CMUint32 extension;
+} GetCertExtension;
+
+extern CMTMessageTemplate GetCertExtensionTemplate[];
+
+typedef struct HTMLCertInfoRequest {
+    CMUint32 certID;
+    CMUint32 showImages;
+    CMUint32 showIssuer;
+} HTMLCertInfoRequest;
+
+extern CMTMessageTemplate HTMLCertInfoRequestTemplate[];
+
+typedef struct EncryptRequestMessage
+{
+  CMTItem keyid;  /* May have length 0 for default */
+  CMTItem data;
+  CMTItem ctx;  /* serialized void* ptr */
+} EncryptRequestMessage;
+
+extern CMTMessageTemplate EncryptRequestTemplate[];
+
+typedef struct SingleItemMessage EncryptReplyMessage;
+#define EncryptReplyTemplate SingleItemMessageTemplate
+
+typedef struct DecryptRequestMessage
+{
+  CMTItem data;
+  CMTItem ctx;  /* serialized void* ptr */
+} DecryptRequestMessage;
+extern CMTMessageTemplate DecryptRequestTemplate[];
+
+typedef struct SingleItemMessage DecryptReplyMessage;
+#define DecryptReplyTemplate SingleItemMessageTemplate
+
+#endif /* __MESSAGES_H__ */

mozilla/security/psm/lib/protocol/newproto.c

@@ -0,0 +1,629 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include <string.h>
+#include <assert.h>
+#ifdef WIN32
+#include <winsock.h>
+#endif
+#ifdef XP_MAC
+#include "macsocket.h"
+#endif
+#ifdef XP_UNIX
+#include "sys/types.h"
+#include "netinet/in.h" /* for ntohl & htonl */
+#endif
+#ifdef XP_OS2_EMX
+#include <sys/param.h>
+#endif
+#ifdef XP_OS2_VACPP
+#include <utils.h>
+#endif
+#ifdef XP_BEOS
+#include "ByteOrder.h"
+#endif
+
+#include "newproto.h"
+
+char SSMVersionString[] = "1.2";
+
+CMT_Alloc_fn cmt_alloc = malloc;
+CMT_Free_fn cmt_free = free;
+
+#define ASSERT(x) assert(x)
+
+#define CM_ntohl ntohl
+#define CM_htonl htonl
+
+char* SSM_GetVersionString(void)
+{
+    char *newString;
+    int strLen;
+
+    strLen = strlen(SSMVersionString);
+    newString = (char*)malloc(sizeof(char)*(strLen+1));
+    if (newString) {
+        memcpy(newString,SSMVersionString, strlen(SSMVersionString));
+        newString[strLen]='\0';
+    }
+    return newString;
+}
+
+
+/*************************************************************
+ *
+ * CMT_Init
+ *
+ *
+ ************************************************************/
+void
+CMT_Init(CMT_Alloc_fn allocfn, CMT_Free_fn freefn)
+{
+    cmt_alloc = allocfn;
+    cmt_free = freefn;
+}
+
+static CMTStatus
+decode_int(unsigned char **curptr, void *dest, CMInt32 *remaining)
+{
+    CMInt32 datalen = sizeof(CMInt32);
+
+    if (*remaining < datalen)
+        return CMTFailure;
+    *(CMInt32 *)dest = ntohl(**(CMInt32 **)curptr);
+    *remaining -= datalen;
+    *curptr += datalen;
+    return CMTSuccess;
+}
+
+static CMTStatus
+decode_string(unsigned char **curptr, CMInt32 *len,
+              unsigned char **data, CMInt32 *remaining)
+{
+    CMTStatus rv;
+    CMInt32 datalen;
+
+    rv = decode_int(curptr, len, remaining);
+    if (rv != CMTSuccess)
+        return CMTFailure;
+
+    /* NULL string */
+    if (*len == 0) {
+        *data = NULL;
+        goto done;
+    }
+
+    datalen = (*len + 3) & ~3;
+    if (*remaining < datalen)
+        return CMTFailure;
+
+    *data = (unsigned char *) cmt_alloc(*len + 1);
+    if (*data == NULL)
+        return CMTFailure;
+
+    memcpy(*data, *curptr, *len);
+    (*data)[*len] = 0;
+    *remaining -= datalen;
+    *curptr += datalen;
+done:
+    return CMTSuccess;
+}
+
+/*************************************************************
+ * CMT_DecodeMessage
+ *
+ * Decode msg into dest as specified by tmpl.
+ *
+ ************************************************************/
+CMTStatus
+CMT_DecodeMessage(CMTMessageTemplate *tmpl, void *dest, CMTItem *msg)
+{
+    unsigned char *curptr, *destptr, *list;
+	void ** ptr;
+    CMInt32 remaining, len, choiceID = 0, listSize, listCount = 0;
+    CMBool inChoice = CM_FALSE, foundChoice = CM_FALSE, inList = CM_FALSE;
+    CMInt32 listItemSize = 0;
+    CMTStatus rv = CMTSuccess;
+	CMTMessageTemplate *startOfList, *p;
+	CMBool inStructList = CM_FALSE;
+
+    curptr = msg->data;
+    remaining = msg->len;
+
+    while(tmpl->type != CMT_DT_END) {
+        /* XXX Maybe this should be a more formal state machine? */
+        if (inChoice) {
+            if (tmpl->type == CMT_DT_END_CHOICE) {
+                if (!foundChoice)
+                    goto loser;
+                inChoice = CM_FALSE;
+                foundChoice = CM_FALSE;
+                tmpl++;
+                continue;
+            }
+            if (choiceID != tmpl->choiceID) {
+                tmpl++;
+                continue;  /* Not this option */
+            } else {
+                foundChoice = CM_TRUE;
+            }
+        }
+        if (inList) {
+            destptr = &list[listCount * listItemSize];
+            listCount++;
+        } else {
+			if (inStructList) {
+				destptr = tmpl->offset + list;
+			} else {
+				destptr = tmpl->offset + (unsigned char *)dest;
+			}
+        }
+        switch (tmpl->type) {
+          case CMT_DT_RID:
+          case CMT_DT_INT:
+          case CMT_DT_BOOL:
+            rv = decode_int(&curptr, destptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_STRING:
+            rv = decode_string(&curptr, &len, (unsigned char **)destptr,
+                               &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_ITEM:
+            rv = decode_string(&curptr, (long *) &((CMTItem *)destptr)->len,
+                               &((CMTItem *)destptr)->data, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_LIST:
+            /* XXX This is too complicated */
+            rv = decode_int(&curptr, destptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            listSize = *(CMInt32 *)destptr;
+            tmpl++;
+            if (tmpl->type == CMT_DT_STRING) {
+                listItemSize = sizeof(unsigned char *);
+            } else if (tmpl->type == CMT_DT_ITEM) {
+                listItemSize = sizeof(CMTItem);
+            } else {
+                listItemSize = sizeof(CMInt32);
+            }
+            if (listSize == 0) {
+                list = NULL;
+            } else {
+                list = (unsigned char *) cmt_alloc(listSize * listItemSize);
+            }
+            *(void **)(tmpl->offset + (unsigned char *)dest) = list;
+            inList = CM_TRUE;
+            listCount = 0;
+            break;
+          case CMT_DT_STRUCT_LIST:
+            /* XXX This is too complicated */
+            rv = decode_int(&curptr, destptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            listSize = *(CMInt32 *)destptr;
+            tmpl++;
+			if (tmpl->type != CMT_DT_STRUCT_PTR) {
+				goto loser;
+			}
+			ptr = (void**)(tmpl->offset + (unsigned char *)dest);
+			startOfList = tmpl;
+			p = tmpl;
+			listItemSize = 0;
+			while (p->type != CMT_DT_END_STRUCT_LIST) {
+				if (p->type == CMT_DT_STRING) {
+					listItemSize += sizeof(unsigned char *);
+				} else if (p->type == CMT_DT_ITEM) {
+					listItemSize += sizeof(CMTItem);
+				} else if (p->type == CMT_DT_INT) {
+	                listItemSize += sizeof(CMInt32);
+		        }
+				p++;
+			}
+            if (listSize == 0) {
+                list = NULL;
+            } else {
+                list = (unsigned char *) cmt_alloc(listSize * listItemSize);
+            }
+            *ptr = list;
+            inStructList = CM_TRUE;
+            listCount = 0;
+            break;
+		  case CMT_DT_END_STRUCT_LIST:
+			listCount++;
+			if (listCount == listSize) {
+				inStructList = CM_FALSE;
+			} else {
+				list += listItemSize;
+				tmpl = startOfList;
+			}
+			break;
+          case CMT_DT_CHOICE:
+            rv = decode_int(&curptr, destptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            choiceID = *(CMInt32 *)destptr;
+            inChoice = CM_TRUE;
+            foundChoice = CM_FALSE;
+            break;
+          case CMT_DT_END_CHOICE: /* Loop should exit before we see these. */
+          case CMT_DT_END:
+          default:
+            ASSERT(0);
+            break;
+        }
+        if (inList) {
+            if (listCount == listSize) {
+                inList = CM_FALSE;
+                tmpl++;
+            }
+        } else {
+            tmpl++;
+        }
+    }
+loser:
+    /* Free the data buffer */
+    if (msg->data) {
+        cmt_free(msg->data);
+        msg->data = NULL;
+    }
+    return rv;
+}
+
+static CMTStatus
+calc_msg_len(CMTMessageTemplate *tmpl, void *src, CMInt32 *len_out)
+{
+    CMInt32 len = 0, choiceID = 0, listSize, listItemSize, listCount;
+    unsigned char *srcptr, *list;
+    CMBool inChoice = CM_FALSE, inList = CM_FALSE, foundChoice = CM_FALSE;
+	CMTMessageTemplate *startOfList, *p;
+	CMBool inStructList = CM_FALSE;
+
+    while(tmpl->type != CMT_DT_END) {
+        if (inChoice) {
+            if (tmpl->type == CMT_DT_END_CHOICE) {
+                if (!foundChoice)
+                    goto loser;
+                inChoice = CM_FALSE;
+                foundChoice = CM_FALSE;
+                tmpl++;
+                continue;
+            }
+            if (choiceID != tmpl->choiceID) {
+                tmpl++;
+                continue;  /* Not this option */
+            } else {
+                foundChoice = CM_TRUE;
+            }
+        }
+        if (inList) {
+            srcptr = &list[listCount * listItemSize];
+            listCount++;
+        } else if (inStructList) {
+			srcptr = tmpl->offset + list;
+		} else {
+            srcptr = tmpl->offset + (unsigned char *)src;
+        }
+        switch(tmpl->type) {
+          case CMT_DT_RID:
+          case CMT_DT_INT:
+          case CMT_DT_BOOL:
+            len += sizeof(CMInt32);
+            break;
+          case CMT_DT_STRING:
+            len += sizeof(CMInt32);
+            /* Non NULL string */
+            if (*(char**)srcptr) {
+                len += (strlen(*(char**)srcptr) + 4) & ~3;
+            }
+            break;
+          case CMT_DT_ITEM:
+            len += sizeof(CMInt32);
+            len += (((CMTItem *)srcptr)->len + 3) & ~3;
+            break;
+          case CMT_DT_LIST:
+            len += sizeof(CMInt32);
+            listSize = *(CMInt32 *)srcptr;
+            tmpl++;
+            if (tmpl->type == CMT_DT_STRING) {
+                listItemSize = sizeof(unsigned char *);
+            } else if (tmpl->type == CMT_DT_ITEM) {
+                listItemSize = sizeof(CMTItem);
+            } else {
+                listItemSize = sizeof(CMInt32);
+            }
+            list = *(unsigned char **)(tmpl->offset + (unsigned char *)src);
+            listCount = 0;
+            inList = CM_TRUE;
+            break;
+		  case CMT_DT_STRUCT_LIST:
+			len += sizeof(CMInt32);
+			listSize = *(CMInt32 *)srcptr;
+			tmpl++;
+			if (tmpl->type != CMT_DT_STRUCT_PTR) {
+				goto loser;
+			}
+			list = *(unsigned char**)(tmpl->offset + (unsigned char*)src);
+			startOfList = tmpl;
+			p = tmpl;
+			listItemSize = 0;
+			while (p->type != CMT_DT_END_STRUCT_LIST) {
+				if (p->type == CMT_DT_STRING) {
+					listItemSize += sizeof(unsigned char *);
+				} else if (p->type == CMT_DT_ITEM) {
+					listItemSize += sizeof(CMTItem);
+				} else if (p->type == CMT_DT_INT) {
+					listItemSize += sizeof(CMInt32);
+				}
+				p++;
+			}
+			listCount = 0;
+			inStructList = CM_TRUE;
+			break;
+		  case CMT_DT_END_STRUCT_LIST:
+			listCount++;
+			if (listCount == listSize) {
+				inStructList = CM_FALSE;
+			} else {
+				list += listItemSize;
+				tmpl = startOfList;
+			}
+			break;
+          case CMT_DT_CHOICE:
+            len += sizeof(CMInt32);
+            choiceID = *(CMInt32 *)srcptr;
+            inChoice = CM_TRUE;
+            foundChoice = CM_FALSE;
+            break;
+          case CMT_DT_END_CHOICE: /* Loop should exit before we see these. */
+          case CMT_DT_END:
+          default:
+            ASSERT(0);
+            break;
+        }
+        if (inList) {
+            if (listCount == listSize) {
+                inList = CM_FALSE;
+                tmpl++;
+            }
+        } else {
+            tmpl++;
+        }
+    }
+    *len_out = len;
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+static CMTStatus
+encode_int(unsigned char **curptr, void *src, CMInt32 *remaining)
+{
+    CMInt32 datalen = sizeof(CMInt32);
+
+    if (*remaining < datalen)
+        return CMTFailure;
+    **(CMInt32 **)curptr = CM_htonl(*(CMInt32 *)src);
+    *remaining -= datalen;
+    *curptr += datalen;
+    return CMTSuccess;
+}
+
+static CMTStatus
+encode_string(unsigned char **curptr, CMInt32 len,
+              unsigned char *data, CMInt32 *remaining)
+{
+    CMTStatus rv;
+    CMInt32 datalen;
+
+    rv = encode_int(curptr, &len, remaining);
+    if (rv != CMTSuccess)
+        return CMTFailure;
+
+    /* NULL string */
+    if (len == 0) {
+        goto done;
+    }
+
+    datalen = (len + 3) & ~3;
+    if (*remaining < datalen)
+        return CMTFailure;
+
+    memcpy(*curptr, data, len);
+    *remaining -= datalen;
+    *curptr += datalen;
+done:
+    return CMTSuccess;
+}
+
+/*************************************************************
+ * CMT_EncodeMessage
+ *
+ * Encode src into msg as specified by tmpl.
+ *
+ ************************************************************/
+CMTStatus
+CMT_EncodeMessage(CMTMessageTemplate *tmpl, CMTItem *msg, void *src)
+{
+    CMInt32 choiceID = 0, listSize, listItemSize, listCount, remaining;
+    unsigned char *srcptr, *curptr, *list;
+    CMBool inChoice = CM_FALSE, inList = CM_FALSE, foundChoice = CM_FALSE;
+    CMTStatus rv = CMTSuccess;
+	CMTMessageTemplate *startOfList, *p;
+	CMBool inStructList = CM_FALSE;
+
+    rv = calc_msg_len(tmpl, src, (long *) &msg->len);
+    if (rv != CMTSuccess)
+        goto loser;
+    curptr = msg->data = (unsigned char *) cmt_alloc(msg->len);
+    if(msg->data == NULL)
+        goto loser;
+    remaining = msg->len;
+
+    while(tmpl->type != CMT_DT_END) {
+        if (inChoice) {
+            if (tmpl->type == CMT_DT_END_CHOICE) {
+                if (!foundChoice)
+                    goto loser;
+                inChoice = CM_FALSE;
+                foundChoice = CM_FALSE;
+                tmpl++;
+                continue;
+            }
+            if (choiceID != tmpl->choiceID) {
+                tmpl++;
+                continue;  /* Not this option */
+            } else {
+                foundChoice = CM_TRUE;
+            }
+        }
+        if (inList) {
+            srcptr = &list[listCount * listItemSize];
+            listCount++;
+        } else {
+			if (inStructList) {
+				srcptr = tmpl->offset + list;
+			} else {
+				srcptr = tmpl->offset + (unsigned char *)src;
+			}
+        }
+        switch(tmpl->type) {
+          case CMT_DT_RID:
+          case CMT_DT_INT:
+          case CMT_DT_BOOL:
+            rv = encode_int(&curptr, srcptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_STRING:
+             if (*(char**)srcptr) {
+                 /* Non NULL string */
+                 rv = encode_string(&curptr, (long) strlen(*(char**)srcptr), 
+                 	                *(unsigned char**)srcptr, &remaining);
+             } else {
+                 /* NULL string */
+                 rv = encode_string(&curptr, 0L, *(unsigned char**)srcptr, &remaining);
+             }
+             if (rv != CMTSuccess)
+                goto loser;
+             break;
+          case CMT_DT_ITEM:
+            rv = encode_string(&curptr, ((CMTItem *)srcptr)->len,
+                               ((CMTItem *)srcptr)->data, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_LIST:
+            rv = encode_int(&curptr, srcptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            listSize = *(CMInt32 *)srcptr;
+            tmpl++;
+            if (tmpl->type == CMT_DT_STRING) {
+                listItemSize = sizeof(unsigned char *);
+            } else if (tmpl->type == CMT_DT_ITEM) {
+                listItemSize = sizeof(CMTItem);
+            } else {
+                listItemSize = sizeof(CMInt32);
+            }
+            list = *(unsigned char **)(tmpl->offset + (unsigned char *)src);
+            listCount = 0;
+            inList = CM_TRUE;
+            break;
+		  case CMT_DT_STRUCT_LIST:
+            rv = encode_int(&curptr, srcptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            listSize = *(CMInt32 *)srcptr;
+			tmpl++;
+			if (tmpl->type != CMT_DT_STRUCT_PTR) {
+				goto loser;
+			}
+			list = *(unsigned char**)(tmpl->offset + (unsigned char*)src);
+			startOfList = tmpl;
+			p = tmpl;
+			listItemSize = 0;
+			while (p->type != CMT_DT_END_STRUCT_LIST) {
+				if (p->type == CMT_DT_STRING) {
+					listItemSize += sizeof(unsigned char *);
+				} else if (p->type == CMT_DT_ITEM) {
+					listItemSize += sizeof(CMTItem);
+				} else if (p->type == CMT_DT_INT) {
+					listItemSize += sizeof(CMInt32);
+				}
+				p++;
+			}
+			listCount = 0;
+			inStructList = CM_TRUE;
+			break;
+		  case CMT_DT_END_STRUCT_LIST:
+			listCount++;
+			if (listCount == listSize) {
+				inStructList = CM_FALSE;
+			} else {
+				list += listItemSize;
+				tmpl = startOfList;
+			}
+			break;
+          case CMT_DT_CHOICE:
+            rv = encode_int(&curptr, srcptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            choiceID = *(CMInt32 *)srcptr;
+            inChoice = CM_TRUE;
+            foundChoice = CM_FALSE;
+            break;
+          case CMT_DT_END_CHOICE: /* Loop should exit before we see these. */
+          case CMT_DT_END:
+          default:
+            ASSERT(0);
+            break;
+        }
+        if (inList) {
+            if (listCount == listSize) {
+                inList = CM_FALSE;
+                tmpl++;
+            }
+        } else {
+            tmpl++;
+        }
+    }
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}

mozilla/security/psm/lib/protocol/newproto.h

@@ -0,0 +1,102 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __NEWPROTO_H__
+#define __NEWPROTO_H__
+
+#include <stdlib.h>
+#include "ssmdefs.h"
+
+typedef enum CMTDataType {
+    CMT_DT_END,
+    CMT_DT_RID,
+    CMT_DT_INT,
+    CMT_DT_BOOL,
+    CMT_DT_STRING,
+    CMT_DT_ITEM,
+    CMT_DT_LIST,
+    CMT_DT_CHOICE,
+    CMT_DT_END_CHOICE,
+	CMT_DT_STRUCT_LIST,
+	CMT_DT_END_STRUCT_LIST,
+	CMT_DT_STRUCT_PTR
+} CMTDataType;
+
+typedef struct CMTMessageTemplate {
+    CMTDataType type;
+    CMUint32 offset;
+    CMInt32 validator;
+    CMInt32 choiceID;
+} CMTMessageTemplate;
+
+typedef struct CMTMessageHeader {
+    CMInt32 type;
+    CMInt32 len;
+} CMTMessageHeader;
+
+typedef void *(* CMT_Alloc_fn) (size_t size);
+typedef void (* CMT_Free_fn)(void * ptr);
+
+extern CMT_Alloc_fn cmt_alloc;
+extern CMT_Free_fn cmt_free;
+
+/*************************************************************
+ *
+ * CMT_Init
+ *
+ *
+ ************************************************************/
+void
+CMT_Init(CMT_Alloc_fn allocfn, CMT_Free_fn freefn);
+
+/*************************************************************
+ * CMT_DecodeMessage
+ *
+ * Decode msg into dest as specified by tmpl.
+ *
+ ************************************************************/
+CMTStatus
+CMT_DecodeMessage(CMTMessageTemplate *tmpl, void *dest, CMTItem *msg);
+
+
+/*************************************************************
+ * CMT_EncodeMessage
+ *
+ * Encode src into msg as specified by tmpl.
+ *
+ ************************************************************/
+CMTStatus
+CMT_EncodeMessage(CMTMessageTemplate *tmpl, CMTItem *msg, void *src);
+
+
+#endif /* __NEWPROTO_H__ */

mozilla/security/psm/lib/protocol/obsample.c

@@ -0,0 +1,187 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/* SAMPLE CODE
+** Illustrates use of SSMObscure object methods.
+**
+** Author:  Nelson Bolyard	June 1999
+*/
+
+#include <stdio.h>
+#include "obscure.h"
+
+
+/* On error, returns -1.
+** On success, returns non-negative number of unobscured bytes in buf
+int
+RecvInitObscureData(int fd, SSMObscureObject * obj, void * buf, int bufSize )
+{
+    SSMObscureBool done = 0;
+
+    do {
+	int cc;
+	int rv;
+	cc = read(fd, buf, bufSize);
+	if (cc <= 0)
+	    return -1;
+	rv = SSMObscure_RecvInit(obj, buf, cc, &done);
+    } while (!done);
+    return rv;
+}
+
+
+/* returns -1 on error, 0 on success. */
+int
+SendInitObscureData(int fd, SSMObscureObject * obj)
+{
+    unsigned char * initBuf = NULL;
+    int             rv      = -1;
+
+    do {
+	int bufLen;
+	int len;
+	int cc;
+
+	bufLen = SSMObscure_SendInit(obj, NULL);
+	if (bufLen <= 0)
+	    break;
+
+	initBuf = malloc(bufLen);
+	if (!initBuf)
+	    break;
+
+	len = SSMObscure_SendInit(obj, initBuf);
+	if (len != bufLen)
+	    break;
+
+	cc = write(fd, initBuf, len);
+
+	/* Note, this code assumes a blocking socket, 
+	** and hence doesn't deal with short writes.
+	*/
+	if (cc < len) 
+	    break;
+
+    	rv = 0;
+
+    } while (0);
+
+    if (initBuf) {
+	free(initBuf);
+    	initBuf = NULL;
+    }
+    return rv;
+}
+
+/* This is like write, but it obscures the data first. */
+/* This code assumes a blocking socket, and so it doesn't handle short 
+** writes.
+*/
+int 
+obscuredWrite(SSMObscureObject * obj, int fd, void * buf, int len)
+{
+    int rv;
+    int cc;
+
+    cc = SSMObscure_Send(obj, buf, len);
+    if (cc <= 0)
+    	return cc;
+    rv = write(fd, buf, cc);
+    ASSERT(rv == cc || rv < 0);
+    return rv;
+}
+
+/* This is like read, but it unobscures the data after reading it. */
+int 
+obscuredRead(SSMObscureObject * obj, int fd, void * buf, int len)
+{
+    int rv;
+    int cc;
+
+    do {
+	cc = read(fd, buf, len);
+	if (cc <= 0)
+	    return cc;
+	rv = SSMObscure_Recv(obj, buf, len);
+    } while (rv == 0);
+    return rv;
+}
+
+SSMObscureObject * sobj;
+unsigned char buf[8192];
+
+/* Call this with fd for socket that has just been accepted.
+** returns -1 on error, 
+** On success, returns non-negative number of bytes received in buf. 
+*/
+int
+InitClientObscureObject(int fd) 
+{
+    int rv;
+
+    sobj = SSMObscure_Create(0);
+    if (!sobj)
+    	return -1;
+
+    rv = SendInitObscureData(fd, sobj);
+    if (rv < 0)
+    	return rv;
+
+    rv = RecvInitObscureData(fd, sobj, buf, sizeof buf);
+    return rv;
+}
+
+/* Call this with fd for socket that has just been connected.
+** returns -1 on error, 
+** On success, returns non-negative number of bytes received in buf. 
+*/
+int
+InitServerObscureObject(int fd)
+{
+    int cc;
+
+    sobj = SSMObscure_Create(1);
+    if (!sobj)
+    	return -1;
+
+    cc = RecvInitObscureData(fd, sobj, buf, sizeof buf);
+    if (cc < 0) 
+    	return cc;
+
+
+    rv = SendInitObscureData(fd, sobj);
+    if (rv < 0)
+    	return rv;
+
+    return cc;
+}
+

mozilla/security/psm/lib/protocol/obscure.c

@@ -0,0 +1,136 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include <stdlib.h>
+#include "obspriv.h"
+#include "newproto.h"
+
+
+/* 
+** Create a new Obscuring object 
+*/
+SSMObscureObject * 
+SSMObscure_Create(SSMObscureBool IsServer)
+{
+    SSMObscureObject * obj;
+    void *             priv;
+
+    obj = (SSMObscureObject *) cmt_alloc(sizeof *obj);
+    if (!obj)
+    	return obj;
+    /* This needs to be a little more elegant */
+    priv = SSMObscure_InitPrivate(obj, IsServer);
+    if (!priv) {
+    	cmt_free(obj);
+	return NULL;
+    }
+    obj->privData = priv;
+    return obj;
+}
+
+
+/* Prepare initial buffer with initial message to send to other side to 
+** establish cryptographic * synchronization.
+**
+** If buf is NULL, function returns the size of the buffer that 
+** the caller needs to allocate for sending the initial message.
+** 
+** If buf is non-null, function returns the number of bytes of data filled 
+** into buf, the amount that the caller should then send to the other side.
+**
+*/
+int 
+SSMObscure_SendInit( SSMObscureObject * obj, void * buf)
+{
+    int rv;
+    rv = obj->sendInit(obj->privData, buf);
+    return rv;
+}
+
+/* 
+** Obscure "len" bytes in "buf" before sending it. 
+*/
+int 
+SSMObscure_Send(	SSMObscureObject * obj, 
+			void *             buf, 
+			unsigned int       len)
+{
+    int rv;
+    rv = obj->send(obj->privData, buf, len);
+    return rv;
+}
+
+/* 
+** UnObscure "len" bytes in "buf" after receiving it. 
+** This function may absorb some or all of the received bytes, leaving 
+** fewer bytes (possibly none) in the buffer for the application to use 
+** than were in the buffer when the function was called.
+** Function returns the number of bytes of unobscured data remaining in
+** buf.  Zero means all data was used internally and no data remains 
+** for application use. Negative number means error occurred.
+*/
+int 
+SSMObscure_Recv(	SSMObscureObject * obj, 
+			void *             buf, 
+			unsigned int       len)
+{
+    int rv;
+    rv = obj->recv(obj->privData, buf, len);
+    return rv;
+}
+
+/* like _Recv, but returns a flag telling when all initialization info has
+** been received.
+*/
+int 
+SSMObscure_RecvInit(	SSMObscureObject * obj, 
+			void *             buf, 
+			unsigned int       len,
+			SSMObscureBool   * done)
+{
+    int rv;
+    rv = obj->recvInit(obj->privData, buf, len, done);
+    return rv;
+}
+
+/* 
+** Destroy the Obscure Object 
+*/
+int 
+SSMObscure_Destroy(SSMObscureObject * obj)
+{
+    int rv;
+    rv = obj->destroy(obj->privData);
+    cmt_free(obj);
+    return rv;
+}
+

mozilla/security/psm/lib/protocol/obscure.h

@@ -0,0 +1,98 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __obscure_h__
+#define __obscure_h__ 1
+#ifdef __cplusplus
+extern "C" {
+#endif
+typedef unsigned char SSMObscureBool;
+
+typedef struct SSMObscureObjectStr 	SSMObscureObject;
+
+/* 
+** Create a new Obscuring object 
+*/
+extern SSMObscureObject * SSMObscure_Create(SSMObscureBool IsServer);
+
+
+/* Prepare initial buffer with initial message to send to other side to 
+** establish cryptographic * synchronization.
+**
+** If buf is NULL, function returns the size of the buffer that 
+** the caller needs to allocate for sending the initial message.
+** 
+** If buf is non-null, function returns the number of bytes of data filled 
+** into buf, the amount that the caller should then send to the other side.
+**
+*/
+extern int SSMObscure_SendInit( SSMObscureObject * obj,
+				void *             buf);
+
+/* 
+** Obscure "len" bytes in "buf" before sending it. 
+*/
+extern int SSMObscure_Send(	SSMObscureObject * obj, 
+                            	void *             buf, 
+				unsigned int       len);
+
+/* 
+** UnObscure "len" bytes in "buf" after receiving it. 
+** This function may absorb some or all of the received bytes, leaving 
+** fewer bytes (possibly none) in the buffer for the application to use 
+** than were in the buffer when the function was called.
+** Function returns the number of bytes of unobscured data remaining in
+** buf.  Zero means all data was used internally and no data remains 
+** for application use. Negative number means error occurred.
+*/
+extern int SSMObscure_Recv(	SSMObscureObject * obj, 
+                                void *             buf, 
+				unsigned int       len);
+
+/* like _Recv, but returns a flag telling when all initialization info has
+** been received.
+*/
+extern int SSMObscure_RecvInit(	SSMObscureObject * obj, 
+                                void *             buf, 
+				unsigned int       len,
+				SSMObscureBool   * done);
+
+/* 
+** Destroy the Obscure Object 
+*/
+extern int SSMObscure_Destroy(SSMObscureObject * obj);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __obscure_h__ */

mozilla/security/psm/lib/protocol/obspriv.c

@@ -0,0 +1,115 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "obspriv.h"
+#include "newproto.h"
+#include <string.h>
+#include <assert.h>
+#include <time.h>
+
+/* 
+   Originally this code was used to obscure the control messages
+   traveling between processes. With the relaxation of export rules,
+   this whole step is no longer necessary, and is included for
+   informational purposes only. (We need to finish removing the 
+   obscuring code.)
+*/
+struct obscureNOPStr {
+    SSMObscureObject * obj;
+};
+
+typedef struct obscureNOPStr obscureV1;
+
+static int 
+ssmObscure_Destroy(void * privData)
+{
+    obscureV1 * priv = (obscureV1 *)privData;
+
+    memset(priv, 0, sizeof *priv);
+    cmt_free(priv);
+    return 0;
+}
+
+static int
+ssmObscure_Send(void * privData, void * buf, unsigned int len)
+{
+    /* obscureV1 *  priv 		= (obscureV1 *)privData;*/
+
+    /* NOP */
+    return len;
+}
+
+static int    
+ssmObscure_Recv(void * privData, void * buf, unsigned int len)
+{
+    /*obscureV1 *  priv 		= (obscureV1 *)privData;*/
+
+    /* NOP */
+    return len;
+}
+
+static int    
+ssmObscure_SendInit(void * privData, void * buf)
+{
+    /*obscureV1 *      priv = (obscureV1 *)privData;*/
+
+    return 0;
+}
+
+static int    
+ssmObscure_RecvInit(void * privData, void * buf, unsigned int len,
+                    SSMObscureBool * pDone)
+{
+    return 0;
+}
+
+static void *
+ssmObscure_InitPrivate(SSMObscureObject * obj, SSMObscureBool IsServer)
+{
+    obscureV1 *   priv 		= (obscureV1 *) cmt_alloc(sizeof (obscureV1));
+
+    if (!priv)
+    	return NULL;
+
+    priv->obj        = obj;
+
+    obj->privData  = (void *)priv;
+    obj->destroy  = ssmObscure_Destroy;
+    obj->send     = ssmObscure_Send;
+    obj->recv     = ssmObscure_Recv;
+    obj->sendInit = ssmObscure_SendInit;
+    obj->recvInit = ssmObscure_RecvInit;
+    
+    return priv;
+}
+
+obsInitFn SSMObscure_InitPrivate = ssmObscure_InitPrivate;

mozilla/security/psm/lib/protocol/obspriv.h

@@ -0,0 +1,63 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "obscure.h"
+
+typedef void * (* obsInitFn)    (SSMObscureObject * instance, 
+                                 SSMObscureBool     IsServer);
+typedef int    (* obsDestroyFn) (void * priv);
+typedef int    (* obsSendFn)    (void * priv, void * buf, unsigned int len);
+typedef int    (* obsRecvFn)    (void * priv, void * buf, unsigned int len);
+typedef int    (* obsSendInitFn)(void * priv, void * buf);
+typedef int    (* obsRecvInitFn)(void * priv, void * buf, unsigned int len,
+                                 SSMObscureBool * done);
+
+struct SSMObscureObjectStr {
+    void *	  privData;
+    obsDestroyFn  destroy;
+    obsSendFn     send;
+    obsRecvFn     recv;
+    obsSendInitFn sendInit;
+    obsRecvInitFn recvInit;
+};
+
+
+/* This is common to the beginning of all versions of the obscuring protocol */
+struct SSMInitMsgHdrStr {
+    short	version;
+    short	length;
+};
+
+typedef struct SSMInitMsgHdrStr SSMInitMsgHdr;
+
+extern obsInitFn SSMObscure_InitPrivate;
+

mozilla/security/psm/lib/protocol/protocol.h

@@ -0,0 +1,141 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  protocol.h - Definitions of various items to support the PSM protocol.
+ */
+
+#ifndef __PROTOCOL_H__
+#define __PROTOCOL_H__
+
+
+#include "rsrcids.h"
+
+#define SSMPRStatus SSMStatus
+#define SSMPR_SUCCESS SSM_SUCCESS
+#define SSMPR_FAILURE SSM_FAILURE
+
+#define SSMPR_INVALID_ARGUMENT_ERROR PR_INVALID_ARGUMENT_ERROR
+#define SSMPR_OUT_OF_MEMORY_ERROR    PR_OUT_OF_MEMORY_ERROR
+
+#define SSMPRInt32 PRInt32
+#define SSMPRUint32 PRUint32
+
+#define SSMPR_ntohl  PR_ntohl
+#define SSMPR_htonl  PR_htonl
+#define SSMPORT_Free   PORT_Free
+#define SSMPORT_ZAlloc PORT_ZAlloc
+
+#define SSMPR_SetError PR_SetError
+#define SSMPR_GetError PR_GetError
+#define SSMPORT_SetError PORT_SetError
+#define SSMPORT_GetError PORT_GetError
+
+/* 
+   Current version of PSM protocol. 
+   Increment this value when the protocol changes. 
+*/
+
+#define SSMSTRING_PADDED_LENGTH(x) ((((x)+3)/4)*4)
+#define SSMPORT_ZNEW(type) (type*)SSMPORT_ZAlloc(sizeof(type))
+#define SSMPORT_ZNewArray(type,size) (type*)SSMPORT_ZAlloc(sizeof(type)*(size))
+/* Various message structs */
+
+struct _SSMHelloRequest {
+  CMUint32          m_version; /* Protocol version supported by client */
+  struct _SSMString m_profileName; /* Name of user profile (where to find 
+				 certs etc) */
+};
+
+struct _SSMHelloReply {
+  CMInt32           m_result; /* Error, if any, which occurred 
+				 (0 == success) */
+  CMUint32          m_version; /* Protocol version supported by PSM */
+  struct _SSMString m_nonce; /* Session nonce -- must be written to data channels */
+};
+
+struct _SSMRequestSSLDataConnection
+{
+  CMUint32          m_flags; /* Flags to indicate to SSM what to do with
+				the connection */
+  CMUint32          m_port; /* Port number to connect to */
+  struct _SSMString m_hostIP; /* IP address of final target machine (not proxy) */
+  /* struct _SSMString m_hostName; Host name of target machine (for server auth) -- not accessed directly */
+};
+
+struct _SSMReplySSLDataConnection {
+  CMInt32 m_result; /* Error, if any, which occurred (0 == success) */
+  CMUint32 m_connectionID; /* Connection ID of newly opened channel */
+  CMUint32 m_port; /* Port number to which to connect on PSM */
+};
+
+
+struct _SSMRequestSecurityStatus {
+  CMUint32 m_connectionID; /* ID of connection of which to stat */
+};
+
+struct _SSMReplySecurityStatus {
+  CMInt32 m_result; /* Error, if any, which occurred (0 == success) */
+  CMUint32 m_keySize; /* Key size */
+  CMUint32 m_secretKeySize; /* Secret key size */
+  struct _SSMString m_cipherName; /* Name of cipher in use */
+  /* SSMString m_certificate; -- DER encoded cert
+     We do not access this as a field, we have to skip over m_cipherName */
+};
+
+/* 
+   Use this macro to jump over strings.
+   For example, if you wanted to access m_certificate above, 
+   use a line like the following:
+
+   char *ptr = &(reply->m_cipherName) + SSM_SIZEOF_STRING(reply->m_cipherName);
+*/
+#define SSM_SIZEOF_STRING(str) (SSMSTRING_PADDED_LENGTH(PR_ntohl((str).m_length)) + sizeof(CMUint32))
+
+
+typedef struct _SSMHelloRequest SSMHelloRequest;
+typedef struct _SSMHelloReply SSMHelloReply;
+typedef struct _SSMRequestSSLDataConnection SSMRequestSSLDataConnection;
+typedef struct _SSMReplySSLDataConnection SSMReplySSLDataConnection;
+typedef struct _SSMRequestSecurityStatus SSMRequestSecurityStatus;
+typedef struct _SSMReplySecurityStatus SSMReplySecurityStatus;
+
+/* 
+   Functions to convert between an SSMString and a C string.
+   Return values are allocated using PR_Malloc (which means that
+   SSMPR_Free must be used to free up the memory after use). 
+*/
+CMTStatus SSM_StringToSSMString(SSMString ** ssmString, int len, char * string);
+CMTStatus SSM_SSMStringToString(char ** string,int *len, SSMString * ssmString);
+
+
+#endif /* __PROTOCOL_H__ */

mozilla/security/psm/lib/protocol/protocolf.h

@@ -0,0 +1,359 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __PROTOCOLF_H__
+#define __PROTOCOLF_H__
+/*************************************************************************
+ * For each type of message, parse and pack function is provided. 
+ *
+ * Parse functions accept a ptr to the "blob" of data received from the 
+ * network and fill in fields of the message, numbers in host-order, strings
+ * as C-style NULL-terminated strings. Return SSMPRStatus. 
+ *
+ * Pack functions take all the info to construct a message and fill in a 
+ * ptr to the "blob" of data to be sent. Return length of the data blob, or 
+ * a zero in case of an error
+ *
+ * All functions set NSPR errors when necessary.
+ ************************************************************************/
+#include "protocol.h"
+#include "cert.h"
+
+SSMPRStatus SSM_ParseHelloRequest(void * helloRequest, 
+				  SSMPRUint32 * version, 
+				  PRBool * doesUI,
+				  PRInt32 * policyType,
+				  SSMPRUint32 * profileLen,
+				  char ** profile);
+SSMPRInt32 SSM_PackHelloReply(void ** helloReply, SSMPRInt32 result, 
+			      SSMPRUint32 sessionID, SSMPRUint32 version, 
+			      SSMPRUint32 httpPort, SSMPRUint32 nonceLen, 
+			      char * nonce, SSMPolicyType policy);
+
+/* Parse data connections requests */
+SSMPRStatus SSM_ParseSSLDataConnectionRequest(void *sslRequest, 
+					      SSMPRUint32 * flags, 
+					      SSMPRUint32 * port,
+					      SSMPRUint32 * hostIPLen,
+					      char ** hostIP, 
+					      SSMPRUint32 * hostNameLen,
+					      char ** hostName);
+SSMPRStatus SSM_ParseHashStreamRequest(void * hashStreamRequest,
+                                       SSMPRUint32 * type);
+SSMPRStatus SSM_ParseP7EncodeConnectionRequest(void *request,
+					       SSMPRUint32 *ciRID);
+/* Messages to initiate PKCS7 data connection */
+/* PKCS7DecodeRequest message has no data */ 
+
+/* Single data connection reply */
+SSMPRInt32 SSM_PackDataConnectionReply(void ** sslReply, 
+				       SSMPRInt32 result, 
+				       SSMPRUint32 connID, 
+				       SSMPRUint32 port);
+
+SSMPRStatus SSM_ParseSSLSocketStatusRequest(void * statusRequest, 
+					    SSMPRUint32 * connID);
+SSMPRInt32 SSM_PackSSLSocketStatusReply(void ** statusReply, 
+					SSMPRInt32 result, 
+					SSMPRUint32 resourceID);
+
+/* 
+ * UI event is an asynchroneous message sent from PSM server to the client
+ * NOTE: (context) is the actual context pointer, it is NOT a ptr-to-ptr.
+ * The value of (context) is copied into the packet.
+ */
+SSMPRInt32 SSM_PackUIEvent(void ** eventRequest, SSMPRUint32 resourceID, 
+			   SSMPRUint32 width, SSMPRUint32 height,
+			   SSMPRUint32 urlLen, char * url);
+
+SSMPRInt32 SSM_PackTaskCompletedEvent(void **event, SSMPRUint32 resourceID,
+                                     SSMPRUint32 numTasks, SSMPRUint32 result);
+
+/* Verify raw signature */
+
+SSMPRStatus SSM_ParseVerifyRawSigRequest(void * verifyRawSigRequest, 
+					 SSMPRUint32 * algorithmID,
+					 SSMPRUint32 * paramsLen, 
+					 unsigned char ** params,
+					 SSMPRUint32 * pubKeyLen,
+					 unsigned char ** pubKey,
+					 SSMPRUint32 * hashLen,
+					 unsigned char ** hash,
+					 SSMPRUint32 * signatureLen,
+					 unsigned char ** signature);
+SSMPRInt32 SSM_PackVerifyRawSigReply(void ** verifyRawSigReply, 
+				     SSMPRInt32 result);
+
+/* Verify detached signature */
+SSMPRStatus SSM_ParseVerifyDetachedSigRequest(void * request, 
+											  SSMPRInt32 * pkcs7ContentID,
+											  SSMPRInt32 * certUsage,
+											  SSMPRInt32 * hashAlgID,
+											  SSMPRUint32 * keepCert,
+											  SSMPRUint32 * digestLen,
+											  unsigned char ** hash);
+
+SSMPRInt32 SSM_PackVerifyDetachedSigReply(void ** verifyDetachedSigReply, 
+										  SSMPRInt32 result);
+
+/* PKCS#7 functions */
+SSMPRStatus SSM_ParseCreateSignedRequest(void *request,
+                                         SSMPRInt32 *scertRID,
+                                         SSMPRInt32 *ecertRID,
+                                         SSMPRUint32 *dig_alg,
+                                         SECItem **digest);
+
+SSMPRInt32 SSM_PackCreateSignedReply(void **reply, SSMPRInt32 ciRID,
+                                     SSMPRUint32 result);
+
+SSMPRStatus SSM_ParseCreateEncryptedRequest(void *request,
+					    SSMPRInt32 *scertRID,
+                                            SSMPRInt32 *nrcerts,
+					    SSMPRInt32 **rcertRIDs);
+
+SSMPRInt32 SSM_PackCreateEncryptedReply(void **reply, SSMPRInt32 ciRID,
+					SSMPRUint32 result);
+
+/* Resource functions */
+SSMPRStatus SSM_ParseCreateResourceRequest(void *request,
+                                           SSMPRUint32 *type,
+                                           unsigned char **params,
+                                           SSMPRUint32 *paramLen);
+
+SSMPRStatus SSM_PackCreateResourceReply(void **reply, SSMPRStatus rv,
+                                        SSMPRUint32 resID);
+
+SSMPRStatus SSM_ParseGetAttribRequest(void * getAttribRequest, 
+				      SSMPRUint32 * resourceID, 
+				      SSMPRUint32 * fieldID);
+
+void SSM_DestroyAttrValue(SSMAttributeValue *value, PRBool freeit);
+
+SSMPRInt32 SSM_PackGetAttribReply(void **getAttribReply,
+				  SSMPRInt32 result,
+				  SSMAttributeValue *value);
+SSMPRStatus SSM_ParseSetAttribRequest(SECItem *msg,
+				      SSMPRInt32 *resourceID,
+				      SSMPRInt32 *fieldID,
+				      SSMAttributeValue *value);
+/* Currently, there is no need for a pack version.  There is nothing to send
+ * back except for the notice that the operation was successful.
+ */
+				  
+				       
+				       
+/* Pickle and unpickle resources. */
+SSMPRStatus SSM_ParsePickleResourceRequest(void * pickleResourceRequest, 
+					  SSMPRUint32 * resourceID);
+SSMPRInt32 SSM_PackPickleResourceReply(void ** pickleResourceReply, 
+				       SSMPRInt32 result,
+				       SSMPRUint32 resourceLen,
+				       void * resource);
+SSMPRStatus SSM_ParseUnpickleResourceRequest(void * unpickleResourceRequest,
+					     SSMPRUint32 blobSize,
+					     SSMPRUint32 * resourceType,
+					     SSMPRUint32 * resourceLen,
+					     void ** resource);
+SSMPRInt32 SSM_PackUnpickleResourceReply(void ** unpickleResourceReply, 
+					   SSMPRInt32 result, 
+					   SSMPRUint32 resourceID);
+
+/* Destroy resource */
+SSMPRStatus SSM_ParseDestroyResourceRequest(void * destroyResourceRequest, 
+					    SSMPRUint32 * resourceID, 
+					    SSMPRUint32 * resourceType);
+SSMPRInt32 SSM_PackDestroyResourceReply(void ** destroyResourceReply, 
+                                        SSMPRInt32 result);
+
+/* Duplicate resource */
+SSMPRStatus SSM_ParseDuplicateResourceRequest(void * request, 
+					      SSMPRUint32 * resourceID);
+SSMPRInt32 SSM_PackDuplicateResourceReply(void ** reply, SSMPRInt32 result,
+					  SSMPRUint32 resID);
+
+/* Cert actions */
+typedef struct MatchUserCertRequestData {
+    PRUint32 certType;
+    PRInt32 numCANames;
+    char ** caNames;
+} MatchUserCertRequestData;
+
+typedef struct SSMCertList {
+    PRCList certs;
+    PRInt32 count;
+} SSMCertList;
+
+typedef struct SSMCertListElement {
+    PRCList links;
+    PRUint32 certResID;
+} SSMCertListElement;
+
+#define SSM_CERT_LIST_ELEMENT_PTR(_q) (SSMCertListElement*)(_q);
+
+SSMPRStatus SSM_ParseVerifyCertRequest(void * verifyCertRequest, 
+				       SSMPRUint32 * resourceID, 
+				       SSMPRInt32 * certUsage);
+SSMPRInt32 SSM_PackVerifyCertReply(void ** verifyCertReply, 
+			           SSMPRInt32 result);
+
+SSMPRStatus SSM_ParseImportCertRequest(void * importCertRequest, 
+				       SSMPRUint32 * blobLen, 
+				       void ** certBlob);
+SSMPRInt32 SSM_PackImportCertReply(void ** importCertReply, SSMPRInt32 result, 
+				   SSMPRUint32 resourceID);
+PRStatus SSM_ParseFindCertByNicknameRequest(void *request, char ** nickname);
+PRInt32 SSM_PackFindCertByNicknameReply(void ** reply, PRUint32 resourceID);
+PRStatus SSM_ParseFindCertByKeyRequest(void *request, SECItem ** key);
+PRInt32 SSM_PackFindCertByKeyReply(void ** reply, PRUint32 resourceID);
+PRStatus SSM_ParseFindCertByEmailAddrRequest(void *request, char ** emailAddr);
+PRInt32 SSM_PackFindCertByEmailAddrReply(void ** reply, PRUint32 resourceID);
+PRStatus SSM_ParseAddTempCertToDBRequest(void *request, PRUint32 *resourceID, char ** nickname, PRInt32 *ssl, PRInt32 *email, PRInt32 *objectSigning);
+PRInt32 SSM_PackAddTempCertToDBReply(void ** reply);
+PRStatus SSM_ParseMatchUserCertRequest(void *request, MatchUserCertRequestData** data);
+PRInt32 SSM_PackMatchUserCertReply(void **reply, SSMCertList * certList);
+
+SSMPRInt32 SSM_PackErrorMessage(void ** errorReply, SSMPRInt32 result);
+
+
+/* PKCS11 actions */
+SSMPRStatus SSM_ParseKeyPairGenRequest(void *keyPairGenRequest, 
+				       SSMPRInt32 requestLen,
+				       SSMPRUint32 *keyPairCtxtID,
+				       SSMPRUint32 *genMechanism,
+				       SSMPRUint32 *keySize,
+				       unsigned char **params, 
+				       SSMPRUint32 *paramLen);
+
+SSMPRInt32 SSM_PackKeyPairGenResponse(void ** keyPairGenResponse, 
+				      SSMPRUint32 keyPairId);
+
+PRStatus
+SSM_ParseFinishKeyGenRequest(void    *finishKeyGenRequest,
+                             PRInt32  requestLen,
+                             PRInt32 *keyGenContext);
+
+/* CMMF/CRMF Actions */
+SSMPRStatus SSM_ParseCreateCRMFReqRequest(void        *crmfReqRequest,
+					  SSMPRInt32   requestLen,
+					  SSMPRUint32 *keyPairId);
+
+SSMPRInt32 SSM_PackCreateCRMFReqReply(void        **crmfReqReply,
+				      SSMPRUint32   crmfReqId);
+
+SSMPRStatus SSM_ParseEncodeCRMFReqRequest(void         *encodeReq,
+					  SSMPRInt32    requestLen,
+					  SSMPRUint32 **crmfReqId,
+					  SSMPRInt32   *numRequests);
+
+SSMPRInt32 SSM_PackEncodeCRMFReqReply(void        **encodeReply,
+				      char         *crmfDER,
+				      SSMPRUint32   derLen);
+
+SSMPRStatus SSM_ParseCMMFCertResponse(void        *encodedRes,
+				      SSMPRInt32   encodeLen,
+				      char       **nickname,
+				      char       **base64Der,
+				      PRBool      *doBackup);
+
+PRStatus SSM_ParsePOPChallengeRequest(void     *challenge,
+				      PRInt32   len,
+				      char    **responseString);
+PRInt32 SSM_PackPOPChallengeResponse(void   **response,
+				     char    *responseString,
+				     PRInt32  responseStringLen);
+
+PRInt32 SSM_PackPasswdRequest(void ** passwdRequest, PRInt32 tokenID,
+                              char * prompt, PRInt32 promptLen);
+PRStatus SSM_ParsePasswordReply(void * passwdReply, PRInt32 * result, 
+                                PRInt32 * tokenID,
+                                char ** passwd, PRInt32 * passwdLen);
+
+/* Sign Text Actions */
+typedef struct {
+    char *stringToSign;
+    char *hostName;
+    char *caOption;
+    PRInt32 numCAs;
+    char **caNames;
+} signTextRequestData;
+
+PRStatus SSM_ParseSignTextRequest(void* signTextRequest, PRInt32 len, PRUint32* resID, signTextRequestData ** data);
+
+PRStatus SSM_ParseGetLocalizedTextRequest(void               *data,
+                                          SSMLocalizedString *whichString);  
+
+PRInt32 SSM_PackGetLocalizedTextResponse(void               **data,
+					 SSMLocalizedString   whichString,
+					 char                *retString);
+
+PRStatus SSM_ParseAddNewSecurityModuleRequest(void          *data, 
+					      char         **moduleName,
+					      char         **libraryPath, 
+					      unsigned long *pubMechFlags,
+					      unsigned long *pubCipherFlags);
+
+PRInt32 SSM_PackAddNewModuleResponse(void **data, PRInt32 rv);
+
+PRStatus SSM_ParseDeleteSecurityModuleRequest(void *data, char **moduleName);
+
+PRInt32 SSM_PackDeleteModuleResponse(void **data, PRInt32 moduleType);
+
+PRInt32 SSM_PackFilePathRequest(void **data, PRInt32 resID, char *prompt,
+				PRBool shouldFileExist, char *fileSuffix);
+
+PRStatus SSM_ParseFilePathReply(void *message, char **filePath,
+				PRInt32 *rid);
+
+PRInt32 SSM_PackPromptRequestEvent(void **data, PRInt32 resID, char *prompt);
+PRStatus SSM_ParsePasswordPromptReply(void *data, PRInt32 *resID, 
+				      char **reply);
+
+/* messages for importing certs *the traditional way* */
+PRInt32 SSM_PackDecodeCertReply(void ** data, PRInt32 certID);
+PRStatus SSM_ParseDecodeCertRequest(void * data, PRInt32 * len, 
+					char ** buffer);
+PRStatus SSM_ParseGetKeyChoiceListRequest(void * data, PRUint32 dataLen, 
+					  char ** type, PRUint32 *typeLen, 
+					  char ** pqgString, PRUint32 *pqgLen);
+PRInt32 SSM_PackGetKeyChoiceListReply(void **data, char ** list);
+
+PRStatus SSM_ParseGenKeyOldStyleRequest(void * data, PRUint32 datalen, 
+					char ** choiceString, 
+					char ** challenge, 
+					char ** typeString, 
+					char ** pqgString);
+PRInt32 SSM_PackGenKeyOldStyleReply(void ** data, char * keydata);
+
+PRStatus SSM_ParseDecodeAndCreateTempCertRequest(void * data, 
+			char ** certbuf, PRUint32 * certlen, int * certClass);
+
+#endif /*PROTOCOLF_H_*/

mozilla/security/psm/lib/protocol/protocolnspr20.h

@@ -0,0 +1,74 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*****************************************************************************
+ *
+ *
+ *
+ *****************************************************************************
+ */
+
+#ifndef NULL
+#define NULL 0x00000000
+#endif
+
+#define SSMPR_BYTES_PER_INT  4
+#define SSMPR_BYTES_PER_LONG  4
+
+/******************************************************************
+ *  No NSPR - define all the SSMPR values and functions here   
+ ******************************************************************
+ */
+
+#define SSMPRStatus PRStatus
+#define SSMPR_SUCCESS PR_SUCCESS
+#define SSMPR_FAILURE PR_FAILURE
+
+#define SSMPR_INVALID_ARGUMENT_ERROR PR_INVALID_ARGUMENT_ERROR
+#define SSMPR_OUT_OF_MEMORY_ERROR    PR_OUT_OF_MEMORY_ERROR
+
+#define SSMPRInt32 PRInt32
+#define SSMPRUint32 PRUint32
+
+#define SSMPR_ntohl  PR_ntohl
+#define SSMPR_htonl  PR_htonl
+#define SSMPORT_Free   PORT_Free
+#define SSMPORT_ZAlloc PORT_ZAlloc
+
+#define SSMPR_SetError PR_SetError
+#define SSMPR_GetError PR_GetError
+#define SSMPORT_SetError PORT_SetError
+#define SSMPORT_GetError PORT_GetError
+
+
+
+

mozilla/security/psm/lib/protocol/protocolport.c

@@ -0,0 +1,49 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*************************************************************************
+ *
+ * PSM portable run-time. (Used when NSPR20 is not available.)
+ *
+ *************************************************************************
+ */
+
+SSMPRInt32 ssmprErrno;
+
+void SSMPORT_SetError(SSMPRInt32 errorcode) 
+{ ssmprErrno = errorcode; }  
+
+
+SSMPRInt32 SSMPORT_GetError(void)
+{ return ssmprErrno; }
+
+

mozilla/security/psm/lib/protocol/protocolport.h

@@ -0,0 +1,93 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*****************************************************************************
+ *
+ *
+ *
+ *****************************************************************************
+ */
+
+#ifndef NULL
+#define NULL 0x00000000
+#endif
+
+#define SSMPR_BYTES_PER_INT  4
+#define SSMPR_BYTES_PER_LONG  4
+
+/******************************************************************
+ *  No NSPR - define all the SSMPR values and functions here   
+ ******************************************************************
+ */
+
+typedef enum { SSMPR_SUCCESS = 0,  SSMPR_FAILURE = -1 } SSMPRStatus;
+enum { 
+  SSMPR_INVALID_ARGUMENT_ERROR = -6000,
+  SSMPR_OUT_OF_MEMORY_ERROR =  -5987
+};
+
+#if SSMPR_BYTES_PER_INT == 4
+typedef unsigned int SSMPRUint32;
+typedef int SSMPRInt32; 
+#elif SSMPR_BYTES_PER_LONG == 4
+typedef unsigned long SSMPRUint32;
+typedef long SSMPRInt32;
+#else
+#error No suitable type for SSMPRInt32/SSMPRUint32
+#endif
+
+/*******************************************************************
+ * Use libc functions instead 
+ *******************************************************************
+ */
+#include <sys/types.h>
+#ifdef WIN32
+#include <winsock.h>
+#else
+#include <netinet/in.h>
+#endif
+#define SSMPR_ntohl  ntohl
+#define SSMPR_htonl  htonl
+
+#include <stdlib.h>
+#define SSMPORT_Free   free
+#define SSMPR_sprint   printf
+#define SSMPORT_ZAlloc malloc
+
+extern SSMPRInt32 ssmprErrno;
+#define SSMPR_SetError(x, y) SSMPORT_SetError(x)
+#define SSMPR_GetError SSMPORT_GetError
+void SSMPORT_SetError(SSMPRInt32 errorcode);
+
+
+
+

mozilla/security/psm/lib/protocol/protocolshr.c

@@ -0,0 +1,169 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "string.h"
+#include "protocol.h"
+#include "protocolshr.h"
+#include "messages.h"
+
+/* Forward ref */
+static void encrypt(CMTItem *data);
+static void decrypt(CMTItem *data);
+
+const char *kPrefix = "Encrypted";
+
+/* encryption request */
+CMTStatus
+CMT_DoEncryptionRequest(CMTItem *message)
+{
+  CMTStatus rv = CMTSuccess;
+  EncryptRequestMessage request;
+  EncryptReplyMessage reply;
+  CMUint32 pLen = strlen(kPrefix);
+
+  /* Initialize */
+  request.keyid.data = 0;
+  request.data.data = 0;
+  reply.item.data = 0;
+
+  /* Decode incoming message */
+  rv = CMT_DecodeMessage(EncryptRequestTemplate, &request, message);
+  if (rv != CMTSuccess) goto loser;  /* Protocol error */
+
+  /* Free incoming message */
+  free(message->data);
+  message->data = NULL;
+
+  /* "Encrypt" by prefixing the data */
+  reply.item.len = request.data.len + pLen;
+  reply.item.data = calloc(reply.item.len, 1);
+  if (!reply.item.data) {
+	rv = CMTFailure;
+	goto loser;
+  }
+
+  if (pLen) memcpy(reply.item.data, kPrefix, pLen);
+  encrypt(&request.data);
+  memcpy(&reply.item.data[pLen], request.data.data, request.data.len);
+  
+  /* Generate response */
+  message->type = SSM_SDR_ENCRYPT_REPLY;
+  rv = CMT_EncodeMessage(EncryptReplyTemplate, message, &reply);
+  if (rv != CMTSuccess) goto loser;  /* Unknown error */
+
+loser:
+  if (request.keyid.data) free(request.keyid.data);
+  if (request.data.data) free(request.data.data);
+  if (request.ctx.data) free(request.ctx.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv;
+}
+
+/* decryption request */
+CMTStatus
+CMT_DoDecryptionRequest(CMTItem *message)
+{
+  CMTStatus rv = CMTSuccess;
+  DecryptRequestMessage request;
+  DecryptReplyMessage reply;
+  CMUint32 pLen = strlen(kPrefix);
+
+  /* Initialize */
+  request.data.data = 0;
+  request.ctx.data = 0;
+  reply.item.data = 0;
+
+  /* Decode the message */
+  rv = CMT_DecodeMessage(DecryptRequestTemplate, &request, message);
+  if (rv != CMTSuccess) goto loser;
+
+  /* Free incoming message */
+  free(message->data);
+  message->data = NULL;
+
+  /* "Decrypt" the message by removing the key */
+  if (pLen && memcmp(request.data.data, kPrefix, pLen) != 0) {
+    rv = CMTFailure;  /* Invalid format */
+    goto loser;
+  }
+
+  reply.item.len = request.data.len - pLen;
+  reply.item.data = calloc(reply.item.len, 1);
+  if (!reply.item.data) { rv = CMTFailure;  goto loser; }
+
+  memcpy(reply.item.data, &request.data.data[pLen], reply.item.len);
+  decrypt(&reply.item);
+
+  /* Create reply message */
+  message->type = SSM_SDR_DECRYPT_REPLY;
+  rv = CMT_EncodeMessage(DecryptReplyTemplate, message, &reply);
+  if (rv != CMTSuccess) goto loser;
+
+loser:
+  if (request.data.data) free(request.data.data);
+  if (request.ctx.data) free(request.ctx.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv;
+}
+
+/* "encrypt" */
+static unsigned char mask[64] = {
+ 0x73, 0x46, 0x1a, 0x05, 0x24, 0x65, 0x43, 0xb4, 0x24, 0xee, 0x79, 0xc1, 0xcc,
+ 0x49, 0xc7, 0x27, 0x11, 0x91, 0x2e, 0x8f, 0xaa, 0xf7, 0x62, 0x75, 0x41, 0x7e,
+ 0xb2, 0x42, 0xde, 0x1b, 0x42, 0x7b, 0x1f, 0x33, 0x49, 0xca, 0xd1, 0x6a, 0x85,
+ 0x05, 0x6c, 0xf9, 0x0e, 0x3e, 0x72, 0x02, 0xf2, 0xd8, 0x9d, 0xa1, 0xb8, 0x6e,
+ 0x03, 0x18, 0x3e, 0x82, 0x86, 0x34, 0x1a, 0x61, 0xd9, 0x65, 0xb6, 0x7f
+};
+
+static void
+encrypt(CMTItem *data)
+{
+  unsigned int i, j;
+
+  j = 0;
+  for(i = 0;i < data->len;i++)
+  {
+    data->data[i] ^= mask[j];
+
+    if (++j >= 64) j = 0;
+  }
+}
+
+static void
+decrypt(CMTItem *data)
+{
+  encrypt(data);
+}
+
+

mozilla/security/psm/lib/protocol/protocolshr.h

@@ -0,0 +1,48 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  protocolshr.h - Definitions of shared routines for both client and server
+    These are mostly for testing.
+ */
+
+#ifndef __PROTOCOLSHR_H__
+#define __PROTOCOLSHR_H__
+
+CMTStatus
+CMT_DoEncryptionRequest(CMTItem *message);
+
+CMTStatus
+CMT_DoDecryptionRequest(CMTItem *meessage);
+
+
+#endif /* __PROTOCOLSHR_H__ */

mozilla/security/psm/lib/protocol/protocoltest.c

@@ -0,0 +1,207 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "protocolf.h"
+#include <stdio.h>
+  
+ 
+int main() 
+{
+  void * blob, * recvd;
+  int blobSize;
+  SSMPRUint32 version, flags, port, connID, keySize, secretKeySize;
+  SSMPRUint32 sessionID, httpPort;
+  SSMPRInt32 result;
+  char *profile, * nonce, * hostIP, * hostName, * cipher, * CA;
+  SSMPRStatus rv;
+  
+  
+  /*
+   * Test functions to pack and parse HelloRequest message 
+   */
+  version = 3;
+  profile = (char *)SSMPORT_ZAlloc(strlen("profile"));
+  sprintf(profile, "profile");
+  printf("HelloRequest, packing version #%d, profile %s\n", 
+	 version, profile);
+  blobSize = SSM_PackHelloRequest(&blob, version, profile);
+  if (!blobSize)
+    printf("Error in PackHelloRequest: %d\n", SSMPR_GetError());
+  SSMPORT_Free(profile);
+  version = 0;
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseHelloRequest(recvd, &version, &profile);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseHelloRequest: %d\n", SSMPR_GetError());
+  printf("HelloRequest, parsing version #%d, profile %s\n", 
+	 version, profile);
+
+
+  /* 
+   * Test functions to parse and pack HelloReply message
+   */
+  version = 5;
+  result = 2;
+  sessionID = 34567;
+  httpPort = 87654;
+  nonce = (char *)SSMPORT_ZAlloc(strlen("some secret nonce"));
+  sprintf(nonce, "some secret nonce");
+  printf("HelloReply, packing result %d, sessionID %d, version #%d, httpPort %d,\n nonce %s\n", 
+	 result, sessionID, version, httpPort, nonce);
+  blobSize = SSM_PackHelloReply(&blob, result, sessionID, version, httpPort, 
+				nonce);
+  if (!blobSize) 
+    printf("Error in PackHelloReply: %d\n", SSMPR_GetError());
+  memset(nonce, 0, strlen(nonce));
+  SSMPORT_Free(nonce);
+  version = result = sessionID = httpPort = 0;
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseHelloReply(recvd, &result, &sessionID, &version, &httpPort, 
+			   &nonce);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseHelloReply: %d\n", SSMPR_GetError());
+  printf("HelloReply, parsing result %d, sessionID %d, version #%d, httpPort %d, \n nonce %s\n", 
+	 result, sessionID, version, httpPort, nonce);
+  
+  /*
+   * Test functions to parse and pack SSLDataConnectionRequest message
+   */
+  flags = 0x00044000;
+  port = 34567;
+  hostIP = (char *)SSMPORT_ZAlloc(strlen("somehostIP"));
+  sprintf(hostIP, "somehostIP");
+  hostName = (char *)SSMPORT_ZAlloc(strlen("somehostName"));
+  sprintf(hostName, "somehostName");
+  printf("SSLDataConnRequest, packing flags %x, port %d, hostIP %s, hostName %s\n", 
+	 flags, port, hostIP, hostName);
+  blobSize = SSM_PackSSLDataConnectionRequest(&blob, flags, port, hostIP, 
+					  hostName);
+  if (!blobSize) 
+    printf("Error in PackSSLDataConnectionRequest: %d\n", SSMPR_GetError());
+  SSMPORT_Free(hostIP);
+  SSMPORT_Free(hostName);
+  flags = port = 0;
+  
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);  
+  
+  rv = SSM_ParseSSLDataConnectionRequest(recvd, &flags, &port, &hostIP, 
+					 &hostName);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseSSLDataConnectionRequest: %d\n", SSMPR_GetError());
+  printf(
+"SSLDataConnRequest, parsing flags %x, port %d, hostIP %s, hostName %s\n", 
+	 flags, port, hostIP, hostName);
+  SSMPORT_Free(hostIP);
+  SSMPORT_Free(hostName);
+  
+  
+  /*
+   * Test functions to parse and pack SSLDataConnectionReply message 
+   */
+  result = 2;
+  connID = 713259;
+  port = 57402;
+  printf("SSLDataConnReply, packing result %d, connectionID %d, port %d\n",
+	 result, connID, port);
+  blobSize = SSM_PackSSLDataConnectionReply(&blob, result, connID, port);
+  if (!blobSize) 
+    printf("Error in PackSSLDataConnReply: %d\n", SSMPR_GetError());
+  result = connID = port = 0;
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseSSLDataConnectionReply(recvd, &result, &connID, &port);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseSSLDataConnectionReply: %d\n", SSMPR_GetError());
+  printf("SSLDataConnReply, parsing result %d, connectionID %d, port %d\n", 
+	 result, connID, port);
+  
+  
+  /* 
+   * Test functions to parse and pack SecurityStatusRequest message
+   */
+  connID = 45375;
+  printf("SecurityStatusRequest, packing connection ID %d\n", connID);
+  blobSize = SSM_PackSecurityStatusRequest(&blob, connID);
+  if (!blobSize)  
+    printf("Error in PackSecurityStatusRequest: %d\n", SSMPR_GetError());
+  connID = 0;
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseSecurityStatusRequest(recvd, &connID);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseSecurityStatusRequest: %d\n", SSMPR_GetError());
+  printf("SecurityStatusRequest, parsing connection ID %d\n", connID);
+  
+
+  /* 
+   * Test functions to parse and pack SecurityStatusReply message 
+   */
+  result = 2;
+  keySize = 256;
+  secretKeySize = 511;
+  cipher = (char *)SSMPORT_ZAlloc(strlen("My Cipher"));
+  sprintf(cipher, "My Cipher");
+  CA = (char *)SSMPORT_ZAlloc(strlen("My CA issuer"));
+  sprintf(CA, "My CA issuer");
+  printf("SecurityStatusReply, packing result %d, keysize %d, secretKeySize %d, cipher %s, CA %s\n", result, keySize, secretKeySize, cipher, CA);
+  blobSize = SSM_PackSecurityStatusReply(&blob, result, keySize, secretKeySize, cipher, CA);
+  if (!blobSize) 
+    printf("Error in PackSecurityStatusReply: %d\n", SSMPR_GetError());
+  result = keySize = secretKeySize = 0;
+  SSMPORT_Free(cipher);
+  SSMPORT_Free(CA);
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseSecurityStatusReply(recvd, &result, &keySize, &secretKeySize, 
+				    &cipher, &CA);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseSecurityStatusReply: %d\n", SSMPR_GetError());
+  printf("SecurityStatusReply, parsing result %d, keysize %d, secretKeySize %d, cipher %s, CA %s\n", result, keySize, secretKeySize, cipher, CA);
+}     
+
+
+

mozilla/security/psm/lib/protocol/protocolutil.c

@@ -0,0 +1,130 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "protocol.h"
+#include "prmem.h"
+#include "prnetdb.h"
+#include <string.h>
+
+#ifndef NSPR20
+#include "protocolport.c"
+#endif
+
+CMStatus SSM_SSMStringToString(char ** string,
+			       int *len, 
+			       SSMString * ssmString) 
+{
+  char * str = NULL;
+  int realLen;
+  PRStatus rv =PR_SUCCESS;
+
+  if (!ssmString || !string ) { 
+    rv = PR_INVALID_ARGUMENT_ERROR;
+    goto loser;
+  }
+
+  /* in case we fail */
+  *string = NULL;
+  if (len) *len = 0;
+
+  /* Convert from net byte order */
+  realLen = SSMPR_ntohl(ssmString->m_length);
+
+  str = (char *)PR_CALLOC(realLen+1); /* add 1 byte for end 0 */
+  if (!str) {
+    rv = PR_OUT_OF_MEMORY_ERROR;
+    goto loser;
+  }
+  
+  memcpy(str, (char *) &(ssmString->m_data), realLen);
+  /* str[realLen]=0; */
+
+  if (len) *len = realLen;
+  *string = str;
+  return rv;
+  
+loser:
+  if (str) 
+    PR_Free(str);
+  if (string && *string) {
+    PR_Free(*string);
+    *string = NULL;
+  }
+  if (rv == PR_SUCCESS) 
+    rv = PR_FAILURE;
+  return rv;
+}
+
+
+CMStatus SSM_StringToSSMString(SSMString ** ssmString, int length, 
+				  char * string)
+{
+  SSMPRUint32 len;
+  SSMString *result = NULL;
+  PRStatus rv = PR_SUCCESS;
+  
+  if (!string || !ssmString) {
+    rv = PR_INVALID_ARGUMENT_ERROR;
+    goto loser;
+  }
+
+  *ssmString = NULL; /* in case we fail */
+
+  if (length) len = length; 
+  else len = strlen(string);
+  if (len <= 0) {
+    rv = PR_INVALID_ARGUMENT_ERROR;
+    goto loser;
+  }
+  result = (SSMString *) PR_CALLOC(sizeof(PRUint32) + 
+				   SSMSTRING_PADDED_LENGTH(len));
+  if (!result) {
+    rv = PR_OUT_OF_MEMORY_ERROR;
+    goto loser;
+  }
+
+  result->m_length = SSMPR_htonl(len);
+  memcpy((char *) (&(result->m_data)), string, len);
+
+  *ssmString = result;
+  goto done;
+  
+loser:
+  if (result)
+    PR_Free(result);
+  *ssmString = NULL;
+  if (rv == PR_SUCCESS)
+    rv = PR_FAILURE;
+done:
+  return rv;
+}
+

mozilla/security/psm/lib/protocol/rsrcids.h

@@ -0,0 +1,168 @@
+/* -*- mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __SSM_RSRCIDS_H__
+#define __SSM_RSRCIDS_H__
+
+#include "ssmdefs.h"
+
+/*
+ * IMPORTANT:
+ *
+ * To preserve backward compatibility as much as possible, always add new 
+ * values to either one of the enumeration tables at the end of the table.
+ */
+
+typedef enum 
+{
+    SSM_RESTYPE_NULL = 0L,
+    SSM_RESTYPE_RESOURCE,
+    SSM_RESTYPE_CONNECTION,
+    SSM_RESTYPE_CONTROL_CONNECTION,
+    SSM_RESTYPE_DATA_CONNECTION,
+    SSM_RESTYPE_SSL_DATA_CONNECTION,
+    SSM_RESTYPE_PKCS7_DECODE_CONNECTION,
+    SSM_RESTYPE_PKCS7_ENCODE_CONNECTION,
+    SSM_RESTYPE_HASH_CONNECTION,
+    
+    SSM_RESTYPE_CERTIFICATE,
+    SSM_RESTYPE_SSL_SOCKET_STATUS,
+    SSM_RESTYPE_PKCS7_CONTENT_INFO,
+    SSM_RESTYPE_KEY_PAIR,
+    SSM_RESTYPE_CRMF_REQUEST,
+    SSM_RESTYPE_KEYGEN_CONTEXT,
+    SSM_RESTYPE_SECADVISOR_CONTEXT,
+    SSM_RESTYPE_SIGNTEXT,
+    SSM_RESTYPE_PKCS12_CONTEXT,
+    SSM_RESTYPE_MAX
+} SSMResourceType;
+
+/* Attribute/resource types */
+
+/* Attribute IDs */
+typedef enum
+{
+    SSM_FID_NULL = (CMUint32) 0, /* placeholder */
+
+    /* Connection attributes */
+    SSM_FID_CONN_ALIVE,
+    SSM_FID_CONN_PARENT,
+
+    /* Data connection attributes */
+    SSM_FID_CONN_DATA_PENDING,
+
+    /* SSL data connection attributes */
+    SSM_FID_SSLDATA_SOCKET_STATUS,
+    SSM_FID_SSLDATA_ERROR_VALUE,
+
+    /* PKCS7 decode connection attributes */
+    SSM_FID_P7CONN_CONTENT_INFO,
+    SSM_FID_P7CONN_RETURN_VALUE,
+    SSM_FID_P7CONN_ERROR_VALUE,
+
+    /* Hash connection attributes */
+    SSM_FID_HASHCONN_RESULT,
+
+    /* Certificate attributes */
+    SSM_FID_CERT_SUBJECT_NAME,
+    SSM_FID_CERT_ISSUER_NAME,
+    SSM_FID_CERT_SERIAL_NUMBER,
+    SSM_FID_CERT_EXP_DATE,
+    SSM_FID_CERT_FINGERPRINT,
+    SSM_FID_CERT_COMMON_NAME,
+    SSM_FID_CERT_NICKNAME,
+    SSM_FID_CERT_ORG_NAME,
+    SSM_FID_CERT_HTML_CERT,
+    SSM_FID_CERT_PICKLE_CERT,
+    SSM_FID_CERT_CERTKEY,
+    SSM_FID_CERT_FIND_CERT_ISSUER,
+    SSM_FID_CERT_EMAIL_ADDRESS,
+    SSM_FID_CERT_ISPERM,
+
+    /* SSL socket status attributes */
+    SSM_FID_SSS_KEYSIZE,
+    SSM_FID_SSS_SECRET_KEYSIZE,
+    SSM_FID_SSS_CERT_ID,
+    SSM_FID_SSS_CIPHER_NAME,
+    SSM_FID_SSS_SECURITY_LEVEL,
+    SSM_FID_SSS_HTML_STATUS,
+
+    /* PKCS7 content info attributes */
+    SSM_FID_P7CINFO_IS_SIGNED,
+    SSM_FID_P7CINFO_IS_ENCRYPTED,
+    SSM_FID_P7CINFO_SIGNER_CERT,
+
+    /* CRMF ID's */
+    SSM_FID_CRMFREQ_REGTOKEN,
+    SSM_FID_CRMFREQ_AUTHENTICATOR,
+    SSM_FID_CRMFREQ_EXTENSIONS,
+    SSM_FID_CRMFREQ_KEY_TYPE,
+    SSM_FID_CRMFREQ_DN,
+
+    /* Security advisor context */
+    SSM_FID_SECADVISOR_URL,
+    SSM_FID_SECADVISOR_WIDTH,
+    SSM_FID_SECADVISOR_HEIGHT,
+
+    /* Sign Text */
+    SSM_FID_SIGNTEXT_RESULT,
+
+    /* Key Gen ID's */
+    SSM_FID_KEYGEN_ESCROW_AUTHORITY,
+
+    /* Key Pair ID's */
+    SSM_FID_KEYPAIR_KEY_GEN_TYPE,
+
+    /* Session Attributes */
+    SSM_FID_DEFAULT_EMAIL_RECIPIENT_CERT,
+    SSM_FID_DEFAULT_EMAIL_SIGNER_CERT,
+
+    /* Client Context Attribute */
+    SSM_FID_CLIENT_CONTEXT,
+
+	/* Resource Error */
+	SSM_FID_RESOURCE_ERROR,
+
+    SSM_FID_KEYGEN_SLOT_NAME,
+    SSM_FID_DISABLE_ESCROW_WARN,
+    SSM_FID_KEYGEN_TOKEN_NAME,
+
+    SSM_FID_SSLDATA_DISCARD_SOCKET_STATUS,
+    SSM_FID_CHOOSE_TOKEN_URL,
+    SSM_FID_INIT_DB_URL,
+    SSM_FID_SSS_CA_NAME,
+
+    SSM_FID_MAX /* placeholder */
+} SSMAttributeID;
+
+#endif

mozilla/security/psm/lib/protocol/ssmdefs.h

@@ -0,0 +1,331 @@
+/* -*- mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __SSMDEFS_H__
+#define __SSMDEFS_H__
+
+/* Basic type definitions for both client and server. */
+typedef long CMInt32;
+typedef unsigned long CMUint32;
+typedef long SSMResourceID;
+
+typedef int SSMStatus;
+
+#define PSM_PORT                        11111
+#define PSM_DATA_PORT                   11113 /* needs to be removed */
+ 
+typedef enum _CMTStatus {
+  CMTFailure = -1,
+  CMTSuccess = 0
+} CMTStatus;
+
+typedef enum {
+   CM_FALSE = 0,
+   CM_TRUE = 1
+} CMBool;
+ 
+typedef struct CMTItemStr {
+  CMUint32 type;
+  unsigned char *data;
+  unsigned int len;
+} CMTItem;
+
+/* A length-encoded string. */
+struct _SSMString {
+  CMUint32 m_length;
+  char m_data;
+};
+typedef struct _SSMString SSMString;
+
+#define SSM_PROTOCOL_VERSION 0x00000051
+
+#define SSM_INVALID_RESOURCE 0x00000000
+#define SSM_GLOBAL_RESOURCE  0x00000001
+#define SSM_SESSION_RESOURCE 0x00000002
+
+/* Message category flags */
+#define SSM_REQUEST_MESSAGE     0x10000000
+#define SSM_REPLY_OK_MESSAGE    0x20000000
+#define SSM_REPLY_ERR_MESSAGE   0x30000000
+#define SSM_EVENT_MESSAGE       0x40000000
+
+/* Message types */
+#define SSM_DATA_CONNECTION   0x00001000
+#define SSM_OBJECT_SIGNING    0x00002000
+#define SSM_RESOURCE_ACTION   0x00003000
+#define SSM_CERT_ACTION       0x00004000
+#define SSM_PKCS11_ACTION     0x00005000
+#define SSM_CRMF_ACTION       0x00006000
+#define SSM_FORMSIGN_ACTION   0x00007000
+#define SSM_LOCALIZED_TEXT    0x00008000
+#define SSM_HELLO_MESSAGE     0x00009000
+#define SSM_SECURITY_ADVISOR  0x0000a000
+#define SSM_SEC_CFG_ACTION    0x0000b000
+#define SSM_KEYGEN_TAG        0x0000c000
+#define SSM_PREF_ACTION       0x0000d000
+#define SSM_MISC_ACTION       0x0000f000
+
+/* Data connection messages subtypes */ 
+#define SSM_SSL_CONNECTION      0x00000100
+#define SSM_PKCS7DECODE_STREAM  0x00000200
+#define SSM_PKCS7ENCODE_STREAM  0x00000300
+#define SSM_HASH_STREAM         0x00000400
+#define SSM_TLS_CONNECTION      0x00000500
+#define SSM_PROXY_CONNECTION    0x00000600
+
+/* Object signing message subtypes */
+#define SSM_VERIFY_RAW_SIG      0x00000100
+#define SSM_VERIFY_DETACHED_SIG 0x00000200
+#define SSM_CREATE_SIGNED       0x00000300
+#define SSM_CREATE_ENCRYPTED    0x00000400
+
+/* Resource access messages subtypes  */
+#define SSM_CREATE_RESOURCE           0x00000100
+#define SSM_DESTROY_RESOURCE          0x00000200
+#define SSM_GET_ATTRIBUTE             0x00000300
+#define SSM_CONSERVE_RESOURCE         0x00000400
+#define SSM_DUPLICATE_RESOURCE        0x00000500
+#define SSM_SET_ATTRIBUTE             0x00000600
+#define SSM_TLS_STEPUP                0x00000700
+#define SSM_PROXY_STEPUP              0x00000800
+
+/* Further specification for resource access messages */
+#define SSM_SSLSocket_Status    0x00000010
+
+#define SSM_NO_ATTRIBUTE        0x00000000
+#define SSM_NUMERIC_ATTRIBUTE   0x00000010
+#define SSM_STRING_ATTRIBUTE    0x00000020
+#define SSM_RID_ATTRIBUTE       0x00000030
+
+#define SSM_PICKLE_RESOURCE             0x00000010
+#define SSM_UNPICKLE_RESOURCE           0x00000020
+#define SSM_PICKLE_SECURITY_STATUS      0x00000030
+
+/* Certificate access message subtypes */
+#define SSM_IMPORT_CERT         0x00000100
+#define SSM_VERIFY_CERT         0x00000200
+#define SSM_FIND_BY_NICKNAME    0x00000300
+#define SSM_FIND_BY_KEY         0x00000400
+#define SSM_FIND_BY_EMAILADDR   0x00000500
+#define SSM_ADD_TO_DB           0x00000600
+#define SSM_DECODE_CERT         0x00000700
+#define SSM_MATCH_USER_CERT     0x00000800
+#define SSM_DESTROY_CERT        0x00000900
+#define SSM_DECODE_TEMP_CERT    0x00000a00
+#define SSM_REDIRECT_COMPARE    0x00000b00
+#define SSM_DECODE_CRL          0x00000c00
+#define SSM_EXTENSION_VALUE     0x00000d00
+#define SSM_HTML_INFO           0x00000e00
+
+/* message subtypes used for KEYGEN form tag */
+#define SSM_GET_KEY_CHOICE       0x00000100
+#define SSM_KEYGEN_START         0x00000200
+#define SSM_KEYGEN_TOKEN         0x00000300
+#define SSM_KEYGEN_PASSWORD      0x00000400
+#define SSM_KEYGEN_DONE          0x00000500
+
+#define SSM_CREATE_KEY_PAIR    0x00000100
+#define SSM_FINISH_KEY_GEN     0x00000200
+#define SSM_ADD_NEW_MODULE     0x00000300
+#define SSM_DEL_MODULE         0x00000400
+#define SSM_LOGOUT_ALL         0x00000500
+#define SSM_ENABLED_CIPHERS    0x00000600
+
+#define SSM_CREATE_CRMF_REQ    0x00000100
+#define SSM_DER_ENCODE_REQ     0x00000200
+#define SSM_PROCESS_CMMF_RESP  0x00000300
+#define SSM_CHALLENGE          0x00000400
+
+#define SSM_SIGN_TEXT  0x00000100
+
+/* Security Config subtypes */
+#define SSM_ADD_CERT_TO_TEMP_DB     0x00000100
+#define SSM_ADD_TEMP_CERT_TO_DB     0x00000200
+#define SSM_DELETE_PERM_CERTS       0x00000300
+#define SSM_FIND_CERT_KEY           0x00000400
+#define SSM_GET_CERT_PROP_BY_KEY    0x00000500
+#define SSM_CERT_INDEX_ENUM         0x00000600
+
+/* subcategories for SSM_FIND_CERT_KEY and SSM_CERT_INDEX_ENUM */
+#define SSM_FIND_KEY_BY_NICKNAME    0x00000010
+#define SSM_FIND_KEY_BY_EMAIL_ADDR  0x00000020
+#define SSM_FIND_KEY_BY_DN          0x00000030
+
+/* subcategories for SSM_GET_CERT_PROP_BY_KEY */
+#define SSM_SECCFG_GET_NICKNAME      0x00000010
+#define SSM_SECCFG_GET_EMAIL_ADDR    0x00000020
+#define SSM_SECCFG_GET_DN            0x00000030
+#define SSM_SECCFG_GET_TRUST         0x00000040
+#define SSM_SECCFG_CERT_IS_PERM      0x00000050
+#define SSM_SECCFG_GET_NOT_BEFORE    0x00000060
+#define SSM_SECCFG_GET_NOT_AFTER     0x00000070
+#define SSM_SECCFG_GET_SERIAL_NO     0x00000080
+#define SSM_SECCFG_GET_ISSUER        0x00000090
+#define SSM_SECCFG_GET_ISSUER_KEY    0x000000a0
+#define SSM_SECCFG_GET_SUBJECT_NEXT  0x000000b0
+#define SSM_SECCFG_GET_SUBJECT_PREV  0x000000c0
+
+/* Misc requests */
+#define SSM_MISC_GET_RNG_DATA      0x00000100
+#define SSM_MISC_PUT_RNG_DATA      0x00000200
+#define SSM_MISC_SDR_ENCRYPT       0x00000300
+#define SSM_MISC_SDR_DECRYPT       0x00000400
+#define SSM_MISC_UI                0x00000500
+
+/* specific UI requests */
+#define SSM_UI_CHANGE_PASSWORD     0x00000010
+
+#define SSM_SDR_ENCRYPT_REQUEST \
+  (SSM_REQUEST_MESSAGE|SSM_MISC_ACTION|SSM_MISC_SDR_ENCRYPT)
+#define SSM_SDR_ENCRYPT_REPLY \
+  (SSM_REPLY_OK_MESSAGE|SSM_MISC_ACTION|SSM_MISC_SDR_ENCRYPT)
+#define SSM_SDR_DECRYPT_REQUEST \
+  (SSM_REQUEST_MESSAGE|SSM_MISC_ACTION|SSM_MISC_SDR_DECRYPT)
+#define SSM_SDR_DECRYPT_REPLY \
+  (SSM_REPLY_OK_MESSAGE|SSM_MISC_ACTION|SSM_MISC_SDR_DECRYPT)
+
+/* Type masks for message types */
+#define SSM_CATEGORY_MASK   0xF0000000
+#define SSM_TYPE_MASK       0x0000F000
+#define SSM_SUBTYPE_MASK    0x00000F00
+#define SSM_SPECIFIC_MASK   0x000000F0
+
+typedef struct SSMAttributeValue {
+  CMUint32 type;
+  union {
+    SSMResourceID rid;
+    CMTItem string;
+    CMInt32 numeric;
+  } u;
+} SSMAttributeValue;
+
+typedef enum {
+  rsaEnc, rsaDualUse, rsaSign, rsaNonrepudiation, rsaSignNonrepudiation,
+  dhEx, dsaSignNonrepudiation, dsaSign, dsaNonrepudiation, invalidKeyGen
+} SSMKeyGenType;
+
+typedef enum {
+  ssmUnknownPolicy= -1,ssmDomestic=0, ssmExport=1, ssmFrance=2
+} SSMPolicyType;
+
+/* These are the localized strings that PSM can feed back to 
+ * the plug-in.  These will initially be used by the plug-in for 
+ * JavaScript purposes to pop up alert/confirm dialogs that would 
+ * cause nightmares to do if we sent UI events.
+ */
+typedef enum {
+  SSM_STRING_BAD_PK11_LIB_PARAM,
+  SSM_STRING_BAD_PK11_LIB_PATH,
+  SSM_STRING_ADD_MOD_SUCCESS,
+  SSM_STRING_DUP_MOD_FAILURE,
+  SSM_STRING_ADD_MOD_FAILURE,
+  SSM_STRING_BAD_MOD_NAME,
+  SSM_STRING_EXT_MOD_DEL,
+  SSM_STRING_INT_MOD_DEL,
+  SSM_STRING_MOD_DEL_FAIL,
+  SSM_STRING_ADD_MOD_WARN,
+  SSM_STRING_MOD_PROMPT,
+  SSM_STRING_DLL_PROMPT,
+  SSM_STRING_DEL_MOD_WARN,
+  SSM_STRING_INVALID_CRL,
+  SSM_STRING_INVALID_CKL,
+  SSM_STRING_ROOT_CKL_CERT_NOT_FOUND,
+  SSM_STRING_BAD_CRL_SIGNATURE,
+  SSM_STRING_BAD_CKL_SIGNATURE,
+  SSM_STRING_ERR_ADD_CRL,
+  SSM_STRING_ERR_ADD_CKL,
+  SSM_STRING_JAVASCRIPT_DISABLED
+} SSMLocalizedString;
+
+/* Event types */
+#define SSM_UI_EVENT                    0x00001000
+#define SSM_TASK_COMPLETED_EVENT        0x00002000
+#define SSM_FILE_PATH_EVENT             0x00003000
+#define SSM_PROMPT_EVENT                0x00004000
+#define SSM_AUTH_EVENT                  0x00007000
+#define SSM_SAVE_PREF_EVENT             0x00008000
+#define SSM_MISC_EVENT                  0x0000f000
+
+/* Flags used in Create SSL Data request */
+#define SSM_REQUEST_SSL_DATA_SSL         0x00000001
+#define SSM_REQUEST_SSL_DATA_PROXY       0x00000002
+#define SSM_REQUEST_SSL_CONNECTION_MASK  0x00000003
+
+/* Create typedefs for the various #defines */
+typedef CMUint32 SSMMessageCategory;
+typedef CMUint32 SSMMessageType;
+typedef CMUint32 SSMDataConnectionSType;
+typedef CMUint32 SSMObjSignSType;
+typedef CMUint32 SSMResourceAccessSType;
+typedef CMUint32 SSMCreateResource;
+typedef CMUint32 SSMResourceAttrType;
+typedef CMUint32 SSMResourceConsv;
+typedef CMUint32 SSMCertAccessSType;
+typedef CMUint32 SSMKeyGenTagProcessType;
+typedef CMUint32 SSMPKCS11Actions;
+typedef CMUint32 SSMCRMFAction;
+typedef CMUint32 SSMFormSignAction;
+typedef CMUint32 SSMSecCfgAction;
+typedef CMUint32 SSMSecCfgFindByType;
+typedef CMUint32 SSMSecCfgGetCertPropType;
+typedef CMUint32 SSMMiscRequestType;
+typedef CMUint32 SSMMessageMaskType;
+typedef CMUint32 SSMEventType;
+typedef CMUint32 SSMSSLConnectionRequestType;
+
+/*
+ * This string is version that can be used to assemble any
+ * version information by the apllication using the protocol 
+ * library.
+ */
+extern char SSMVersionString[];
+#ifdef __cplusplus
+extern "C" {
+char * SSM_GetVersionString(void);
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+/* What type of client */
+typedef enum
+{
+    SSM_NOINFO,
+    SSM_COMPOSE,
+    SSM_MAIL_MESSAGE,
+    SSM_NEWS_MESSAGE,
+    SSM_SNEWS_MESSAGE,
+    SSM_BROWSER
+} SSMClientType;
+
+#endif /* __SSMDEFS_H__ */

mozilla/security/psm/lib/protocol/templates.c

@@ -0,0 +1,628 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#include "stddef.h"
+#include "messages.h"
+
+CMTMessageTemplate SingleNumMessageTemplate[] =
+{
+  { CMT_DT_INT, offsetof(SingleNumMessage, value) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate SingleStringMessageTemplate[] =
+{
+  { CMT_DT_STRING, offsetof(SingleStringMessage, string) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate SingleItemMessageTemplate[] =
+{
+  { CMT_DT_ITEM, offsetof(SingleItemMessage, item) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate HelloRequestTemplate[] =
+{
+  { CMT_DT_INT, offsetof(HelloRequest, version) },
+  { CMT_DT_INT, offsetof(HelloRequest, policy) },
+  { CMT_DT_BOOL, offsetof(HelloRequest, doesUI) },
+  { CMT_DT_STRING, offsetof(HelloRequest, profile) },
+  { CMT_DT_STRING, offsetof(HelloRequest, profileDir) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate HelloReplyTemplate[] =
+{
+  { CMT_DT_INT, offsetof(HelloReply, result) },
+  { CMT_DT_INT, offsetof(HelloReply, sessionID) },
+  { CMT_DT_INT, offsetof(HelloReply, version) },
+  { CMT_DT_STRING, offsetof(HelloReply, stringVersion) },
+  { CMT_DT_INT, offsetof(HelloReply, httpPort) },
+  { CMT_DT_INT, offsetof(HelloReply, policy) },
+  { CMT_DT_ITEM, offsetof(HelloReply, nonce) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate SSLDataConnectionRequestTemplate[] =
+{
+  { CMT_DT_INT, offsetof(SSLDataConnectionRequest, flags) },
+  { CMT_DT_INT, offsetof(SSLDataConnectionRequest, port) },
+  { CMT_DT_STRING, offsetof(SSLDataConnectionRequest, hostIP) },
+  { CMT_DT_STRING, offsetof(SSLDataConnectionRequest, hostName) },
+  { CMT_DT_BOOL, offsetof(SSLDataConnectionRequest, forceHandshake) },
+  { CMT_DT_ITEM, offsetof(SSLDataConnectionRequest, clientContext) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate TLSDataConnectionRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(TLSDataConnectionRequest, port) },
+    { CMT_DT_STRING, offsetof(TLSDataConnectionRequest, hostIP) },
+    { CMT_DT_STRING, offsetof(TLSDataConnectionRequest, hostName) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate TLSStepUpRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(TLSStepUpRequest, connID) },
+    { CMT_DT_ITEM, offsetof(TLSStepUpRequest, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate ProxyStepUpRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(ProxyStepUpRequest, connID) },
+    { CMT_DT_ITEM, offsetof(ProxyStepUpRequest, clientContext) },
+    { CMT_DT_STRING, offsetof(ProxyStepUpRequest, url) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PKCS7DataConnectionRequestTemplate[] =
+{
+  { CMT_DT_INT, offsetof(PKCS7DataConnectionRequest, resID) },
+  { CMT_DT_ITEM, offsetof(PKCS7DataConnectionRequest, clientContext) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate DataConnectionReplyTemplate[] =
+{
+  { CMT_DT_INT, offsetof(DataConnectionReply, result) },
+  { CMT_DT_INT, offsetof(DataConnectionReply, connID) },
+  { CMT_DT_INT, offsetof(DataConnectionReply, port) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate UIEventTemplate[] =
+{
+    { CMT_DT_INT, offsetof(UIEvent, resourceID) },
+    { CMT_DT_INT, offsetof(UIEvent, width) },
+    { CMT_DT_INT, offsetof(UIEvent, height) },
+    { CMT_DT_BOOL, offsetof(UIEvent, isModal) },
+    { CMT_DT_STRING, offsetof(UIEvent, url) },
+    { CMT_DT_ITEM, offsetof(UIEvent, clientContext) },
+    { CMT_DT_END }
+};
+
+/*
+ * The old UI Event was missing the modal indication.
+ * As a transition aid, we use the old template if the
+ * "modern" version doesn't work.  Model is true in that case
+ */
+CMTMessageTemplate OldUIEventTemplate[] =
+{
+    { CMT_DT_INT, offsetof(UIEvent, resourceID) },
+    { CMT_DT_INT, offsetof(UIEvent, width) },
+    { CMT_DT_INT, offsetof(UIEvent, height) },
+    { CMT_DT_STRING, offsetof(UIEvent, url) },
+    { CMT_DT_ITEM, offsetof(UIEvent, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate TaskCompletedEventTemplate[] =
+{
+    { CMT_DT_INT, offsetof(TaskCompletedEvent, resourceID) },
+    { CMT_DT_INT, offsetof(TaskCompletedEvent, numTasks) },
+    { CMT_DT_INT, offsetof(TaskCompletedEvent, result) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate VerifyDetachedSigRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(VerifyDetachedSigRequest, pkcs7ContentID) },
+    { CMT_DT_INT, offsetof(VerifyDetachedSigRequest, certUsage) },
+    { CMT_DT_INT, offsetof(VerifyDetachedSigRequest, hashAlgID) },
+    { CMT_DT_BOOL, offsetof(VerifyDetachedSigRequest, keepCert) },
+    { CMT_DT_ITEM, offsetof(VerifyDetachedSigRequest, hash) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateSignedRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(CreateSignedRequest, scertRID) },
+    { CMT_DT_INT, offsetof(CreateSignedRequest, ecertRID) },
+    { CMT_DT_INT, offsetof(CreateSignedRequest, dig_alg) },
+    { CMT_DT_ITEM, offsetof(CreateSignedRequest, digest) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateContentInfoReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(CreateContentInfoReply, ciRID) },
+    { CMT_DT_INT, offsetof(CreateContentInfoReply, result) },
+    { CMT_DT_INT, offsetof(CreateContentInfoReply, errorCode) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateEncryptedRequestTemplate[] =
+{
+  { CMT_DT_INT, offsetof(CreateEncryptedRequest, scertRID) },
+  { CMT_DT_LIST, offsetof(CreateEncryptedRequest, nrcerts) },
+  { CMT_DT_INT, offsetof(CreateEncryptedRequest, rcertRIDs) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateResourceRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(CreateResourceRequest, type) },
+    { CMT_DT_ITEM, offsetof(CreateResourceRequest, params) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateResourceReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(CreateResourceReply, result) },
+    { CMT_DT_INT, offsetof(CreateResourceReply, resID) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetAttribRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(GetAttribRequest, resID) },
+    { CMT_DT_INT, offsetof(GetAttribRequest, fieldID) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetAttribReplyTemplate[] =
+{
+  { CMT_DT_INT, offsetof(GetAttribReply, result) },
+  { CMT_DT_CHOICE, offsetof(GetAttribReply, value.type) },
+  { CMT_DT_RID, offsetof(GetAttribReply, value.u.rid), 0, SSM_RID_ATTRIBUTE },
+  { CMT_DT_INT, offsetof(GetAttribReply, value.u.numeric), 0,
+    SSM_NUMERIC_ATTRIBUTE },
+  { CMT_DT_ITEM, offsetof(GetAttribReply, value.u.string), 0,
+    SSM_STRING_ATTRIBUTE},
+  { CMT_DT_END_CHOICE },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate SetAttribRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(SetAttribRequest, resID) },
+    { CMT_DT_INT, offsetof(SetAttribRequest, fieldID) },
+    { CMT_DT_CHOICE, offsetof(SetAttribRequest, value.type) },
+    { CMT_DT_RID, offsetof(SetAttribRequest, value.u.rid), 0, SSM_RID_ATTRIBUTE },
+    { CMT_DT_INT, offsetof(SetAttribRequest, value.u.numeric), 0,
+                            SSM_NUMERIC_ATTRIBUTE },
+    { CMT_DT_ITEM, offsetof(SetAttribRequest, value.u.string), 0,
+                            SSM_STRING_ATTRIBUTE},
+    { CMT_DT_END_CHOICE },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PickleResourceReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PickleResourceReply, result) },
+    { CMT_DT_ITEM, offsetof(PickleResourceReply, blob) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate UnpickleResourceRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(UnpickleResourceRequest, resourceType) },
+    { CMT_DT_ITEM, offsetof(UnpickleResourceRequest, resourceData) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate UnpickleResourceReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(UnpickleResourceReply, result) },
+    { CMT_DT_INT, offsetof(UnpickleResourceReply, resID) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PickleSecurityStatusReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PickleSecurityStatusReply, result) },
+    { CMT_DT_INT, offsetof(PickleSecurityStatusReply, securityLevel) },
+    { CMT_DT_ITEM, offsetof(PickleSecurityStatusReply, blob) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate DupResourceReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(DupResourceReply, result) },
+    { CMT_DT_RID, offsetof(DupResourceReply, resID), 0, SSM_RID_ATTRIBUTE },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate DestroyResourceRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(DestroyResourceRequest, resID) },
+    { CMT_DT_INT, offsetof(DestroyResourceRequest, resType) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate VerifyCertRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(VerifyCertRequest, resID) },
+    { CMT_DT_INT, offsetof(VerifyCertRequest, certUsage) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate AddTempCertToDBRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(AddTempCertToDBRequest, resID) },
+    { CMT_DT_STRING, offsetof(AddTempCertToDBRequest, nickname) },
+    { CMT_DT_INT, offsetof(AddTempCertToDBRequest, sslFlags) },
+    { CMT_DT_INT, offsetof(AddTempCertToDBRequest, emailFlags) },
+    { CMT_DT_INT, offsetof(AddTempCertToDBRequest, objSignFlags) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate MatchUserCertRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(MatchUserCertRequest, certType) },
+    { CMT_DT_LIST, offsetof(MatchUserCertRequest, numCANames) },
+    { CMT_DT_STRING, offsetof(MatchUserCertRequest, caNames) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate MatchUserCertReplyTemplate[] =
+{
+    { CMT_DT_LIST, offsetof(MatchUserCertReply, numCerts) },
+    { CMT_DT_INT, offsetof(MatchUserCertReply, certs) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate EncodeCRMFReqRequestTemplate[] =
+{
+    { CMT_DT_LIST, offsetof(EncodeCRMFReqRequest, numRequests) },
+    { CMT_DT_INT, offsetof(EncodeCRMFReqRequest, reqIDs) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CMMFCertResponseRequestTemplate[] =
+{
+    { CMT_DT_STRING, offsetof(CMMFCertResponseRequest, nickname) },
+    { CMT_DT_STRING, offsetof(CMMFCertResponseRequest, base64Der) },
+    { CMT_DT_INT,    offsetof(CMMFCertResponseRequest, doBackup) },
+    { CMT_DT_ITEM,   offsetof(CMMFCertResponseRequest, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PasswordRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PasswordRequest, tokenKey) },
+    { CMT_DT_STRING, offsetof(PasswordRequest, prompt) },
+    { CMT_DT_ITEM, offsetof(PasswordRequest, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PasswordReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PasswordReply, result) },
+    { CMT_DT_INT, offsetof(PasswordReply, tokenID) },
+    { CMT_DT_STRING, offsetof(PasswordReply, passwd) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate KeyPairGenRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(KeyPairGenRequest, keyGenCtxtID) },
+    { CMT_DT_INT, offsetof(KeyPairGenRequest, genMechanism) },
+    { CMT_DT_INT, offsetof(KeyPairGenRequest, keySize) },
+    { CMT_DT_ITEM, offsetof(KeyPairGenRequest, params) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate DecodeAndCreateTempCertRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(DecodeAndCreateTempCertRequest, type) },
+    { CMT_DT_ITEM, offsetof(DecodeAndCreateTempCertRequest, cert) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStyleRequestTemplate[] =
+{
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleRequest, choiceString) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleRequest, challenge) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleRequest, typeString) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleRequest, pqgString) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStyleTokenRequestTemplate[] = 
+{
+    { CMT_DT_INT,  offsetof(GenKeyOldStyleTokenRequest, rid)       },
+    { CMT_DT_LIST,  offsetof(GenKeyOldStyleTokenRequest, numtokens) },
+    { CMT_DT_STRING,offsetof(GenKeyOldStyleTokenRequest, tokenNames)},
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStyleTokenReplyTemplate[] = 
+{
+    { CMT_DT_INT, offsetof(GenKeyOldStyleTokenReply, rid) },
+    { CMT_DT_BOOL, offsetof(GenKeyOldStyleTokenReply, cancel) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleTokenReply, tokenName) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStylePasswordRequestTemplate[] = 
+{
+    { CMT_DT_INT, offsetof(GenKeyOldStylePasswordRequest, rid) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStylePasswordRequest, tokenName) },
+    { CMT_DT_BOOL, offsetof(GenKeyOldStylePasswordRequest, internal) },
+    { CMT_DT_INT, offsetof(GenKeyOldStylePasswordRequest, minpwdlen) },
+    { CMT_DT_INT, offsetof(GenKeyOldStylePasswordRequest, maxpwdlen) }, 
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStylePasswordReplyTemplate[] = 
+{
+    { CMT_DT_INT, offsetof(GenKeyOldStylePasswordReply, rid) },
+    { CMT_DT_BOOL, offsetof(GenKeyOldStylePasswordReply, cancel) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStylePasswordReply, password) },
+    { CMT_DT_END }
+};
+
+
+CMTMessageTemplate GetKeyChoiceListRequestTemplate[] =
+{
+    { CMT_DT_STRING, offsetof(GetKeyChoiceListRequest, type) },
+    { CMT_DT_STRING, offsetof(GetKeyChoiceListRequest, pqgString) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetKeyChoiceListReplyTemplate[] =
+{
+    { CMT_DT_LIST, offsetof(GetKeyChoiceListReply, nchoices) },
+    { CMT_DT_STRING, offsetof(GetKeyChoiceListReply, choices) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate AddNewSecurityModuleRequestTemplate[] =
+{
+    { CMT_DT_STRING, offsetof(AddNewSecurityModuleRequest, moduleName) },
+    { CMT_DT_STRING, offsetof(AddNewSecurityModuleRequest, libraryPath) },
+    { CMT_DT_INT, offsetof(AddNewSecurityModuleRequest, pubMechFlags) },
+    { CMT_DT_INT, offsetof(AddNewSecurityModuleRequest, pubCipherFlags) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate FilePathRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(FilePathRequest, resID) },
+    { CMT_DT_STRING, offsetof(FilePathRequest, prompt) },
+    { CMT_DT_BOOL, offsetof(FilePathRequest, getExistingFile) },
+    { CMT_DT_STRING, offsetof(FilePathRequest, fileRegEx) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate FilePathReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(FilePathReply, resID) },
+    { CMT_DT_STRING, offsetof(FilePathReply, filePath) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PasswordPromptReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PasswordPromptReply, resID) },
+    { CMT_DT_STRING, offsetof(PasswordPromptReply, promptReply) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SignTextRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(SignTextRequest, resID) },
+    { CMT_DT_STRING, offsetof(SignTextRequest, stringToSign) },
+    { CMT_DT_STRING, offsetof(SignTextRequest, hostName) },
+    { CMT_DT_STRING, offsetof(SignTextRequest, caOption) },
+    { CMT_DT_LIST, offsetof(SignTextRequest, numCAs) },
+    { CMT_DT_STRING, offsetof(SignTextRequest, caNames) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetLocalizedTextReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(GetLocalizedTextReply, whichString) },
+    { CMT_DT_STRING, offsetof(GetLocalizedTextReply, localizedString) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate ImportCertReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(ImportCertReply, result) },
+    { CMT_DT_INT, offsetof(ImportCertReply, resID) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PromptRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PromptRequest, resID) },
+    { CMT_DT_STRING, offsetof(PromptRequest, prompt) },
+    { CMT_DT_ITEM, offsetof(PromptRequest, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PromptReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PromptReply, resID) },
+    { CMT_DT_BOOL, offsetof(PromptReply, cancel) },
+    { CMT_DT_STRING, offsetof(PromptReply, promptReply) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate RedirectCompareRequestTemplate[] =
+{
+    { CMT_DT_ITEM, offsetof(RedirectCompareRequest, socketStatus1Data) },
+    { CMT_DT_ITEM, offsetof(RedirectCompareRequest, socketStatus2Data) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate DecodeAndAddCRLRequestTemplate[] = 
+{
+    { CMT_DT_ITEM,   offsetof(DecodeAndAddCRLRequest, derCrl) },
+    { CMT_DT_INT,    offsetof(DecodeAndAddCRLRequest, type)   },
+    { CMT_DT_STRING, offsetof(DecodeAndAddCRLRequest, url)    },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SecurityAdvisorRequestTemplate[] =
+{
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, infoContext) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, resID) },
+    { CMT_DT_STRING, offsetof(SecurityAdvisorRequest, hostname) },
+    { CMT_DT_STRING, offsetof(SecurityAdvisorRequest, senderAddr) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, encryptedP7CInfo) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, signedP7CInfo) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, decodeError) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, verifyError) },
+    { CMT_DT_BOOL,   offsetof(SecurityAdvisorRequest, encryptthis) },
+    { CMT_DT_BOOL,   offsetof(SecurityAdvisorRequest, signthis) },
+    { CMT_DT_LIST,	offsetof(SecurityAdvisorRequest, numRecipients) },
+    { CMT_DT_STRING, offsetof(SecurityAdvisorRequest, recipients) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SCAddTempCertToPermDBRequestTemplate[] =
+{
+    { CMT_DT_ITEM, offsetof(SCAddTempCertToPermDBRequest, certKey) },
+    { CMT_DT_STRING, offsetof(SCAddTempCertToPermDBRequest, trustStr) },
+    { CMT_DT_STRING, offsetof(SCAddTempCertToPermDBRequest, nickname) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SCDeletePermCertsRequestTemplate[] =
+{
+    { CMT_DT_ITEM, offsetof(SCDeletePermCertsRequest, certKey) },
+    { CMT_DT_BOOL, offsetof(SCDeletePermCertsRequest, deleteAll) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate TimeMessageTemplate[] =
+{
+    { CMT_DT_INT, offsetof(TimeMessage, year) },
+    { CMT_DT_INT, offsetof(TimeMessage, month) },
+    { CMT_DT_INT, offsetof(TimeMessage, day) },
+    { CMT_DT_INT, offsetof(TimeMessage, hour) },
+    { CMT_DT_INT, offsetof(TimeMessage, minute) },
+    { CMT_DT_INT, offsetof(TimeMessage, second) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SCCertIndexEnumReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(SCCertIndexEnumReply, length) },
+    { CMT_DT_STRUCT_PTR, offsetof(SCCertIndexEnumReply, list) },
+    { CMT_DT_STRING, offsetof(CertEnumElement, name) },
+    { CMT_DT_ITEM, offsetof(CertEnumElement, certKey) },
+    { CMT_DT_END_STRUCT_LIST },
+    { CMT_DT_END }
+};
+
+/* Test template */
+
+CMTMessageTemplate TestListTemplate[] = 
+{
+	{ CMT_DT_STRING, offsetof(TestList, listName) },
+	{ CMT_DT_STRUCT_LIST, offsetof(TestList, numElements) },
+	{ CMT_DT_STRUCT_PTR, offsetof(TestList, elements) },
+	{ CMT_DT_STRING, offsetof(TestListElement, name) },
+	{ CMT_DT_STRING, offsetof(TestListElement, value) },
+	{ CMT_DT_END_STRUCT_LIST},
+	{ CMT_DT_END}
+};
+
+CMTMessageTemplate SetPrefListMessageTemplate[] =
+{
+    { CMT_DT_STRUCT_LIST, offsetof(SetPrefListMessage, length) },
+    { CMT_DT_STRUCT_PTR, offsetof(SetPrefListMessage, list) },
+    { CMT_DT_STRING, offsetof(SetPrefElement, key) },
+    { CMT_DT_STRING, offsetof(SetPrefElement, value) },
+    { CMT_DT_INT, offsetof(SetPrefElement, type) },
+    { CMT_DT_END_STRUCT_LIST },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetPrefListRequestTemplate[] =
+{
+    { CMT_DT_STRUCT_LIST, offsetof(GetPrefListRequest, length) },
+    { CMT_DT_STRUCT_PTR, offsetof(GetPrefListRequest, list) },
+    { CMT_DT_STRING, offsetof(GetPrefElement, key) },
+    { CMT_DT_INT, offsetof(GetPrefElement, type) },
+    { CMT_DT_END_STRUCT_LIST },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetCertExtensionTemplate[] =
+{
+    { CMT_DT_INT, offsetof(GetCertExtension, resID) },
+    { CMT_DT_INT, offsetof(GetCertExtension, extension) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate HTMLCertInfoRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(HTMLCertInfoRequest, certID) },
+    { CMT_DT_INT, offsetof(HTMLCertInfoRequest, showImages) },
+    { CMT_DT_INT, offsetof(HTMLCertInfoRequest, showIssuer) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate EncryptRequestTemplate[] =
+{
+  { CMT_DT_ITEM, offsetof(EncryptRequestMessage, keyid) },
+  { CMT_DT_ITEM, offsetof(EncryptRequestMessage, data) },
+  { CMT_DT_ITEM, offsetof(EncryptRequestMessage, ctx) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate DecryptRequestTemplate[] =
+{
+  { CMT_DT_ITEM, offsetof(DecryptRequestMessage, data) },
+  { CMT_DT_ITEM, offsetof(DecryptRequestMessage, ctx) },
+  { CMT_DT_END }
+};

mozilla/security/psm/macbuild/PSM.Prefix

@@ -0,0 +1,4 @@
+/* Optimized prefix */
+#include "MacPrefix.h"
+#include "NSSCommon.h"
+#include "PSMCommon.h"

mozilla/security/psm/macbuild/PSM.exp

@@ -0,0 +1,3 @@
+SSM_CreateAndRegisterThread
+SSM_KillAllThreads
+RunMacPSM

mozilla/security/psm/macbuild/PSMCommon.h

@@ -0,0 +1,2 @@
+/* placeholder until we figure out what defines we need for PSM */
+/* #define HAVE_LONG_LONG */

mozilla/security/psm/macbuild/PSMDebug.Prefix

@@ -0,0 +1,4 @@
+/* Optimized prefix */
+#include "MacPrefix_debug.h"
+#include "NSSCommon.h"
+#include "PSMCommon.h"

mozilla/security/psm/makefile.win

@@ -0,0 +1,27 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..
+include <$(DEPTH)/config/config.mak>
+
+DIRS = lib
+
+include <$(DEPTH)\config\rules.mak>

mozilla/security/psm/manifest.mn

@@ -0,0 +1,40 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+CORE_DEPTH = ..
+DEPTH      = ..
+
+RELEASE = security
+
+DIRS = lib ui server
+
+

mozilla/security/psm/server/Makefile

@@ -0,0 +1,295 @@
+#! gmake
+#
+#           CONFIDENTIAL AND PROPRIETARY SOURCE CODE OF
+#              NETSCAPE COMMUNICATIONS CORPORATION
+# Copyright ¨ 1996, 1997 Netscape Communications Corporation.  All Rights
+# Reserved.  Use of this Source Code is subject to the terms of the
+# applicable license agreement from Netscape Communications Corporation.
+# The copyright notice(s) in this Source Code does not indicate actual or
+# intended publication of this Source Code.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+ifdef MOZILLA_SECURITY_BUILD
+# LDAP library
+LDAPSDK_SNAPSHOT = 19981116D
+LDAPSDK_ROOTDIR = components/ldapsdk31
+
+# Linux 2.2 overrides
+ifeq ($(OS_ARCH), Linux)
+ifeq ($(OS_RELEASE), 2.2)
+LDAPSDK_SNAPSHOT = 19991122E
+endif
+endif
+
+# Compute LDAPSDK location
+# - To use USE_LOCAL_LDAPSDK copy the correct version to your tree
+# - This will be mozilla/security for MOZILLA_SECURITY_BUILD=1
+ifdef USE_LOCAL_LDAPSDK
+LDAPSDK_LOC = $(CORE_DEPTH)/ldapsdk
+else
+ifeq ($(OS_ARCH), WINNT)
+LDAPSDK_LOC = \\\\IRIDIUM/$(LDAPSDK_ROOTDIR)/$(LDAPSDK_SNAPSHOT)
+else
+LDAPSDK_LOC = /share/builds/$(LDAPSDK_ROOTDIR)/$(LDAPSDK_SNAPSHOT)
+endif
+endif
+
+# Compute LDAPSDK_PLATFORM
+#  - on WINNT force the platform to a WINNT directory, since that is what
+#  - is release by the ldapsdk team.  This allows an OS_TARGET of WIN95 while
+#  - building on WINNT
+ifeq ($(OS_ARCH), WINNT)
+LDAPSDK_PLATFORM = WINNT$(OS_RELEASE)$(OBJDIR_TAG).OBJ
+else
+LDAPSDK_PLATFORM = $(PLATFORM)
+endif
+
+LDAPSDKDIST = $(LDAPSDK_LOC)/$(LDAPSDK_PLATFORM)
+
+endif
+
+ifneq ($(OS_ARCH), WINNT)
+ifeq ($(OS_ARCH), Linux)
+# On linux, we link with libstdc++ (we're always using egcs on linux, right?)
+CPLUSPLUSRUNTIME = -L /usr/lib -lstdc++ -lm
+else
+# libC, presumably, is what we must link with elsewhere
+CPLUSPLUSRUNTIME = -lC -lm
+endif
+endif
+
+INCLUDES += -I$(LDAPSDKDIST)/include -I$(CORE_DEPTH)/../dist/public/nlslayer
+
+ifeq ($(OS_ARCH), SunOS)
+ifeq ($(OS_RELEASE), 5.5.1)
+OS_LIBS += -ldl -lsocket -lnsl -lthread -lposix4
+endif
+ifeq ($(OS_RELEASE), 5.6)
+OS_LIBS += -ldl -lsocket -lnsl -lthread -lposix4
+endif
+endif
+
+ifeq ($(OS_ARCH), Linux)
+ifdef USE_PTHREADS
+# Replace OS_LIBS, because the order of libpthread, libdl, and libc are
+# very important. Otherwise you get horrible crashes.
+OS_LIBS = -lpthread -ldl -lc
+endif
+endif
+
+# Adding HP-UX Specific Fixes
+ifeq ($(OS_ARCH), HP-UX)
+ifdef USE_PTHREADS
+OS_LIBS += -lpthread
+endif
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+ifdef NSM_TIMEBOMB
+CFLAGS += -DTIMEBOMB
+export::
+	gmake -f timebomb.mk export libs run
+endif
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+# can't do this in manifest.mn because OS_ARCH isn't defined there.
+ifeq ($(OS_ARCH), WINNT)
+
+NSPR_STUB_LIBS = \
+	$(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4.lib \
+	$(DIST)/lib/$(NSPR31_LIB_PREFIX)plds4.lib \
+	$(DIST)/lib/$(NSPR31_LIB_PREFIX)nspr4.lib
+
+NSPR_DYNAMIC_LIBS = \
+	$(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4.dll \
+	$(DIST)/lib/$(NSPR31_LIB_PREFIX)plds4.dll \
+	$(DIST)/lib/$(NSPR31_LIB_PREFIX)nspr4.dll
+
+NSPR_LIBS = $(NSPR_DYNAMIC_LIBS)
+
+I18N_COMPONENTS = \
+	$(DIST)/lib/necko.dll \
+	$(DIST)/lib/strres.dll \
+	$(DIST)/lib/ucharuti.dll \
+	$(DIST)/lib/uconv.dll \
+	$(DIST)/lib/ucvlatin.dll \
+	$(DIST)/lib/nslocale.dll \
+	$(NULL)
+
+XPCOM_LIBS = \
+	$(DIST)/lib/zlib.dll \
+	$(DIST)/lib/mozreg.dll \
+	$(DIST)/lib/xpcom.dll \
+	$(NULL)
+
+EXTRA_LIBS = \
+	$(DIST)/lib/ssl.lib \
+	$(DIST)/lib/nss.lib \
+	$(DIST)/lib/ssl.lib \
+	$(DIST)/lib/crmf.lib \
+	$(DIST)/lib/pkcs12.lib \
+	$(DIST)/lib/pkcs7.lib \
+	$(DIST)/lib/certhi.lib \
+	$(DIST)/lib/pk11wrap.lib \
+	$(DIST)/lib/cryptohi.lib \
+	$(DIST)/lib/certhi.lib \
+	$(DIST)/lib/pk11wrap.lib \
+	$(DIST)/lib/softoken.lib \
+	$(DIST)/lib/certdb.lib \
+	$(DIST)/lib/secutil.lib \
+	$(DIST)/lib/crypto.lib \
+	$(DIST)/lib/freebl.lib \
+	$(DIST)/lib/dbm.lib \
+	$(DIST)/lib/protocol.lib \
+	$(DIST)/lib/nlslayer.lib \
+	$(DIST)/lib/xpcom.lib \
+	$(NSPR_STUB_LIBS) \
+	$(LDAPSDKDIST)/lib/nsldaps32v30.lib \
+	wsock32.lib \
+	winmm.lib \
+	advapi32.lib \
+	$(NULL)
+
+
+ifeq ($(BUILD_OPT), 1)
+EXTRA_LIBS += $(DIST)/lib/xpcombase_s.lib
+endif
+
+else
+
+# Removing Hardcoded shared lib suffixes so that HP-UX Builds
+NSPR_LIBS = \
+	$(DIST)/lib/libplc4.$(DLL_SUFFIX) \
+	$(DIST)/lib/libplds4.$(DLL_SUFFIX) \
+	$(DIST)/lib/libnspr4.$(DLL_SUFFIX)
+
+I18N_COMPONENTS = \
+	$(DIST)/lib/libnecko.$(DLL_SUFFIX) \
+	$(DIST)/lib/libstrres.$(DLL_SUFFIX) \
+	$(DIST)/lib/libunicharutil.$(DLL_SUFFIX) \
+	$(DIST)/lib/libuconv.$(DLL_SUFFIX) \
+	$(DIST)/lib/libucvlatin.$(DLL_SUFFIX) \
+	$(DIST)/lib/libnslocale.$(DLL_SUFFIX) \
+	$(NULL)
+
+XPCOM_LIBS = \
+	$(DIST)/lib/libxpcom.$(DLL_SUFFIX) \
+	$(NULL)
+
+ifeq ($(OS_ARCH), SunOS)
+NSPR_LINK_LIBS = -L$(DIST)/lib -Bdynamic -lnspr4 -lplc4 -lplds4
+XPCOM_LINK_LIBS = -lxpcom
+else
+NSPR_LINK_LIBS = $(NSPR_LIBS)
+XPCOM_LINK_LIBS	= $(XPCOM_LIBS)
+endif
+
+# Adding HP-UX Specific Fixes
+ifeq ($(OS_ARCH), HP-UX)
+NSPR_LINK_LIBS = -L$(DIST)/lib -shared -lnspr4 -lplc4 -lplds4
+XPCOM_LINK_LIBS = -lxpcom
+endif
+
+EXTRA_LIBS += \
+        $(DIST)/lib/libssl.a \
+        $(DIST)/lib/libnss.a \
+        $(DIST)/lib/libssl.a \
+        $(DIST)/lib/libcrmf.a \
+        $(DIST)/lib/libpkcs12.a \
+        $(DIST)/lib/libpkcs7.a \
+        $(DIST)/lib/libcerthi.a \
+        $(DIST)/lib/libpk11wrap.a \
+        $(DIST)/lib/libcryptohi.a \
+        $(DIST)/lib/libcerthi.a \
+        $(DIST)/lib/libpk11wrap.a \
+        $(DIST)/lib/libsoftoken.a \
+        $(DIST)/lib/libcertdb.a \
+        $(DIST)/lib/libcrypto.a \
+        $(DIST)/lib/libfreebl.a \
+        $(DIST)/lib/libsecutil.a \
+        $(DIST)/lib/libcrypto.a \
+        $(DIST)/lib/libdbm.a \
+        $(DIST)/lib/libprotocol.a \
+	$(DIST)/lib/libnlslayer.a \
+	$(NSPR_LINK_LIBS) \
+	$(XPCOM_LINK_LIBS) \
+	$(CPLUSPLUSRUNTIME) \
+	$(LDAPSDKDIST)/lib/libldap30.a \
+	$(NULL)
+
+endif
+
+release_md::
+	$(NSINSTALL) -m 644 $(NSPR_LIBS) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_BIN_DIR)
+	$(NSINSTALL) -m 644 ../ui/$(PLATFORM)/psm*.properties $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_BIN_DIR)/ui 
+	$(NSINSTALL) -m 644 ../doc/*.htm ../doc/*.html ../doc/*.gif $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_BIN_DIR)/doc
+	$(NSINSTALL) -m 644 $(XPCOM_LIBS) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_BIN_DIR)
+	$(NSINSTALL) -m 644 $(I18N_COMPONENTS) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_BIN_DIR)/components
+ifneq ($(OS_ARCH), WINNT)
+	$(NSINSTALL) -m 775 start-psm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_BIN_DIR)
+endif
+
+
+install::
+	$(NSINSTALL) -m 644 ../ui/$(PLATFORM)/psm*.properties $(PLATFORM)/ui
+	$(NSINSTALL) -m 644 ../doc/*.gif ../doc/*.html ../doc/*.htm $(PLATFORM)/doc
+	$(NSINSTALL) -m 644 $(XPCOM_LIBS) $(PLATFORM)
+	$(NSINSTALL) -m 644 $(I18N_COMPONENTS) $(PLATFORM)/components
+	$(NSINSTALL) -m 644 $(NSPR_LIBS) $(PLATFORM)
+ifneq ($(OS_ARCH), WINNT)
+	$(NSINSTALL) -m 775 start-psm $(PLATFORM)
+endif
+
+link:
+	if test -f $(PROGRAM); then	\
+		echo "rm $(PROGRAM)";	\
+		rm $(PROGRAM);		\
+	fi;				\
+	gmake				\
+
+patch: $(PROGRAM)
+#	if test ! -f $(DIST)/bin/plcypatch$(PROG_SUFFIX); then	\
+#		gmake import;					\
+#	fi;
+#	-$(DIST)/bin/plcypatch $(PLCYPATCH_ARGS) $(PROGRAM)
+
+# Files required for .xpi file
+#   - psm
+#   - nspr libraries
+#   - i18n libraries
+#   - xpcom libraries
+#   - subdirectories (ui, do)

mozilla/security/psm/server/NSPRerrs.h

@@ -0,0 +1,101 @@
+/* General NSPR 2.0 errors */
+/* Caller must #include "prerror.h" */
+
+ER2( PR_OUT_OF_MEMORY_ERROR, 	"Memory allocation attempt failed." )
+ER2( PR_BAD_DESCRIPTOR_ERROR, 	"Invalid file descriptor." )
+ER2( PR_WOULD_BLOCK_ERROR, 	"The operation would have blocked." )
+ER2( PR_ACCESS_FAULT_ERROR, 	"Invalid memory address argument." )
+ER2( PR_INVALID_METHOD_ERROR, 	"Invalid function for file type." )
+ER2( PR_ILLEGAL_ACCESS_ERROR, 	"Invalid memory address argument." )
+ER2( PR_UNKNOWN_ERROR, 		"Some unknown error has occurred." )
+ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." )
+ER2( PR_NOT_IMPLEMENTED_ERROR, 	"function not implemented." )
+ER2( PR_IO_ERROR, 		"I/O function error." )
+ER2( PR_IO_TIMEOUT_ERROR, 	"I/O operation timed out." )
+ER2( PR_IO_PENDING_ERROR, 	"I/O operation on busy file descriptor." )
+ER2( PR_DIRECTORY_OPEN_ERROR, 	"The directory could not be opened." )
+ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." )
+ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." )
+ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." )
+ER2( PR_IS_CONNECTED_ERROR, 	"Already connected." )
+ER2( PR_BAD_ADDRESS_ERROR, 	"Network address is invalid." )
+ER2( PR_ADDRESS_IN_USE_ERROR, 	"Local Network address is in use." )
+ER2( PR_CONNECT_REFUSED_ERROR, 	"Connection refused by peer." )
+ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." )
+ER2( PR_CONNECT_TIMEOUT_ERROR, 	"Connection attempt timed out." )
+ER2( PR_NOT_CONNECTED_ERROR, 	"Network file descriptor is not connected." )
+ER2( PR_LOAD_LIBRARY_ERROR, 	"Failure to load dynamic library." )
+ER2( PR_UNLOAD_LIBRARY_ERROR, 	"Failure to unload dynamic library." )
+ER2( PR_FIND_SYMBOL_ERROR, 	
+"Symbol not found in any of the loaded dynamic libraries." )
+ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
+ER2( PR_DIRECTORY_LOOKUP_ERROR, 	
+"A directory lookup on a network address has failed." )
+ER2( PR_TPD_RANGE_ERROR, 		
+"Attempt to access a TPD key that is out of range." )
+ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
+ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
+ER2( PR_NOT_SOCKET_ERROR, 	
+"Network operation attempted on non-network file descriptor." )
+ER2( PR_NOT_TCP_SOCKET_ERROR, 	
+"TCP-specific function attempted on a non-TCP file descriptor." )
+ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
+ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
+ER2( PR_OPERATION_NOT_SUPPORTED_ERROR, 
+"The requested operation is not supported by the platform." )
+ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR, 
+"The host operating system does not support the protocol requested." )
+ER2( PR_REMOTE_FILE_ERROR, 	"Access to the remote file has been severed." )
+ER2( PR_BUFFER_OVERFLOW_ERROR, 	
+"The value requested is too large to be stored in the data buffer provided." )
+ER2( PR_CONNECT_RESET_ERROR, 	"TCP connection reset by peer." )
+ER2( PR_RANGE_ERROR, 		"Unused." )
+ER2( PR_DEADLOCK_ERROR, 	"The operation would have deadlocked." )
+ER2( PR_FILE_IS_LOCKED_ERROR, 	"The file is already locked." )
+ER2( PR_FILE_TOO_BIG_ERROR, 	
+"Write would result in file larger than the system allows." )
+ER2( PR_NO_DEVICE_SPACE_ERROR, 	"The device for storing the file is full." )
+ER2( PR_PIPE_ERROR, 		"Unused." )
+ER2( PR_NO_SEEK_DEVICE_ERROR, 	"Unused." )
+ER2( PR_IS_DIRECTORY_ERROR, 	
+"Cannot perform a normal file operation on a directory." )
+ER2( PR_LOOP_ERROR, 		"Symbolic link loop." )
+ER2( PR_NAME_TOO_LONG_ERROR, 	"File name is too long." )
+ER2( PR_FILE_NOT_FOUND_ERROR, 	"File not found." )
+ER2( PR_NOT_DIRECTORY_ERROR, 	
+"Cannot perform directory operation on a normal file." )
+ER2( PR_READ_ONLY_FILESYSTEM_ERROR, 
+"Cannot write to a read-only file system." )
+ER2( PR_DIRECTORY_NOT_EMPTY_ERROR, 
+"Cannot delete a directory that is not empty." )
+ER2( PR_FILESYSTEM_MOUNTED_ERROR, 
+"Cannot delete or rename a file object while the file system is busy." )
+ER2( PR_NOT_SAME_DEVICE_ERROR, 	
+"Cannot rename a file to a file system on another device." )
+ER2( PR_DIRECTORY_CORRUPTED_ERROR, 
+"The directory object in the file system is corrupted." )
+ER2( PR_FILE_EXISTS_ERROR, 	
+"Cannot create or rename a filename that already exists." )
+ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR, 
+"Directory is full.  No additional filenames may be added." )
+ER2( PR_INVALID_DEVICE_STATE_ERROR, 
+"The required device was in an invalid state." )
+ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )
+ER2( PR_NO_MORE_FILES_ERROR, 	"No more entries in the directory." )
+ER2( PR_END_OF_FILE_ERROR, 	"Encountered end of file." )
+ER2( PR_FILE_SEEK_ERROR, 	"Seek error." )
+ER2( PR_FILE_IS_BUSY_ERROR, 	"The file is busy." )
+ER2( PR_IN_PROGRESS_ERROR,
+"Operation is still in progress (probably a non-blocking connect)." )
+ER2( PR_ALREADY_INITIATED_ERROR,
+"Operation has already been initiated (probably a non-blocking connect)." )
+
+#ifdef PR_GROUP_EMPTY_ERROR
+ER2( PR_GROUP_EMPTY_ERROR, 	"The wait group is empty." )
+#endif
+
+#ifdef PR_INVALID_STATE_ERROR
+ER2( PR_INVALID_STATE_ERROR, 	"Object state improper for request." )
+#endif
+
+ER2( PR_MAX_ERROR, 		"Placeholder for the end of the list" )

mozilla/security/psm/server/SECerrs.h

@@ -0,0 +1,385 @@
+/* General security error codes  */
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/* Caller must #include "secerr.h" */
+
+
+ER3(SEC_ERROR_IO,				SEC_ERROR_BASE + 0,
+"An I/O error occurred during security authorization.")
+
+ER3(SEC_ERROR_LIBRARY_FAILURE,			SEC_ERROR_BASE + 1,
+"security library failure.")
+
+ER3(SEC_ERROR_BAD_DATA,				SEC_ERROR_BASE + 2,
+"security library: received bad data.")
+
+ER3(SEC_ERROR_OUTPUT_LEN,			SEC_ERROR_BASE + 3,
+"security library: output length error.")
+
+ER3(SEC_ERROR_INPUT_LEN,			SEC_ERROR_BASE + 4,
+"security library has experienced an input length error.")
+
+ER3(SEC_ERROR_INVALID_ARGS,			SEC_ERROR_BASE + 5,
+"security library: invalid arguments.")
+
+ER3(SEC_ERROR_INVALID_ALGORITHM,		SEC_ERROR_BASE + 6,
+"security library: invalid algorithm.")
+
+ER3(SEC_ERROR_INVALID_AVA,			SEC_ERROR_BASE + 7,
+"security library: invalid AVA.")
+
+ER3(SEC_ERROR_INVALID_TIME,			SEC_ERROR_BASE + 8,
+"security library: invalid time.")
+
+ER3(SEC_ERROR_BAD_DER,				SEC_ERROR_BASE + 9,
+"security library: improperly formatted DER-encoded message.")
+
+ER3(SEC_ERROR_BAD_SIGNATURE,			SEC_ERROR_BASE + 10,
+"Peer's certificate has an invalid signature.")
+
+ER3(SEC_ERROR_EXPIRED_CERTIFICATE,		SEC_ERROR_BASE + 11,
+"Peer's Certificate has expired.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE,		SEC_ERROR_BASE + 12,
+"Peer's Certificate has been revoked.")
+
+ER3(SEC_ERROR_UNKNOWN_ISSUER,			SEC_ERROR_BASE + 13,
+"Peer's Certificate issuer is not recognized.")
+
+ER3(SEC_ERROR_BAD_KEY,				SEC_ERROR_BASE + 14,
+"Peer's public key is invalid.")
+
+ER3(SEC_ERROR_BAD_PASSWORD,			SEC_ERROR_BASE + 15,
+"The security password entered is incorrect.")
+
+ER3(SEC_ERROR_RETRY_PASSWORD,			SEC_ERROR_BASE + 16,
+"New password entered incorrectly.  Please try again.")
+
+ER3(SEC_ERROR_NO_NODELOCK,			SEC_ERROR_BASE + 17,
+"security library: no nodelock.")
+
+ER3(SEC_ERROR_BAD_DATABASE,			SEC_ERROR_BASE + 18,
+"security library: bad database.")
+
+ER3(SEC_ERROR_NO_MEMORY,			SEC_ERROR_BASE + 19,
+"security library: memory allocation failure.")
+
+ER3(SEC_ERROR_UNTRUSTED_ISSUER,			SEC_ERROR_BASE + 20,
+"Peer's certificate issuer has been marked as not trusted by the user.")
+
+ER3(SEC_ERROR_UNTRUSTED_CERT,			SEC_ERROR_BASE + 21,
+"Peer's certificate has been marked as not trusted by the user.")
+
+ER3(SEC_ERROR_DUPLICATE_CERT,			(SEC_ERROR_BASE + 22),
+"Certificate already exists in your database.")
+
+ER3(SEC_ERROR_DUPLICATE_CERT_NAME,		(SEC_ERROR_BASE + 23),
+"Downloaded certificate's name duplicates one already in your database.")
+
+ER3(SEC_ERROR_ADDING_CERT,			(SEC_ERROR_BASE + 24),
+"Error adding certificate to database.")
+
+ER3(SEC_ERROR_FILING_KEY,			(SEC_ERROR_BASE + 25),
+"Error refiling the key for this certificate.")
+
+ER3(SEC_ERROR_NO_KEY,				(SEC_ERROR_BASE + 26),
+"The private key for this certificate cannot be found in key database")
+
+ER3(SEC_ERROR_CERT_VALID,			(SEC_ERROR_BASE + 27),
+"This certificate is valid.")
+
+ER3(SEC_ERROR_CERT_NOT_VALID,			(SEC_ERROR_BASE + 28),
+"This certificate is not valid.")
+
+ER3(SEC_ERROR_CERT_NO_RESPONSE,			(SEC_ERROR_BASE + 29),
+"Cert Library: No Response")
+
+ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE,	(SEC_ERROR_BASE + 30),
+"The certificate issuer's certificate has expired.  Check your system date and time.")
+
+ER3(SEC_ERROR_CRL_EXPIRED,			(SEC_ERROR_BASE + 31),
+"The CRL for the certificate's issuer has expired.  Update it or check your system data and time.")
+
+ER3(SEC_ERROR_CRL_BAD_SIGNATURE,		(SEC_ERROR_BASE + 32),
+"The CRL for the certificate's issuer has an invalid signature.")
+
+ER3(SEC_ERROR_CRL_INVALID,			(SEC_ERROR_BASE + 33),
+"New CRL has an invalid format.")
+
+ER3(SEC_ERROR_EXTENSION_VALUE_INVALID,		(SEC_ERROR_BASE + 34),
+"Certificate extension value is invalid.")
+
+ER3(SEC_ERROR_EXTENSION_NOT_FOUND,		(SEC_ERROR_BASE + 35),
+"Certificate extension not found.")
+
+ER3(SEC_ERROR_CA_CERT_INVALID,			(SEC_ERROR_BASE + 36),
+"Issuer certificate is invalid.")
+   
+ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID,	(SEC_ERROR_BASE + 37),
+"Certificate path length constraint is invalid.")
+
+ER3(SEC_ERROR_CERT_USAGES_INVALID,		(SEC_ERROR_BASE + 38),
+"Certificate usages field is invalid.")
+
+ER3(SEC_INTERNAL_ONLY,				(SEC_ERROR_BASE + 39),
+"**Internal ONLY module**")
+
+ER3(SEC_ERROR_INVALID_KEY,			(SEC_ERROR_BASE + 40),
+"The key does not support the requested operation.")
+
+ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION,	(SEC_ERROR_BASE + 41),
+"Certificate contains unknown critical extension.")
+
+ER3(SEC_ERROR_OLD_CRL,				(SEC_ERROR_BASE + 42),
+"New CRL is not later than the current one.")
+
+ER3(SEC_ERROR_NO_EMAIL_CERT,			(SEC_ERROR_BASE + 43),
+"Not encrypted or signed: you do not yet have an email certificate.")
+
+ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY,		(SEC_ERROR_BASE + 44),
+"Not encrypted: you do not have certificates for each of the recipients.")
+
+ER3(SEC_ERROR_NOT_A_RECIPIENT,			(SEC_ERROR_BASE + 45),
+"Cannot decrypt: you are not a recipient, or matching certificate and \
+private key not found.")
+
+ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH,		(SEC_ERROR_BASE + 46),
+"Cannot decrypt: key encryption algorithm does not match your certificate.")
+
+ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE,		(SEC_ERROR_BASE + 47),
+"Signature verification failed: no signer found, too many signers found, \
+or improper or corrupted data.")
+
+ER3(SEC_ERROR_UNSUPPORTED_KEYALG,		(SEC_ERROR_BASE + 48),
+"Unsupported or unknown key algorithm.")
+
+ER3(SEC_ERROR_DECRYPTION_DISALLOWED,		(SEC_ERROR_BASE + 49),
+"Cannot decrypt: encrypted using a disallowed algorithm or key size.")
+
+
+/* Fortezza Alerts */
+ER3(XP_SEC_FORTEZZA_BAD_CARD,			(SEC_ERROR_BASE + 50),
+"Fortezza card has not been properly initialized.  \
+Please remove it and return it to your issuer.")
+
+ER3(XP_SEC_FORTEZZA_NO_CARD,			(SEC_ERROR_BASE + 51),
+"No Fortezza cards Found")
+
+ER3(XP_SEC_FORTEZZA_NONE_SELECTED,		(SEC_ERROR_BASE + 52),
+"No Fortezza card selected")
+
+ER3(XP_SEC_FORTEZZA_MORE_INFO,			(SEC_ERROR_BASE + 53),
+"Please select a personality to get more info on")
+
+ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND,		(SEC_ERROR_BASE + 54),
+"Personality not found")
+
+ER3(XP_SEC_FORTEZZA_NO_MORE_INFO,		(SEC_ERROR_BASE + 55),
+"No more information on that Personality")
+
+ER3(XP_SEC_FORTEZZA_BAD_PIN,			(SEC_ERROR_BASE + 56),
+"Invalid Pin")
+
+ER3(XP_SEC_FORTEZZA_PERSON_ERROR,		(SEC_ERROR_BASE + 57),
+"Couldn't initialize Fortezza personalities.")
+/* end fortezza alerts. */
+
+ER3(SEC_ERROR_NO_KRL,				(SEC_ERROR_BASE + 58),
+"No KRL for this site's certificate has been found.")
+
+ER3(SEC_ERROR_KRL_EXPIRED,			(SEC_ERROR_BASE + 59),
+"The KRL for this site's certificate has expired.")
+
+ER3(SEC_ERROR_KRL_BAD_SIGNATURE,		(SEC_ERROR_BASE + 60),
+"The KRL for this site's certificate has an invalid signature.")
+
+ER3(SEC_ERROR_REVOKED_KEY,			(SEC_ERROR_BASE + 61),
+"The key for this site's certificate has been revoked.")
+
+ER3(SEC_ERROR_KRL_INVALID,			(SEC_ERROR_BASE + 62),
+"New KRL has an invalid format.")
+
+ER3(SEC_ERROR_NEED_RANDOM,			(SEC_ERROR_BASE + 63),
+"security library: need random data.")
+
+ER3(SEC_ERROR_NO_MODULE,			(SEC_ERROR_BASE + 64),
+"security library: no security module can perform the requested operation.")
+
+ER3(SEC_ERROR_NO_TOKEN,				(SEC_ERROR_BASE + 65),
+"The security card or token does not exist, needs to be initialized, or has been removed.")
+
+ER3(SEC_ERROR_READ_ONLY,			(SEC_ERROR_BASE + 66),
+"security library: read-only database.")
+
+ER3(SEC_ERROR_NO_SLOT_SELECTED,			(SEC_ERROR_BASE + 67),
+"No slot or token was selected.")
+
+ER3(SEC_ERROR_CERT_NICKNAME_COLLISION,		(SEC_ERROR_BASE + 68),
+"A certificate with the same nickname already exists.")
+
+ER3(SEC_ERROR_KEY_NICKNAME_COLLISION,		(SEC_ERROR_BASE + 69),
+"A key with the same nickname already exists.")
+
+ER3(SEC_ERROR_SAFE_NOT_CREATED,			(SEC_ERROR_BASE + 70),
+"error while creating safe object")
+
+ER3(SEC_ERROR_BAGGAGE_NOT_CREATED,		(SEC_ERROR_BASE + 71),
+"error while creating baggage object")
+
+ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR,		(SEC_ERROR_BASE + 72),
+"Couldn't remove the principal")
+
+ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR,		(SEC_ERROR_BASE + 73),
+"Couldn't delete the privilege")
+
+ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR,		(SEC_ERROR_BASE + 74),
+"This principal doesn't have a certificate")
+
+ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM,		(SEC_ERROR_BASE + 75),
+"Required algorithm is not allowed.")
+
+ER3(SEC_ERROR_EXPORTING_CERTIFICATES,		(SEC_ERROR_BASE + 76),
+"Error attempting to export certificates.")
+
+ER3(SEC_ERROR_IMPORTING_CERTIFICATES,		(SEC_ERROR_BASE + 77),
+"Error attempting to import certificates.")
+
+ER3(SEC_ERROR_PKCS12_DECODING_PFX,		(SEC_ERROR_BASE + 78),
+"Unable to import.  Decoding error.  File not valid.")
+
+ER3(SEC_ERROR_PKCS12_INVALID_MAC,		(SEC_ERROR_BASE + 79),
+"Unable to import.  Invalid MAC.  Incorrect password or corrupt file.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM,	(SEC_ERROR_BASE + 80),
+"Unable to import.  MAC algorithm not supported.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81),
+"Unable to import.  Only password integrity and privacy modes supported.")
+
+ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE,	(SEC_ERROR_BASE + 82),
+"Unable to import.  File structure is corrupt.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
+"Unable to import.  Encryption algorithm not supported.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION,	(SEC_ERROR_BASE + 84),
+"Unable to import.  File version not supported.")
+
+ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85),
+"Unable to import.  Incorrect privacy password.")
+
+ER3(SEC_ERROR_PKCS12_CERT_COLLISION,		(SEC_ERROR_BASE + 86),
+"Unable to import.  Same nickname already exists in database.")
+
+ER3(SEC_ERROR_USER_CANCELLED,			(SEC_ERROR_BASE + 87),
+"The user pressed cancel.")
+
+ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA,		(SEC_ERROR_BASE + 88),
+"Not imported, already in database.")
+
+ER3(SEC_ERROR_MESSAGE_SEND_ABORTED,		(SEC_ERROR_BASE + 89),
+"Message not sent.")
+
+ER3(SEC_ERROR_INADEQUATE_KEY_USAGE,		(SEC_ERROR_BASE + 90),
+"Certificate key usage inadequate for attempted operation.")
+
+ER3(SEC_ERROR_INADEQUATE_CERT_TYPE,		(SEC_ERROR_BASE + 91),
+"Certificate type not approved for application.")
+
+ER3(SEC_ERROR_CERT_ADDR_MISMATCH,		(SEC_ERROR_BASE + 92),
+"Address in signing certificate does not match address in message headers.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY,	(SEC_ERROR_BASE + 93),
+"Unable to import.  Error attempting to import private key.")
+
+ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN,	(SEC_ERROR_BASE + 94),
+"Unable to import.  Error attempting to import certificate chain.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
+"Unable to export.  Unable to locate certificate or key by nickname.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY,	(SEC_ERROR_BASE + 96),
+"Unable to export.  Private Key could not be located and exported.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, 		(SEC_ERROR_BASE + 97),
+"Unable to export.  Unable to write the export file.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ,		(SEC_ERROR_BASE + 98),
+"Unable to import.  Unable to read the import file.")
+
+ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
+"Unable to export.  Key database corrupt or deleted.")
+
+ER3(SEC_ERROR_KEYGEN_FAIL,			(SEC_ERROR_BASE + 100),
+"Unable to generate public/private key pair.")
+
+ER3(SEC_ERROR_INVALID_PASSWORD,			(SEC_ERROR_BASE + 101),
+"Password entered is invalid.  Please pick a different one.")
+
+ER3(SEC_ERROR_RETRY_OLD_PASSWORD,		(SEC_ERROR_BASE + 102),
+"Old password entered incorrectly.  Please try again.")
+
+ER3(SEC_ERROR_BAD_NICKNAME,			(SEC_ERROR_BASE + 103),
+"Certificate nickname already in use.")
+
+ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER,       	(SEC_ERROR_BASE + 104),
+"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
+
+/* ER3(SEC_ERROR_UNKNOWN, 			(SEC_ERROR_BASE + 105), */
+
+ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, 		(SEC_ERROR_BASE + 106),
+"Invalid module name.")
+
+ER3(SEC_ERROR_JS_INVALID_DLL, 			(SEC_ERROR_BASE + 107),
+"Invalid module path/filename")
+
+ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, 		(SEC_ERROR_BASE + 108),
+"Unable to add module")
+
+ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, 		(SEC_ERROR_BASE + 109),
+"Unable to delete module")
+
+ER3(SEC_ERROR_OLD_KRL,	     			(SEC_ERROR_BASE + 110),
+"New KRL is not later than the current one.")
+ 
+ER3(SEC_ERROR_CKL_CONFLICT,	     		(SEC_ERROR_BASE + 111),
+"New CKL has different issuer than current CKL.  Delete current CKL.")
+
+#if 0 /* This was defined AFTER HCL 1.5 was released. */
+ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, 		(SEC_ERROR_BASE + 112),
+"The Certifying Authority for this certifcate is not permitted to issue a \
+certifcate with this name.")
+#endif
+
+
+

mozilla/security/psm/server/SSLerrs.h

@@ -0,0 +1,323 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/* SSL-specific security error codes  */
+/* caller must include "sslerr.h" */
+
+ER3(SSL_ERROR_EXPORT_ONLY_SERVER,			SSL_ERROR_BASE + 0,
+"Unable to communicate securely.  Peer does not support high-grade encryption.")
+
+ER3(SSL_ERROR_US_ONLY_SERVER,				SSL_ERROR_BASE + 1,
+"Unable to communicate securely.  Peer requires high-grade encryption which is not supported.")
+
+ER3(SSL_ERROR_NO_CYPHER_OVERLAP,			SSL_ERROR_BASE + 2,
+"Cannot communicate securely with peer: no common encryption algorithm(s).")
+
+ER3(SSL_ERROR_NO_CERTIFICATE,				SSL_ERROR_BASE + 3,
+"Unable to find the certificate or key necessary for authentication.")
+
+ER3(SSL_ERROR_BAD_CERTIFICATE,				SSL_ERROR_BASE + 4,
+"Unable to communicate securely with peer: peers's certificate was rejected.")
+
+/* unused						(SSL_ERROR_BASE + 5),*/
+
+ER3(SSL_ERROR_BAD_CLIENT,				SSL_ERROR_BASE + 6,
+"The server has encountered bad data from the client.")
+
+ER3(SSL_ERROR_BAD_SERVER,				SSL_ERROR_BASE + 7,
+"The client has encountered bad data from the server.")
+
+ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,		SSL_ERROR_BASE + 8,
+"Unsupported certificate type.")
+
+ER3(SSL_ERROR_UNSUPPORTED_VERSION,			SSL_ERROR_BASE + 9,
+"Peer using unsupported version of security protocol.")
+
+/* unused						(SSL_ERROR_BASE + 10),*/
+
+ER3(SSL_ERROR_WRONG_CERTIFICATE,			SSL_ERROR_BASE + 11,
+"Client authentication failed: private key in key database does not match public key in certificate database.")
+
+ER3(SSL_ERROR_BAD_CERT_DOMAIN,				SSL_ERROR_BASE + 12,
+"Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
+
+/* SSL_ERROR_POST_WARNING				(SSL_ERROR_BASE + 13),
+   defined in sslerr.h
+*/
+
+ER3(SSL_ERROR_SSL2_DISABLED,				(SSL_ERROR_BASE + 14),
+"Peer only supports SSL version 2, which is locally disabled.")
+
+
+ER3(SSL_ERROR_BAD_MAC_READ,				(SSL_ERROR_BASE + 15),
+"SSL received a record with an incorrect Message Authentication Code.")
+
+ER3(SSL_ERROR_BAD_MAC_ALERT,				(SSL_ERROR_BASE + 16),
+"SSL peer reports incorrect Message Authentication Code.")
+
+ER3(SSL_ERROR_BAD_CERT_ALERT,				(SSL_ERROR_BASE + 17),
+"SSL peer cannot verify your certificate.")
+
+ER3(SSL_ERROR_REVOKED_CERT_ALERT,			(SSL_ERROR_BASE + 18),
+"SSL peer rejected your certificate as revoked.")
+
+ER3(SSL_ERROR_EXPIRED_CERT_ALERT,			(SSL_ERROR_BASE + 19),
+"SSL peer rejected your certificate as expired.")
+
+ER3(SSL_ERROR_SSL_DISABLED,				(SSL_ERROR_BASE + 20),
+"Cannot connect: SSL is disabled.")
+
+ER3(SSL_ERROR_FORTEZZA_PQG,				(SSL_ERROR_BASE + 21),
+"Cannot connect: SSL peer is in another FORTEZZA domain.")
+
+
+ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE          , (SSL_ERROR_BASE + 22),
+"An unknown SSL cipher suite has been requested.")
+
+ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED          , (SSL_ERROR_BASE + 23),
+"No cipher suites are present and enabled in this program.")
+
+ER3(SSL_ERROR_BAD_BLOCK_PADDING             , (SSL_ERROR_BASE + 24),
+"SSL received a record with bad block padding.")
+
+ER3(SSL_ERROR_RX_RECORD_TOO_LONG            , (SSL_ERROR_BASE + 25),
+"SSL received a record that exceeded the maximum permissible length.")
+
+ER3(SSL_ERROR_TX_RECORD_TOO_LONG            , (SSL_ERROR_BASE + 26),
+"SSL attempted to send a record that exceeded the maximum permissible length.")
+
+/*
+ * Received a malformed (too long or short or invalid content) SSL handshake.
+ */
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST    , (SSL_ERROR_BASE + 27),
+"SSL received a malformed Hello Request handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO     , (SSL_ERROR_BASE + 28),
+"SSL received a malformed Client Hello handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO     , (SSL_ERROR_BASE + 29),
+"SSL received a malformed Server Hello handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE      , (SSL_ERROR_BASE + 30),
+"SSL received a malformed Certificate handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH  , (SSL_ERROR_BASE + 31),
+"SSL received a malformed Server Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST     , (SSL_ERROR_BASE + 32),
+"SSL received a malformed Certificate Request handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE       , (SSL_ERROR_BASE + 33),
+"SSL received a malformed Server Hello Done handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY      , (SSL_ERROR_BASE + 34),
+"SSL received a malformed Certificate Verify handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH  , (SSL_ERROR_BASE + 35),
+"SSL received a malformed Client Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_FINISHED         , (SSL_ERROR_BASE + 36),
+"SSL received a malformed Finished handshake message.")
+
+/*
+ * Received a malformed (too long or short) SSL record.
+ */
+ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER    , (SSL_ERROR_BASE + 37),
+"SSL received a malformed Change Cipher Spec record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_ALERT            , (SSL_ERROR_BASE + 38),
+"SSL received a malformed Alert record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE        , (SSL_ERROR_BASE + 39),
+"SSL received a malformed Handshake record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40),
+"SSL received a malformed Application Data record.")
+
+/*
+ * Received an SSL handshake that was inappropriate for the state we're in.
+ * E.g. Server received message from server, or wrong state in state machine.
+ */
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST   , (SSL_ERROR_BASE + 41),
+"SSL received an unexpected Hello Request handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO    , (SSL_ERROR_BASE + 42),
+"SSL received an unexpected Client Hello handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO    , (SSL_ERROR_BASE + 43),
+"SSL received an unexpected Server Hello handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE     , (SSL_ERROR_BASE + 44),
+"SSL received an unexpected Certificate handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45),
+"SSL received an unexpected Server Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST    , (SSL_ERROR_BASE + 46),
+"SSL received an unexpected Certificate Request handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE      , (SSL_ERROR_BASE + 47),
+"SSL received an unexpected Server Hello Done handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY     , (SSL_ERROR_BASE + 48),
+"SSL received an unexpected Certificate Verify handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49),
+"SSL received an unexpected Cllient Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED        , (SSL_ERROR_BASE + 50),
+"SSL received an unexpected Finished handshake message.")
+
+/*
+ * Received an SSL record that was inappropriate for the state we're in.
+ */
+ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER   , (SSL_ERROR_BASE + 51),
+"SSL received an unexpected Change Cipher Spec record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_ALERT           , (SSL_ERROR_BASE + 52),
+"SSL received an unexpected Alert record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE       , (SSL_ERROR_BASE + 53),
+"SSL received an unexpected Handshake record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54),
+"SSL received an unexpected Application Data record.")
+
+/*
+ * Received record/message with unknown discriminant.
+ */
+ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE        , (SSL_ERROR_BASE + 55),
+"SSL received a record with an unknown content type.")
+
+ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE          , (SSL_ERROR_BASE + 56),
+"SSL received a handshake message with an unknown message type.")
+
+ER3(SSL_ERROR_RX_UNKNOWN_ALERT              , (SSL_ERROR_BASE + 57),
+"SSL received an alert record with an unknown alert description.")
+
+/*
+ * Received an alert reporting what we did wrong.  (more alerts above)
+ */
+ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT            , (SSL_ERROR_BASE + 58),
+"SSL peer has closed this connection.")
+
+ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT    , (SSL_ERROR_BASE + 59),
+"SSL peer was not expecting a handshake message it received.")
+
+ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT   , (SSL_ERROR_BASE + 60),
+"SSL peer was unable to succesfully decompress an SSL record it received.")
+
+ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT       , (SSL_ERROR_BASE + 61),
+"SSL peer was unable to negotiate an acceptable set of security parameters.")
+
+ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT       , (SSL_ERROR_BASE + 62),
+"SSL peer rejected a handshake message for unacceptable content.")
+
+ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT        , (SSL_ERROR_BASE + 63),
+"SSL peer does not support certificates of the type it received.")
+
+ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT     , (SSL_ERROR_BASE + 64),
+"SSL peer had some unspecified issue with the certificate it received.")
+
+
+ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE       , (SSL_ERROR_BASE + 65),
+"SSL experienced a failure of its random number generator.")
+
+ER3(SSL_ERROR_SIGN_HASHES_FAILURE           , (SSL_ERROR_BASE + 66),
+"Unable to digitally sign data required to verify your certificate.")
+
+ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE    , (SSL_ERROR_BASE + 67),
+"SSL was unable to extract the public key from the peer's certificate.")
+
+ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE   , (SSL_ERROR_BASE + 68),
+"Unspecified failure while processing SSL Server Key Exchange handshake.")
+
+ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE   , (SSL_ERROR_BASE + 69),
+"Unspecified failure while processing SSL Client Key Exchange handshake.")
+
+ER3(SSL_ERROR_ENCRYPTION_FAILURE            , (SSL_ERROR_BASE + 70),
+"Bulk data encryption algorithm failed in selected cipher suite.")
+
+ER3(SSL_ERROR_DECRYPTION_FAILURE            , (SSL_ERROR_BASE + 71),
+"Bulk data decryption algorithm failed in selected cipher suite.")
+
+ER3(SSL_ERROR_SOCKET_WRITE_FAILURE          , (SSL_ERROR_BASE + 72),
+"Attempt to write encrypted data to underlying socket failed.")
+
+ER3(SSL_ERROR_MD5_DIGEST_FAILURE            , (SSL_ERROR_BASE + 73),
+"MD5 digest function failed.")
+
+ER3(SSL_ERROR_SHA_DIGEST_FAILURE            , (SSL_ERROR_BASE + 74),
+"SHA-1 digest function failed.")
+
+ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE       , (SSL_ERROR_BASE + 75),
+"MAC computation failed.")
+
+ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE       , (SSL_ERROR_BASE + 76),
+"Failure to create Symmetric Key context.")
+
+ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE        , (SSL_ERROR_BASE + 77),
+"Failure to unwrap the Symmetric key in Client Key Exchange message.")
+
+ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED   , (SSL_ERROR_BASE + 78),
+"SSL Server attempted to use domestic-grade public key with export cipher suite.")
+
+ER3(SSL_ERROR_IV_PARAM_FAILURE              , (SSL_ERROR_BASE + 79),
+"PKCS11 code failed to translate an IV into a param.")
+
+ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE     , (SSL_ERROR_BASE + 80),
+"Failed to initialize the selected cipher suite.")
+
+ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE       , (SSL_ERROR_BASE + 81),
+"Client failed to generate session keys for SSL session.")
+
+ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG         , (SSL_ERROR_BASE + 82),
+"Server has no key for the attempted key exchange algorithm.")
+
+ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL       , (SSL_ERROR_BASE + 83),
+"PKCS#11 token was inserted or removed while operation was in progress.")
+
+ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND          , (SSL_ERROR_BASE + 84),
+"No PKCS#11 token could be found to do a required operation.")
+
+ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP        , (SSL_ERROR_BASE + 85),
+"Cannot communicate securely with peer: no common compression algorithm(s).")
+
+ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED       , (SSL_ERROR_BASE + 86),
+"Cannot initiate another SSL handshake until current handshake is complete.")
+
+ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE      , (SSL_ERROR_BASE + 87),
+"Received incorrect handshakes hash values from peer.")
+
+ER3(SSL_ERROR_CERT_KEA_MISMATCH             , (SSL_ERROR_BASE + 88),
+"The certificate provided cannot be used with the selected key exchange algorithm.")
+

mozilla/security/psm/server/advisor.h

@@ -0,0 +1,165 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __ADVISOR_H__
+#define __ADVISOR_H__
+/*
+  Security advisor object. We create this in order to determine what to show
+  in the generic "Security Info" pane, and to convey the right URL back to
+  the client for loading.
+
+  Created by mwelch 1999 February
+ */
+#include "resource.h"
+#include "ctrlconn.h"
+#include "certres.h"
+#include "p7cinfo.h"
+#include "slist.h"
+#include "sslskst.h"
+
+typedef struct InfoSecAdvisor
+{
+    PRInt32 infoContext;
+    PRInt32 resID;
+    char *hostname;
+	char *senderAddr;
+	PRUint32 encryptedP7CInfo;
+	PRUint32 signedP7CInfo;
+	PRInt32 decodeError;
+	PRInt32 verifyError;
+	PRInt32 encryptthis;
+	PRInt32 signthis;
+	PRInt32 numRecipients;
+	char **recipients;
+} InfoSecAdvisor;
+
+typedef struct SSMSecurityAdvisorContext
+{
+    SSMResource super;
+
+    /* Reference to Cartman object which we use to display 
+       "Security Info" pane */
+    SSMResource *m_infoSource;
+
+    /* Width and height of the security advisor window, 
+       loaded from resource file */
+    PRUint32 m_width, m_height;
+
+    /* Cached URL which we send back to client upon request */
+    char *m_url;
+
+    SSMSortedList *m_certhash;
+    PRIntn m_certsIncluded;
+
+    char *m_nickname;
+    PRInt32 infoContext;
+    PRInt32 resID;
+    char *hostname;
+	char *senderAddr;
+	PRUint32 encryptedP7CInfo;
+	PRUint32 signedP7CInfo;
+	PRInt32 decodeError;
+	PRInt32 verifyError;
+	PRInt32 encryptthis;
+	PRInt32 signthis;
+	PRInt32 numRecipients;
+	char **recipients;
+    char *selectedItemPage;
+	PRInt32 encrypted_b;
+	PRInt32 signed_b;
+	SSMP7ContentInfo * encryptedP7CInfoRes;
+	SSMP7ContentInfo * signedP7CInfoRes;
+    SSMSSLSocketStatus * socketStatus;
+#if 0
+    /* data for Java principals */
+    char* m_principalsData;
+#endif
+} SSMSecurityAdvisorContext;
+
+SSMStatus SSMSecurityAdvisorContext_Create(SSMControlConnection *ctrl,
+                                          InfoSecAdvisor *info, 
+                                          SSMResource **res);
+
+SSMStatus SSMSecurityAdvisorContext_Destroy(SSMResource *res, PRBool doFree);
+                                     
+void SSMSecurityAdvisorContext_Invariant(SSMSecurityAdvisorContext *ct);
+
+
+SSMStatus SSMSecurityAdvisorContext_GetAttrIDs(SSMResource *res,
+                                              SSMAttributeID **ids,
+                                              PRIntn *count);
+
+SSMStatus SSMSecurityAdvisorContext_GetAttr(SSMResource *res,
+                                           SSMAttributeID attrID,
+                                           SSMResourceAttrType attrType,
+                                           SSMAttributeValue *value);
+
+SSMStatus SSMSecurityAdvisorContext_SetAttr(SSMResource *res,
+                                  SSMAttributeID attrID,
+                                  SSMAttributeValue *value);
+
+SSMStatus SSMSecurityAdvisorContext_FormSubmitHandler(SSMResource *res,
+                                                      HTTPRequest *req);
+
+SSMStatus SSMSecurityAdvisorContext_Print(SSMResource *res,
+                                         char *fmt, PRIntn numParam,
+                                         char **value, char **resultStr);
+
+SSMStatus SSMSecurityAdvisorContext_DoPKCS12Response(HTTPRequest *req,
+                                           			const char  *responseKey);
+
+SSMStatus SSMSecurityAdvisorContext_DoPKCS12Restore(SSMSecurityAdvisorContext *res,
+													HTTPRequest               *req);
+
+SSMStatus SSMSecurityAdvisorContext_DoPKCS12Backup(SSMSecurityAdvisorContext *cx,
+                                              		HTTPRequest               *req);
+
+SSMStatus SSMSecurityAdvisorContext_Process_cert_mine_form(SSMSecurityAdvisorContext *res,
+                                                			HTTPRequest *req);
+SSMStatus SSMSecurityAdvisorContext_sa_selected_item(SSMTextGenContext* cx);
+
+SSMStatus SSM_FreeTarget(SSMTextGenContext *cx);
+
+SSMStatus 
+SSMSecurityAdvisorContext_GetPrefListKeywordHandler(SSMTextGenContext* cx);
+SSMStatus SSM_SetDBPasswordHandler(HTTPRequest * req);
+#if 0
+SSMStatus SSM_JavaPrincipalsKeywordHandler(SSMTextGenContext* cx);
+void SSM_HandleGetJavaPrincipalsReply(SSMControlConnection* ctrl,
+                                      SECItem* message);
+#endif
+SSMStatus SSM_RemovePrivilegesHandler(HTTPRequest* req);
+SSMStatus SSM_OCSPResponderList(SSMTextGenContext* cx);
+char* SSM_GetOCSPURL(CERTCertificate *cert, PrefSet *prefs);
+PRBool SSM_IsOCSPEnabled(SSMControlConnection *connection);
+#endif