This commit was manufactured by cvs2svn to create branch

'PSM_CLIENT_BRENACH'.

git-svn-id: svn://10.0.0.236/branches/PSM_CLIENT_BRENACH@84010 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/security/Makefile.in

@@ -0,0 +1,31 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= psm
+
+include $(topsrcdir)/config/rules.mk

mozilla/security/psm/Makefile

@@ -0,0 +1,88 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+psm_RelEng_srvr_bld:
+	cd ../coreconf; gmake
+	cd ../../nsprpub; $(MAKE) OBJDIR_NAME=$(OBJDIR_NAME)
+	cd ../nss; gmake import IMPORTS=dbm/DBM_1_54
+	cd ../nss; gmake 
+ifeq ($(OS_ARCH), WINNT)
+	gmake import IMPORTS=nlslayer/m16
+else
+	gmake import IMPORTS=nlslayer/PR3 RELEASE_TREE=/h/tortoise/export/share/builds/components
+endif
+	cd ui;gmake
+	gmake
+	cd server;gmake build_xpi
+

mozilla/security/psm/Makefile.in

@@ -0,0 +1,118 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+
+CORE_DEPTH=$(topsrcdir)/security
+
+include $(CORE_DEPTH)/coreconf/arch.mk
+ifeq (,$(filter-out NetBSD,$(OS_TARGET)))
+include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
+else
+include $(CORE_DEPTH)/coreconf/$(OS_CONFIG).mk
+endif
+include $(CORE_DEPTH)/coreconf/prefix.mk
+CPU_TAG = _$(CPU_ARCH)
+LOADABLE_ROOT_MODULE = $(DLL_PREFIX)nssckbi$(DLL_SUFFIX)
+CORECONF_OBJDIR=$(OBJDIR_NAME)
+
+include $(DEPTH)/config/autoconf.mk
+
+ifndef MOZ_DEBUG
+OPT_GMAKE_FLAGS = BUILD_OPT=1
+BUILD_OPT=1
+OBJDIR_TAG=_OPT
+endif
+
+DEFAULT_GMAKE_FLAGS = -f Makefile $(OPT_GMAKE_FLAGS) 
+
+CORECONF_INSTALL     = $(DIST)/$(CORECONF_OBJDIR)
+CORECONF_DIST        = $(MOZ_BUILD_ROOT)/dist/$(CORECONF_OBJDIR)
+DEFAULT_GMAKE_FLAGS += DIST=$(CORECONF_DIST) 
+DEFAULT_GMAKE_FLAGS += SOURCE_LIB_DIR=$(CORECONF_DIST)/lib
+DEFAULT_GMAKE_FLAGS += SOURCE_BIN_DIR=$(CORECONF_DIST)/bin
+DEFAULT_GMAKE_FLAGS += SOURCE_XP_DIR=$(CORECONF_DIST)
+
+
+DIRS		= lib
+
+include $(topsrcdir)/config/rules.mk
+
+ABS_topsrcdir	:= $(shell cd $(topsrcdir); pwd)
+
+install::
+ifneq ($(ABS_topsrcdir),$(MOZ_BUILD_ROOT))
+	if test ! -d $(MOZ_BUILD_ROOT)/security/nss; then                   \
+		cp -r $(topsrcdir)/security/nss $(MOZ_BUILD_ROOT)/security; \
+	fi;
+	if test ! -d $(MOZ_BUILD_ROOT)/security/coreconf; then              \
+		cp -r $(topsrcdir)/security/coreconf $(MOZ_BUILD_ROOT)/security; \
+	fi;
+	if test ! -d $(MOZ_BUILD_ROOT)/security/psm/server; then            \
+		cp -r $(topsrcdir)/security/psm/server $(MOZ_BUILD_ROOT)/security/psm/server; \
+	fi;
+	if test ! -d $(MOZ_BUILD_ROOT)/security/psm/ui; then        \
+		cp -r $(topsrcdir)/security/psm/ui $(MOZ_BUILD_ROOT)/security/psm/; \
+	fi;
+	if test ! -d $(MOZ_BUILD_ROOT)/security/psm/doc; then       \
+		cp -r $(topsrcdir)/security/psm/doc $(MOZ_BUILD_ROOT)/security/psm/; \
+	fi;
+endif
+	cd $(MOZ_BUILD_ROOT)/security/coreconf; gmake $(DEFAULT_GMAKE_FLAGS)
+	cd $(MOZ_BUILD_ROOT)/security/nss; gmake $(DEFAULT_GMAKE_FLAGS) moz_import
+	cd $(MOZ_BUILD_ROOT)/security/nss/lib; gmake $(DEFAULT_GMAKE_FLAGS)
+	cd $(MOZ_BUILD_ROOT)/security/psm/ui; gmake $(DEFAULT_GMAKE_FLAGS)
+	cd $(MOZ_BUILD_ROOT)/security/psm/server; gmake $(DEFAULT_GMAKE_FLAGS)
+	$(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psm $(DIST)/bin/
+	$(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/psmdata $(DIST)/bin
+	$(INSTALL) -m 755 $(CORECONF_INSTALL)/bin/start-psm $(DIST)/bin
+	$(INSTALL) -m 755 $(CORECONF_INSTALL)/lib/$(LOADABLE_ROOT_MODULE) $(DIST)/bin
+
+clean clobber clobber_all realclean distclean::
+ifeq ($(ABS_topsrcdir),$(MOZ_BUILD_ROOT))
+	cd $(MOZ_BUILD_ROOT)/security/coreconf; gmake $(DEFAULT_GMAKE_FLAGS) clean
+	cd $(MOZ_BUILD_ROOT)/security/nss; gmake $(DEFAULT_GMAKE_FLAGS) clean
+	cd $(MOZ_BUILD_ROOT)/security/psm/ui; gmake $(DEFAULT_GMAKE_FLAGS) clean
+	cd $(MOZ_BUILD_ROOT)/security/psm/server; gmake $(DEFAULT_GMAKE_FLAGS) clean
+else
+	if test -d $(MOZ_BUILD_ROOT)/security/nss; then \
+		rm -rf $(MOZ_BUILD_ROOT)/security/nss;  \
+	fi;
+	if test -d $(MOZ_BUILD_ROOT)/security/coreconf; then    \
+		rm -rf $(MOZ_BUILD_ROOT)/security/coreconf;     \
+	fi;
+	if test -d $(MOZ_BUILD_ROOT)/security/psm/server; then  \
+		rm -rf $(MOZ_BUILD_ROOT)/security/psm/server;   \
+	fi;
+	if test -d $(MOZ_BUILD_ROOT)/security/psm/ui; then      \
+		rm -rf $(MOZ_BUILD_ROOT)/security/psm/ui;       \
+	fi;
+	if test -d $(MOZ_BUILD_ROOT)/security/psm/doc; then     \
+		rm -rf $(MOZ_BUILD_ROOT)/security/psm/doc;      \
+	fi;
+	if test -d $(MOZ_BUILD_ROOT)/dist/$(CORECONF_OBJDIR); then      \
+		rm -rf $(MOZ_BUILD_ROOT)/dist/$(CORECONF_OBJDIR);       \
+	fi;
+endif

mozilla/security/psm/doc/cmcjavascriptapi.html

@@ -0,0 +1,494 @@
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<head>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+   <meta name="GENERATOR" content="Mozilla/4.7 [en] (WinNT; U) [Netscape]">
+   <title>Javascript API for Client Certificate Management</title>
+</head>
+<body>
+<h2><font face="Arial,Helvetica">Netscape Personal Security Manager</font></h2>
+
+<h2><font face="Arial,Helvetica">JavaScript API for Client Certificate Management</font></h2>
+
+Version 0.3 - 10/27/1999
+<br>Comments to: <a href="mailto:psmfeedback@netscape.com?subject=JavaScript%20API%20Feedback">psmfeedback@netscape.com</a>
+<p>This document describes a new JavaScript API for performing user certificate
+management operations within a client. The JavaScript runs in the context
+of a web page operated by a Certificate Authority (CA) or Registration
+Authority (RA). The API allows the CA or RA to instruct the client to perform
+PKI operations such as key generation, certificate request generation,
+key escrow, import of user certificates, key recovery, and revocation requests.
+<p>These properties and methods reflect behavior currently implemented
+in Personal Security Manager 1.0.
+<p>The messages imported by or generated by these JavaScript methods are
+defined in the CRMF, CMMF, and CMC internet drafts.
+<h2>
+<font face="Arial,Helvetica">Overview of New Cert Issuing Process</font></h2>
+
+<ol>
+<li>
+User fills out enrollment form</li>
+
+<li>
+User action initiates script</li>
+
+<li>
+Script calls key generation method</li>
+
+<li>
+Signing and Encryption keys are generated</li>
+
+<li>
+Encryption Private Key is wrapped with public key of Key Recovery Authority
+(KRA) (passed in in the form of a certificate as part of the script, and
+checked against a pre-installed certificate copy in the local certificate
+database)</li>
+
+<li>
+The public keys, wrapped encryption private key, and text string from the
+script (possibly containing naming or enrollment info) are signed by the
+user</li>
+
+<li>
+Signed blob is returned to the script</li>
+
+<li>
+Script submits signed blob and any other necessary info to the CA/RA</li>
+
+<li>
+CA/RA verifies signature on signed blob</li>
+
+<li>
+CA/RA validates identity of user</li>
+
+<li>
+CA/RA sends wrapped encryption private key to KRA</li>
+
+<li>
+KRA sends escrow verification back to CA</li>
+
+<li>
+CA creates and signs certificates</li>
+
+<li>
+CA sends certificates back to Communicator</li>
+</ol>
+
+<h2>
+<font face="Arial,Helvetica">JavaScript API</font></h2>
+
+<h3>
+<font face="Arial,Helvetica">Properties</font></h3>
+<tt>crypto.algorithms.dh.keySizes</tt>
+<br><tt>crypto.algorithms.dsa.keySizes</tt>
+<br><tt>crypto.algorithms.rsa.signing.keySizes</tt>
+<br><tt>crypto.algorithms.rsa.keyEx.keySizes</tt>
+<p><tt>keySizes</tt> is an an array that describes the available key sizes
+for the particular algorithms and operations.
+<p>The table below describes the key sizes that will be supported in the
+US and Export versions of Communicator.
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Algorithm</b></td>
+
+<td ALIGN=CENTER><b>US Version Key Sizes</b></td>
+
+<td ALIGN=CENTER><b>Export Version Key Sizes</b></td>
+</tr>
+
+<tr>
+<td>DSA Signing Only</td>
+
+<td>1024, 2048</td>
+
+<td>1024, 2048</td>
+</tr>
+
+<tr>
+<td>RSA Signing Only</td>
+
+<td>1024, 2048</td>
+
+<td>1024, 2048</td>
+</tr>
+
+<tr>
+<td>RSA Encryption Only</td>
+
+<td>1024, 2048</td>
+
+<td>512,1024</td>
+</tr>
+
+<tr>
+<td>RSA Dual Use Signing And Encryption</td>
+
+<td>1024, 2048</td>
+
+<td>512,1024</td>
+</tr>
+
+<tr>
+<td>DH Key Exchange</td>
+
+<td>1024, 2048</td>
+
+<td>512,1024</td>
+</tr>
+</table>
+
+<h3>
+<font face="Arial,Helvetica">Methods</font></h3>
+
+<h4>
+<font face="Arial,Helvetica">generateCRMFRequest()</font></h4>
+<tt>crmfObject = crypto.generateCRMFRequest(<i>"requestedDN", "regToken",
+"authenticator","escrowAuthorityCert", "KeyGen Done Code",keySize1, "keyParams1",
+"keyGenAlg1",..., keySizeN, "keyParamsN", "keyGenAlgN");</i></tt>
+<p>This method will generate a sequence of CRMF requests that has N requests.&nbsp;
+One request for each key pair that is generated.&nbsp; The first three
+parameters will be applied to every request.&nbsp; the "escrowAuthorityCert"
+parameter will only be used for requests that pertain to a key that is
+being escrowed.&nbsp; After the "escrowAuthorityCert" parameter, the method
+takes some JavaScript code that&nbsp; is invoked when the CRMF request
+is ready. Finally, there are 1 or more sets of key generation arguments.&nbsp;
+Each key generation will be associated with its own request.&nbsp; All
+the requests will have the same DN.
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER VALIGN=TOP><b>Argument</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td><i><tt>"requestedDN"</tt></i></td>
+
+<td>An RFC1485 formatted DN to include in the certificate request.</td>
+</tr>
+
+<tr>
+<td><i><tt>"regToken"</tt></i></td>
+
+<td>A value used to authenticate the user to the RA/CA.</td>
+</tr>
+
+<tr>
+<td><i><tt>"authenticator"</tt></i></td>
+
+<td>A value that the user can authenticate with in the future when their
+private key is not available. Can be used for key recovery or revocation
+requests.</td>
+</tr>
+
+<tr>
+<td><i><tt>"escrowAuthorityCert"</tt></i></td>
+
+<td>If this value is NULL, then no key escrow will be performed. This value
+specifies which KRA certificate should be used to wrap the private key
+being escrowed. The user will be prompted for confirmation whenever a key
+will be escrowed.&nbsp; Only key exchange keys will be escrowed. If a dual
+use key is being generated, it will not be escrowed.&nbsp; The value of
+this argument is a base-64 encoded certificate.</td>
+</tr>
+
+<tr>
+<td><i><tt>"CRMF Generation Done Code"</tt></i></td>
+
+<td>This parameter is JavaScript to execute when the CRMF generation is
+complete.&nbsp;</td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>keySizeN</tt></i></td>
+
+<td>The size in bits of the Nth key to generate</td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"keyParamsN"</tt></i></td>
+
+<td>This string is an optional algorithm dependent parameter value. For
+Diffie-Hellman it is used to specify p and g parameters.&nbsp; For DSA,
+it will be used to specify pqg. If the key generation requires parameters
+and the value passed in is NULL, then the client will generate the parameters
+on its own. Currently, this value is ignored.</td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"keyGenAlgN"</tt></i></td>
+
+<td>Which algorithm the generated key will support. Acceptable values are
+(the mentioned values for keyUsage pertain to the keyUsage value of the
+Certificate Extension that will ultimately be in the issued certificate):&nbsp;
+<ul>
+<li>
+"rsa-ex" - generate an RSA key for key exchange only (This will have keyEncipherment
+set for keyUsage.)</li>
+
+<li>
+"rsa-dual-use" - generate a single RSA key for both signing and encryption.&nbsp;
+(This will have digitalSignature, keyEncipherment, and nonRepudiation set
+for keyUsage.)</li>
+
+<li>
+"rsa-sign" - generate an RSA key for signing only. (This will have digitalSignature
+set for keyUsage.)</li>
+
+<li>
+"rsa-nonrepudiation" - generate a single RSA key for nonRepudiation only.
+(This will have non-repudiation set for keyUsage.)</li>
+
+<li>
+"rsa-sign-nonrepudiation" - generate a single RSA key use for both signing
+and nonRepudiation. (This will have both digitalSignature and nonRepudiation
+set for keyUsage.)</li>
+
+<li>
+"dsa-sign" - generate a single DSA key for signing only. (This will have
+digitalSignature set for keyUsage.)</li>
+
+<li>
+"dsa-nonrepudiation" - generate a single DSA key for nonRepudiation. (This
+will have nonRepudiation set for keyUsage.)</li>
+
+<li>
+"dsa-sign-nonrepudiation" - generate a single DSA key for signing and non-repudiation.
+(This will have digitalSignature and nonRepudiation set for keyUsage.)</li>
+</ul>
+</td>
+</tr>
+</table>
+
+<p>The <b>generateCRMFRequest()</b> method will cause the user to be presented
+with a key generation dialog. The dialog describes the key generation process
+and gives the user the opportunity to cancel the operation.
+<p>The method <b>generateCRMFRequest() </b>will return an instance of a
+CRMF object. The JavaScript passed in as the <i><tt>"CRMF Generation Done
+Code"</tt></i> parameter should look at the attribute <i>request </i>of
+the returned object to get the result of the CRMF generation.
+<p>The string found by accessing <i><tt>crmfObject.request</tt></i> is
+the base-64 encoded CRMF message to be sent to the CA/RA, or an error string.
+The possible error strings are:
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Error String</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td>"error:invalidParameter:XXX"</td>
+
+<td>The parameter XXX was an invalid value.</td>
+</tr>
+
+<tr>
+<td>"error:userCancel"</td>
+
+<td>the user has canceled the key generation operation</td>
+</tr>
+
+<tr>
+<td>"error:internalError"</td>
+
+<td>the software encountered some internal error, such as out of memory</td>
+</tr>
+</table>
+
+<h4>
+<font face="Arial,Helvetica">importUserCertificates()</font></h4>
+<tt><i>resultString</i> = crypto.importUserCertificates(<i>"nicknameString"</i>,
+<i>"certString"</i>,
+<i>allowBackup</i>)</tt>
+<br>&nbsp;
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Argument</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"nicknameString"</tt></i></td>
+
+<td>This is the nickname that will be used to describe the certificate
+in the client's certificate management UI.&nbsp; It should serve to uniquely
+identify the certificate to the user. For example, "John Smith's VeriSign
+Class 3 Digital ID" or "John Smith's Ford ID Certificate". However, if
+this certificate has the same DN as one or more certificates that already
+exist in the user's certificate store, the nickname associated with the
+certificate(s) of the same DN in the certificate store is used, and the
+<tt>"nicknameString"</tt> parameter is ignored. If the string is null and
+no certificate with the same DN exists in the user's certificate store,
+Personal Security Manager uses the following pattern to derive the nickname:
+<tt>&lt;Common Name>'s &lt;Issuer Name> ID</tt>.</td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"certRepString"</tt></i></td>
+
+<td>This string is the CMMF Certification Response from the CA that contains
+the user's certificate(s). The response is base-64 encoded.</td>
+</tr>
+
+<tr>
+<td><i><tt>allowBackup</tt></i></td>
+
+<td>This is a Boolean argument. It allows the CA or RA to indicate to the
+client whether to force the user to back up a newly issued certificate
+(PKCS #12).</td>
+</tr>
+</table>
+
+<p>The <b>importUserCertificates()</b> method is used to import newly issued
+certificates for the user. The private key for the certificates must already
+reside in the user's personal private key database.
+<p>The request ID in the response being imported must match the request
+ID in the associated Certification Request or Recovery Request.
+<p>If the import operation succeeds, an empty string will be returned.&nbsp;
+If it fails, one of the following error strings will be returned:
+<br>&nbsp;
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Error String</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td>"error:userCancel"</td>
+
+<td>The user canceled the import operation</td>
+</tr>
+
+<tr>
+<td>"error:invalidCertificate"</td>
+
+<td>One of the certificate packages was incorrectly formatted</td>
+</tr>
+
+<tr>
+<td>"error:internalError"</td>
+
+<td>The software encountered some internal error, such as out of memory</td>
+</tr>
+
+<tr>
+<td>"error:invalidRequestID"</td>
+
+<td>The request ID in the response message does not match any outstanding
+request</td>
+</tr>
+</table>
+
+<h4>
+<font face="Arial,Helvetica">popChallengeResponse()</font></h4>
+<tt><i>resultString</i> = crypto.popChallengeResponse(<i>"challengeString"</i>);</tt>
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER VALIGN=TOP><b>Argument</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td VALIGN=TOP><i><tt>"challengeString"</tt></i></td>
+
+<td>A base-64 encoded CMMF POPODecKeyChallContent message. The current
+implementation does not conform to that defined in the CMMF draft, and
+we intend to change this implementation to that defined in the CMC RFC..
+See below for the current implementation.</td>
+</tr>
+</table>
+
+<p>The resultString will either be a base-64 encoded POPODecKeyRespContent
+message, or one of the following error strings:
+<br>&nbsp;
+<br>&nbsp;
+<table BORDER WIDTH="100%" >
+<tr>
+<td ALIGN=CENTER><b>Error String</b></td>
+
+<td ALIGN=CENTER><b>Description</b></td>
+</tr>
+
+<tr>
+<td>"error:invalidParameter:XXX"</td>
+
+<td>The parameter XXX was an invalid value.</td>
+</tr>
+
+<tr>
+<td>"error:internalError"</td>
+
+<td>the software encountered some internal error, such as out of memory</td>
+</tr>
+</table>
+
+<p><b>Challenge-Response Proof Of Possession</b>
+<p><tt>Expected Input:</tt>
+<p><tt>POPODecKeyChallContent ::= SEQUENCE OF Challenge</tt>
+<br><tt>&nbsp;&nbsp;&nbsp; -- One Challenge per encryption key certification
+request (in the</tt>
+<br><tt>&nbsp;&nbsp;&nbsp; -- same order as these requests appear in FullCertTemplates).</tt>
+<p><tt>Challenge ::= SEQUENCE {</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; owf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+AlgorithmIdentifier&nbsp; OPTIONAL,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- MUST be present in the first
+Challenge; MAY be omitted in any</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- subsequent Challenge in POPODecKeyChallContent
+(if omitted,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- then the owf used in the immediately
+preceding Challenge is</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- to be used).</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; witness&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+OCTET STRING,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the result of applying the one-way
+function (owf) to a</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- randomly-generated INTEGER, A.&nbsp;
+[Note that a different</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- INTEGER MUST be used for each
+Challenge.]</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sender&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+GeneralName,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the name of the sender.</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; key&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+OCTET STRING,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the public key used to encrypt
+the challenge.&nbsp; This will allow</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the client to find the appropriate
+key to do the decryption.</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; challenge&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+OCTET STRING</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the encryption (under the public
+key for which the cert.</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- request is being made) of Rand,
+where Rand is specified as</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp; Rand ::= SEQUENCE
+{</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; INTEGER,</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+- the randomly-generated INTEGER A (above)</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+senderHash&nbsp; OCTET STRING</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+- the result of applying the one-way function (owf) to</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+- the sender's general name</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp; }</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- the size of "int" must be small
+enough such that "Rand" can be</tt>
+<br><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- contained within a single PKCS
+#1 encryption block.</tt>
+<br><tt>&nbsp; }</tt>
+<p>&copy; Copyright 1999 Netscape Communications Corporation
+</body>
+</html>

mozilla/security/psm/doc/contents.htm

@@ -0,0 +1,171 @@
+<html><head>
+<title></title>
+
+</HEAD>
+
+
+<FONT FACE="arial, helvetica, sans-serif"  size="-1">
+<a name="TOP">
+<IMG SRC="cartbanner.gif" WIDTH="432" HEIGHT="36" HSPACE="0" VSPACE="0">
+<table bgcolor="#cccccc" width="100%">
+<tr><td><IMG SRC="w.gif" WIDTH=1 HEIGHT=3 BORDER=0></td></tr>
+</table>
+<BR><BR>
+
+
+
+<TABLE CELLPADDING=5 CELLSPACING=2 border=0>
+<TR>
+
+<TD> <a href="help.htm">Next<IMG SRC="next.gif" WIDTH=16 
+
+HEIGHT=14 ALIGN="texttop" BORDER=0></a></FONT></TD>   
+<TD BGCOLOR="#FFFFFF"><a href="contents.htm">Topics</a></FONT></TD>
+
+
+</TR>
+</TABLE>
+</TD></TR> 
+</TABLE>
+
+<BR> <BR>
+
+</a>
+</DIV>
+
+</P>
+<h1>Contents</h1>
+
+<B><a href="help.htm#1024926"> 	
+</B> </A> <p>
+<p><b>
+<a href="help.htm#1057187">
+ Introduction to Personal Security Manager 	
+</a></b><br><DD>
+
+<a href="help.htm#1044573">
+ About Personal Security Manager Help 	
+</a><br><DD>
+
+<a href="help.htm#1043598">
+ What You Can Do with Personal Security Manager 	
+</a><br><DD>
+
+<a href="help.htm#1026014">
+ Understanding Network Security 	
+</a><br>
+<p><b>
+<a href="help.htm#1045279">
+ Information Tab 	
+</a></b><br><DD>
+
+<a href="help.htm#1041627">
+ Information About Web Pages 	
+</a><br><DD>
+
+<a href="help.htm#1046060">
+ Information About Stored Email Messages 	
+</a><br><DD>
+
+<a href="help.htm#1046671">
+ Information About Email Messages You Are Composing 	
+</a><br>
+<p><b>
+<a href="help.htm#1030083">
+ Applications Tab 	
+</a></b><br><DD>
+
+<a href="help.htm#1030967">
+ Navigator 	
+</a><br><DD>
+
+<a href="help.htm#1031452">
+ Messenger 	
+</a><br><DD>
+
+<a href="help.htm#1031152">
+ Java/JavaScript 	
+</a><br>
+<p><b>
+<a href="help.htm#1030743">
+ Certificates Tab 	
+</a></b><br><DD>
+
+<a href="help.htm#1047547">
+ Certificates&#151;Mine 	
+</a><br><DD>
+
+<a href="help.htm#1031428">
+ Certificates&#151;Others 	
+</a><br><DD>
+
+<a href="help.htm#1031432">
+ Certificates&#151;Web Sites 	
+</a><br><DD>
+
+<a href="help.htm#1031434">
+ Certificates&#151;Authorities 	
+</a><br>
+<p><b>
+<a href="help.htm#1036138">
+ Advanced Tab 	
+</a></b><br><DD>
+
+<a href="help.htm#1036162">
+ Modules 	
+</a><br><DD>
+
+<a href="help.htm#1036164">
+ Options 	
+</a><br>
+<p><b>
+<a href="help.htm#1056728">
+ Other Personal Security Manager Windows 	
+</a></b><br><DD>
+
+<a href="help.htm#1055385">
+ Certificate Information 	
+</a><br><DD>
+
+<a href="help.htm#1035650">
+ Choose Security Device 	
+</a><br><DD>
+
+<a href="help.htm#1041171">
+ Enrollment Information 	
+</a><br><DD>
+
+<a href="help.htm#1055232">
+ Certificate Renewal 	
+</a><br><DD>
+
+<a href="help.htm#1041200">
+ Choosing a Certificate 	
+</a><br><DD>
+
+<a href="help.htm#1036401">
+ New Certificate Authority 	
+</a><br><DD>
+
+<a href="help.htm#1041248">
+ Web Site Certificates 	
+</a><br><DD>
+
+<a href="help.htm#1036488">
+ Request for Signature 	
+</a><br><FONT FACE="sans-Serif" SIZE=+1>&nbsp;<BR>
+<a href="glossary.htm#996904">
+Glossary 	
+</a>
+</A> </FONT>
+
+<BR><BR><BR>
+
+&copy; Copyright 2000 Netscape Communications Corporation
+</FONT> </CENTER>
+
+<BR>
+
+</BODY>
+
+</HTML>

mozilla/security/psm/doc/glossary.htm

@@ -0,0 +1,417 @@
+<html><head>
+<title></title>
+
+<script languag=javascript> 
+
+  <!-- 
+  if (typeof(crypto.disableRightClick) == "function") { 
+      crypto.disableRightClick(); 
+  } 
+  // --> 
+
+</script>
+</HEAD>
+
+<FONT FACE="arial, helvetica, sans-serif" size="-1">
+<a name="TOP">
+
+<IMG SRC="cartbanner.gif" WIDTH="432" HEIGHT="36" HSPACE="0" VSPACE="0">
+<table bgcolor="#cccccc" width="100%">
+<tr><td><IMG SRC="w.gif" WIDTH=1 HEIGHT=3 BORDER=0></td></tr>
+</table>
+
+<BR><BR>
+<TABLE CELLPADDING=5 CELLSPACING=2 border=0>
+<TR><TD BGCOLOR="#FFFFFF"><a href="help.htm"><IMG SRC="prev.gif" WIDTH=16 
+
+HEIGHT=14 ALIGN="texttop" BORDER=0>Previous</a>
+  </TD>
+
+ 
+<TD BGCOLOR="#FFFFFF"><a href="contents.htm">Topics</a></TD>
+
+
+</TR>
+</TABLE>
+
+<BR> <BR>
+
+</a>
+</DIV>
+
+</P>
+<h1><A NAME="
+"></A><A NAME="996904">
+Glossary 
+</A></h1><dl>
+<A NAME="authentication"></A><A NAME="998782">
+<B>authentication.</B>&nbsp;
+</A><A NAME="1013907">
+Assurance that a party to a computerized transaction is not an impostor. Authentication typically involves the use of a password, certificate, personal identification number (PIN), or other information that can be used to validate identity over a computer network. See also <a href="glossary.htm#1014123">password-based authentication</a>, <a href="glossary.htm#1018581">certificate-based authentication</a>, <a href="glossary.htm#1021054">client authentication</a>, <a href="glossary.htm#1031070">server authentication</a>.<P>
+</A>
+<A NAME="CA"></A><A NAME="1021395">
+<B>CA.</B>&nbsp;
+</A><A NAME="1021418">
+See <a href="glossary.htm#1020903"></a><a href="glossary.htm#1020903">certificate authority (CA)</a>.<P>
+</A>
+<A NAME="CA certificate"></A><A NAME="1017503">
+<B>CA certificate.</B>&nbsp;
+</A><A NAME="1017507">
+A certificate that identifies a certificate authority. See also <a href="glossary.htm#1020903">certificate authority (CA)</a>, <a href="glossary.htm#999541">subordinate CA</a>, <a href="glossary.htm#1015631">root CA</a>.<P>
+</A>
+<A NAME="certificate"></A><A NAME="1018895">
+<B>certificate.</B>&nbsp;
+</A><A NAME="1018896">
+The digital equivalent of an ID card. A certificate specifies the name of an individual, company, or other entity and certifies that a public key, which is included in the certificate, belongs to that entity. When you digitally sign a message or other data, the digital signature for that message is created with the aid of the private key that corresponds to the public key in your certificate. A certificate is issued and digitally signed by a <a href="glossary.htm#1020903">certificate authority (CA)</a>. A certificate's validity can be verified by checking the CA's <a href="glossary.htm#1013995">digital signature</a>. Also called digital ID, digital passport, public-key certificate X.509 certificate, and security certificate. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="certificate authority (CA)"></A><A NAME="1020903">
+<B>certificate authority (CA).</B>&nbsp;
+</A><A NAME="1020904">
+A service that issues a certificate after verifying the identity of the person or entity the certificate is intended to identify. A CA also renews and revokes certificates and generates a list of revoked certificates at regular intervals. CAs can be independent vendors (such as the CAs listed at <a href= "https://certs.netscape.com/client.html" TARGET="_blank">Certificate Authority Services</a>) or a person or organization using certificate-issuing server software (such as Netscape Certificate Management System). See also <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1019940">certificate revocation list (CRL)</a>.<P>
+</A>
+<A NAME="certificate-based authentication"></A><A NAME="1018581">
+<B>certificate-based authentication.</B>&nbsp;
+</A><A NAME="1018582">
+Verification of identity based on certificates and public-key cryptography. See also <a href="glossary.htm#1014123">password-based authentication</a>.<P>
+</A>
+<A NAME="certificate chain"></A><A NAME="1018500">
+<B>certificate chain.</B>&nbsp;
+</A><A NAME="1019929">
+A hierarchical series of certificates signed by successive certificate authorities. A CA certificate identifies a <a href="glossary.htm#1020903">certificate authority (CA)</a> and is used to sign certificates issued by that authority. A CA certificate can in turn be signed by the CA certificate of a parent CA and so on up to a <a href="glossary.htm#1015631">root CA</a>. <P>
+</A>
+<A NAME="certificate fingerprint"></A><A NAME="1020297">
+<B>certificate fingerprint.</B>&nbsp;
+</A><A NAME="1020326">
+A unique number associated with a certificate. The number is not part of the certificate itself but is produced by applying a mathematical function to the contents of the certificate. If the contents of the certificate change, even by a single character, the function produces a different number. Certificate fingerprints can therefore be used to verify that certificates have not been tampered with.<P>
+</A>
+<A NAME="certificate renewal"></A><A NAME="1031319">
+<B>certificate renewal.</B>&nbsp;
+</A><A NAME="1031323">
+The process of renewing a <a href="glossary.htm#1018895">certificate</a> that is about to expire.<P>
+</A>
+<A NAME="certificate revocation list (CRL)"></A><A NAME="1019940">
+<B>certificate revocation list (CRL).</B>&nbsp;
+</A><A NAME="1021047">
+A list of revoked certificates that is generated and signed by a <a href="glossary.htm#1020903">certificate authority (CA)</a>. You can download the latest CRL to your browser or to a server, then check against it to make sure that certificates are still valid before permitting their use for authentication. <P>
+</A>
+<A NAME="certificate store"></A><A NAME="1023462">
+<B>certificate store.</B>&nbsp;
+</A><A NAME="1032978">
+The collection of certificates, or electronic IDs, maintained by Personal Security Manager on your behalf. These include your own certificates stored on one or more security devices, other people's certificates, web site certificates, and <a href="glossary.htm#1020903"></a>CA certificates. See also <a href="glossary.htm#1020903">certificate authority (CA)</a>, <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1028962">security device</a>.<P>
+</A>
+<A NAME="certificate verification"></A><A NAME="1025527">
+<B>certificate verification.</B>&nbsp;
+</A><A NAME="1025531">
+When Personal Security Manager verifies a certificate, it confirms that the digital signature was created by a CA whose own CA certificate is both present in the certificate store and marked as trusted for issuing that kind of certificate. It also confirms that the certificate being verified has not been marked as untrusted in the certificate store. Finally, if the <a href="glossary.htm#1029304">Online Certificate Status Protocol (OCSP)</a> has been activated (from the Options panel under the Advanced tab), Personal Security Manager also performs an on-line check. It does so by looking up the certificate in a list of valid certificates maintained at a URL that is specified either in the certificate itself or in the OCSP Settings window. If any of these checks fail, Personal Security Manager marks the certificate as unverified and won't recognize the identity it certifies.<P>
+</A>
+<A NAME="cipher"></A><A NAME="1021048">
+<B>cipher.</B>&nbsp;
+</A><A NAME="1021052">
+See <a href="glossary.htm#1019976">cryptographic algorithm</a>.<P>
+</A>
+<A NAME="client"></A><A NAME="1029510">
+<B>client.</B>&nbsp;
+</A><A NAME="1029547">
+Software (such as browser software) that sends requests to and receives information from a <a href="glossary.htm#1029749">server</a>, which is usually running on a different computer. A computer on which client software runs is also described as a client.<P>
+</A>
+<A NAME="client authentication"></A><A NAME="1021054">
+<B>client authentication.</B>&nbsp;
+</A><A NAME="1014557">
+The process of identifying a <a href="glossary.htm#1029510">client</a> to a <a href="glossary.htm#1029749">server</a>, for example with a name and password or with a <a href="glossary.htm#1014561">client SSL certificate</a> and some digitally signed data. See also <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>, <a href="glossary.htm#1031070">server authentication</a>.<P>
+</A>
+<A NAME="client SSL certificate"></A><A NAME="1014561">
+<B>client SSL certificate.</B>&nbsp;
+</A><A NAME="1014562">
+A certificate that a <a href="glossary.htm#1029510">client</a> (for example, browser software such as Netscape Communicator) presents to a <a href="glossary.htm#1029749">server</a> to authenticate the identity of the client (or the identity of the person using the client) using the <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a> protocol. See also <a href="glossary.htm#1021054">client authentication</a>.<P>
+</A>
+<A NAME="cryptographic algorithm"></A><A NAME="1019976">
+<B>cryptographic algorithm.</B>&nbsp;
+</A><A NAME="1019985">
+A set of rules or directions used to perform cryptographic operations such as <a href="glossary.htm#999078">encryption</a> and <a href="glossary.htm#998999">decryption</a>. Sometimes called a <I>cipher.</I><P>
+</A>
+<A NAME="cryptography"></A><A NAME="1026002">
+<B>cryptography.</B>&nbsp;
+</A><A NAME="1026018">
+The art and practice of scrambling (encrypting) and unscrambling (decrypting) information. For example, cryptographic techniques are used to scramble an unscramble information flowing between commercial web sites and your browser. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="decryption"></A><A NAME="998999">
+<B>decryption.</B>&nbsp;
+</A><A NAME="999005">
+The process of unscrambling data that has been encrypted. See also <a href="glossary.htm#999078">encryption</a>.<P>
+</A>
+<A NAME="digital ID"></A><A NAME="999011">
+<B>digital ID.</B>&nbsp;
+</A><A NAME="999017">
+See <a href="glossary.htm#1018895">certificate</a>.<P>
+</A>
+<A NAME="digital signature"></A><A NAME="1013995">
+<B>digital signature.</B>&nbsp;
+</A><A NAME="1013996">
+A code created from both the data to be signed and the private key of the signer. This code is unique for each new piece of data. Even a single comma added to a message changes the digital signature for that message. Successful validation of your digital signature by appropriate software not only provides evidence that you approved the transaction or message, but also provides evidence that the data has not changed since you digitally signed it. A digital signature has nothing to do with a handwritten signature, although it can sometimes be used for similar legal purposes. See also <a href="glossary.htm#999248">nonrepudiation</a>, <a href="glossary.htm#999618">tamper detection</a>.<P>
+</A>
+<A NAME="distinguished name (DN)"></A><A NAME="1022191">
+<B>distinguished name (DN).</B>&nbsp;
+</A><A NAME="1022194">
+A specially formatted name that uniquely identifies the subject of a certificate.<P>
+</A>
+<A NAME="dual key pairs"></A><A NAME="1020489">
+<B>dual key pairs.</B>&nbsp;
+</A><A NAME="1020619">
+Two public-private key pairs--four keys altogether--corresponding to two separate certificates. The private key of one pair is used for signing operations, and the public and private keys of the other pair are used for encryption and decryption operations. Each pair corresponds to a separate <a href="glossary.htm#1018895">certificate</a>. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="eavesdropping"></A><A NAME="1020620">
+<B>eavesdropping.</B>&nbsp;
+</A><A NAME="1013975">
+Surreptitious interception of information sent over a network by an entity for which the information is not intended.<P>
+</A>
+<A NAME="encryption"></A><A NAME="999078">
+<B>encryption.</B>&nbsp;
+</A><A NAME="1024038">
+The process of scrambling information in a way that disguises its meaning. For example, encrypted connections between computers make it very difficult for third-parties to unscramble, or <I>decrypt,</I> information flowing over the connection. Encrypted information can be decrypted only by someone who possesses the appropriate key. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="encryption certificate"></A><A NAME="1024953">
+<B>encryption certificate.</B>&nbsp;
+</A><A NAME="1024978">
+A certificate whose public key corresponds to a private key used for encryption only. Encryption certificates are not used for signing operations. See also <a href="glossary.htm#1020489">dual key pairs</a>, <a href="glossary.htm#999493">signing certificate</a>.<P>
+</A>
+<A NAME="encryption key"></A><A NAME="1021254">
+<B>encryption key.</B>&nbsp;
+</A><A NAME="1021255">
+A private key used for encryption only. An encryption key and its equivalent public key, plus a <a href="glossary.htm#1021282">signing key</a> and its equivalent public key, constitute a <a href="glossary.htm#1020489">dual key pairs</a>.<P>
+</A>
+<A NAME="fingerprint"></A><A NAME="1020434">
+<B>fingerprint.</B>&nbsp;
+</A><A NAME="1020450">
+See <a href="glossary.htm#1020297">certificate fingerprint</a>.<P>
+</A>
+<A NAME="FIPS PUBS 140-1"></A><A NAME="1025742">
+<B>FIPS PUBS 140-1.</B>&nbsp;
+</A><A NAME="1025743">
+Federal Information Processing Standards Publications (FIPS PUBS) 140-1 is a US government standard for implementations of cryptographic modules--that is, hardware or software that encrypts and decrypts data or performs other cryptographic operations (such as creating or verifying digital signatures). Many products sold to the US government must comply with one or more of the FIPS standards.<P>
+</A>
+<A NAME="key"></A><A NAME="999203">
+<B>key.</B>&nbsp;
+</A><A NAME="999212">
+A large number used by a <a href="glossary.htm#1019976">cryptographic algorithm</a> to encrypt or decrypt data. A person's public key, for example, allows other people to encrypt messages to that person. The encrypted messages must be decrypted with the corresponding private key. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
+</A>
+<A NAME="Lightweight Directory Access Protocol (LDAP)"></A><A NAME="1022286">
+<B>Lightweight Directory Access Protocol (LDAP).</B>&nbsp;
+</A><A NAME="1022287">
+A protocol for accessing directory services across multiple platforms. LDAP is a simplified version of Directory Access Protocol (DAP), used to access X.500 directories. <P>
+</A>
+<A NAME="master key"></A><A NAME="1032598">
+<B>master key.</B>&nbsp;
+</A><A NAME="1032639">
+A symmetric key used by Personal Security Manager to encrypt information on behalf of other applications. For example, Netscape 6 uses Personal Security Manager and your master key to encrypt email passwords, web site passwords, and other stored sensitive information. See also <a href="glossary.htm#999604">symmetric encryption</a>.<P>
+</A>
+<A NAME="misrepresentation"></A><A NAME="1014057">
+<B>misrepresentation.</B>&nbsp;
+</A><A NAME="1014058">
+Presentation of an entity as a person or organization that it is not. For example, a web site might pretend to be a furniture store when it is really just a site that takes credit card payments but never sends any goods. See also <a href="glossary.htm#1014366">spoofing</a>.<P>
+</A>
+<A NAME="Netscape Certificate Management System"></A><A NAME="1018306">
+<B>Netscape Certificate Management System.</B>&nbsp;
+</A><A NAME="1018308">
+A highly configurable set of software components and tools for creating, deploying, and managing certificates. You enroll with the system to obtain certificates of all kinds; the system maintains information about the certificates it issues.<P>
+</A>
+<A NAME="nonrepudiation"></A><A NAME="999248">
+<B>nonrepudiation.</B>&nbsp;
+</A><A NAME="999254">
+The inability, of the sender of a message, to deny having sent the message. A regular hand-written signature provides one form of nonrepudiation. A <a href="glossary.htm#1013995">digital signature</a> provides another.<P>
+</A>
+<A NAME="object signing"></A><A NAME="1014095">
+<B>object signing.</B>&nbsp;
+</A><A NAME="1014096">
+A technology that allows software developers to sign Java code, JavaScript scripts, or any kind of file, and that allows users to identify the signers and control access by signed code to local system resources.<P>
+</A>
+<A NAME="object-signing certificate"></A><A NAME="1014097">
+<B>object-signing certificate.</B>&nbsp;
+</A><A NAME="1014098">
+A certificate whose corresponding private key is used to sign objects such as code files. See also <a href="glossary.htm#1014095">object signing</a>.<P>
+</A>
+<A NAME="Online Certificate Status Protocol (OCSP)"></A><A NAME="1029304">
+<B>Online Certificate Status Protocol (OCSP).</B>&nbsp;
+</A><A NAME="1029312">
+A set of rules that Personal Security Manager follows to perform an online check of an email certificate's validity each time the certificate is used. This process involves checking the certificate against a list of valid certificates maintained at a specified web site. Your computer must be online for OCSP to work.<P>
+</A>
+<A NAME="password-based authentication"></A><A NAME="1014123">
+<B>password-based authentication.</B>&nbsp;
+</A><A NAME="1014124">
+Confident identification by means of a name and password. See also <a href="glossary.htm#998782">authentication</a>.<P>
+</A>
+<A NAME="Personal Security Password"></A><A NAME="1032744">
+<B>Personal Security Password.</B>&nbsp;
+</A><A NAME="1032748">
+A password used by Personal Security Manager to protect the master key and/or private keys stored on a <a href="glossary.htm#1028962">security device</a>. Personal Security Manager needs to access your private keys, for example, when you sign email messages or use one of your own certificates to identify yourself to a web site. It needs to access your master key when it encrypts or decrypts information on behalf of another application&#151;for example, when Netscape 6 needs to store or access your email password. You can set or change your personal security password from the Certificates tab in Personal Security Manager. Each security device requires a separate Personal Security Password. See also <a href="glossary.htm#1015387">private key</a>, <a href="glossary.htm#1032598">master key</a>.<P>
+</A>
+<A NAME="PKCS #11"></A><A NAME="1025194">
+<B>PKCS #11.</B>&nbsp;
+</A><A NAME="1025195">
+The public-key cryptography standard that governs security devices such as smart cards. See also <a href="glossary.htm#1028962">security device</a>, <a href="glossary.htm#1027625">smart card</a>.<P>
+</A>
+<A NAME="PKCS #11 module"></A><A NAME="1025197">
+<B>PKCS #11 module.</B>&nbsp;
+</A><A NAME="1025271">
+A program on your computer that manages cryptographic services such as encryption and decryption using the PKCS #11 standard. PKCS #11 modules (also called <I>cryptographic modules</I>, <I>cryptographic service providers,</I> or <I>security modules</I>) can be thought of as drivers for cryptographic devices that can be implemented in either hardware or software. A PKCS #11 module always controls one or more slots<B>,</B> which may be implemented as physical hardware slots in some form of physical reader (for example, for smart cards) or as conceptual slots in software. Each slot for a PKCS #11 module can in turn contain a <a href="glossary.htm#1028962">security device</a> (also called <I>token</I>)<B>,</B> which is the hardware or software device that actually provides cryptographic services and optionally stores certificates and keys. Personal Security Manager provides a built-in PKCS #11 module. You may install additional modules on your computer to control smart card readers or other hardware devices.<P>
+</A>
+<A NAME="portable security password"></A><A NAME="1024655">
+<B>portable security password.</B>&nbsp;
+</A><A NAME="1024670">
+A password that protects a certificate that you are backing up or have previously backed up. Personal Security Manager asks you to set this password when you back up a certificate, and requests it when you attempt to restore a certificate that has previously been backed up. <P>
+</A>
+<A NAME="private key"></A><A NAME="1015387">
+<B>private key.</B>&nbsp;
+</A><A NAME="1015391">
+One of a pair of keys used in public-key cryptography. The private key is kept secret and is used to decrypt data that has been encrypted with the corresponding public key.<P>
+</A>
+<A NAME="PSM Private Keys security device"></A><A NAME="1032045">
+<B>PSM Private Keys security device.</B>&nbsp;
+</A><A NAME="1032110">
+The default <a href="glossary.htm#1028962">security device</a> used by Personal Security Manager to store private keys associated with your certificates. In addition to private keys, the PSM Private Keys security device stores the master key used by Netscape 6 to encrypt email passwords, web site passwords, and other sensitive information. See also <a href="glossary.htm#1015387">private key</a>, <a href="glossary.htm#1032598">master key</a>.<P>
+</A>
+<A NAME="public key"></A><A NAME="1019172">
+<B>public key.</B>&nbsp;
+</A><A NAME="1019173">
+One of a pair of keys used in public-key cryptography. The public key is distributed freely and published as part of a <a href="glossary.htm#1018895">certificate</a>. It is typically used to encrypt data sent to the public key's owner, who then decrypts the data with the corresponding private key.<P>
+</A>
+<A NAME="public-key cryptography"></A><A NAME="1019178">
+<B>public-key cryptography.</B>&nbsp;
+</A><A NAME="1023765">
+A set of well-established techniques and standards that allow an entity (such as a person, an organization, or hardware such as a router) to verify its identity electronically or to sign and encrypt electronic data. Two keys are involved: a <a href="glossary.htm#1019172">public key</a> and a <a href="glossary.htm#1015387">private key</a>. The public key is published as part of a <a href="glossary.htm#1018895">certificate</a>, which associates that key with a particular identity. The corresponding private key is kept secret. Data encrypted with the public key can be decrypted only with the private key. <P>
+</A>
+<A NAME="public-key infrastructure (PKI)"></A><A NAME="999412">
+<B>public-key infrastructure (PKI).</B>&nbsp;
+</A><A NAME="1014263">
+The standards and services that facilitate the use of public-key cryptography and certificates in a networked environment.<P>
+</A>
+<A NAME="root CA"></A><A NAME="1015631">
+<B>root CA.</B>&nbsp;
+</A><A NAME="1015635">
+The <a href="glossary.htm#1020903">certificate authority (CA)</a> with a self-signed certificate at the top of a <a href="glossary.htm#1018500">certificate chain</a>. See also <a href="glossary.htm#999541">subordinate CA</a>.<P>
+</A>
+<A NAME="Secure Sockets Layer (SSL)"></A><A NAME="999463">
+<B>Secure Sockets Layer (SSL).</B>&nbsp;
+</A><A NAME="999472">
+A protocol that allows mutual authentication between a <a href="glossary.htm#1029510">client</a> and a <a href="glossary.htm#1029749">server</a> for the purpose of establishing an authenticated and encrypted connection. SSL runs above TCP/IP and below HTTP, LDAP, IMAP, NNTP, and other high-level network protocols. The new Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL. See also <a href="glossary.htm#998782">authentication</a>, <a href="glossary.htm#999078">encryption</a>.<P>
+</A>
+<A NAME="security certificate"></A><A NAME="1028900">
+<B>security certificate.</B>&nbsp;
+</A><A NAME="1028904">
+See <a href="glossary.htm#1018895">certificate</a>.<P>
+</A>
+<A NAME="security device"></A><A NAME="1028962">
+<B>security device.</B>&nbsp;
+</A><A NAME="1028963">
+A hardware or software device that provides cryptographic services such as encryption and decryption and can store certificates and keys. A smart card is one example of a hardware security device. Personal Security Manager contains its own internal security device, called the <a href="glossary.htm#1032045">PSM Private Keys security device</a>, that is implemented in software. Each security device is protected by its own <a href="glossary.htm#1032744">Personal Security Password</a>.<P>
+</A>
+<A NAME="security module"></A><A NAME="1029083">
+<B>security module.</B>&nbsp;
+</A><A NAME="1029097">
+See <a href="glossary.htm#1025197">PKCS #11 module</a>.<P>
+</A>
+<A NAME="security token"></A><A NAME="1028905">
+<B>security token.</B>&nbsp;
+</A><A NAME="1028909">
+See <a href="glossary.htm#1028962">security device</a>.<P>
+</A>
+<A NAME="server"></A><A NAME="1029749">
+<B>server.</B>&nbsp;
+</A><A NAME="1029869">
+Software (such as software that serves up web pages) that receives requests from and sends information to a <a href="glossary.htm#1029510">client</a>, which is usually running on a different computer. A computer on which server software runs is also described as a server.<P>
+</A>
+<A NAME="server authentication"></A><A NAME="1031070">
+<B>server authentication.</B>&nbsp;
+</A><A NAME="1031080">
+The process of identifying a <a href="glossary.htm#1029749">server</a> to a <a href="glossary.htm#1029510">client</a> by using a <a href="glossary.htm#1029874">server SSL certificate</a>. See also <a href="glossary.htm#1021054">client authentication</a>, <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>.<P>
+</A>
+<A NAME="server SSL certificate"></A><A NAME="1029874">
+<B>server SSL certificate.</B>&nbsp;
+</A><A NAME="999500">
+A certificate that a <a href="glossary.htm#1029749">server</a> presents to a <a href="glossary.htm#1029510">client</a> to authenticate the server's identity using the <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a> protocol.<P>
+</A>
+<A NAME="signing certificate"></A><A NAME="999493">
+<B>signing certificate.</B>&nbsp;
+</A><A NAME="999507">
+A certificate whose corresponding <a href="glossary.htm#1015387">private key</a> is used to sign transmitted data, so that the receiver can verify the identity of the sender. Certificate authorities (CAs) often issue a signing certificate that will be used to sign email messages at the same time as an <a href="glossary.htm#1024953">encryption certificate</a> that will be used to encrypt email messages. See also <a href="glossary.htm#1020489">dual key pairs</a>, <a href="glossary.htm#1013995">digital signature</a>.<P>
+</A>
+<A NAME="signing key"></A><A NAME="1021282">
+<B>signing key.</B>&nbsp;
+</A><A NAME="1021283">
+A private key used for signing only. A signing key and its equivalent public key, together with an <a href="glossary.htm#1021254">encryption key</a> and its equivalent public key, constitute <a href="glossary.htm#1020489">dual key pairs</a>.<P>
+</A>
+<A NAME="slot"></A><A NAME="1025218">
+<B>slot.</B>&nbsp;
+</A><A NAME="1025222">
+A piece of hardware, or its equivalent in software, that is controlled by a <a href="glossary.htm#1025197">PKCS #11 module</a> and designed to contain a <a href="glossary.htm#1028962">security device</a>. <P>
+</A>
+<A NAME="smart card"></A><A NAME="1027625">
+<B>smart card.</B>&nbsp;
+</A><A NAME="1027626">
+A small device, typically about the size of a credit card, that contains a microprocessor and is capable of storing cryptographic information (such as keys and certificates) and performing cryptographic operations. Smart cards use the <a href="glossary.htm#1025194">PKCS #11</a> standard. A smart card is one kind of <a href="glossary.htm#1028962">security device</a>. <P>
+</A>
+<A NAME="spoofing"></A><A NAME="1014366">
+<B>spoofing.</B>&nbsp;
+</A><A NAME="1014367">
+Pretending to be someone else. For example, a person can pretend to have the email address <FONT FACE="courier, courier new, monospace">jdoe@mozilla.com</FONT>, or a computer can identify itself as a site called <FONT FACE="courier, courier new, monospace">www.mozilla.com</FONT> when it is not. Spoofing is one form of <a href="glossary.htm#1014057">misrepresentation</a>.<P>
+</A>
+<A NAME="SSL"></A><A NAME="999533">
+<B>SSL.</B>&nbsp;
+</A><A NAME="999539">
+See <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>. <P>
+</A>
+<A NAME="subject"></A><A NAME="1013880">
+<B>subject.</B>&nbsp;
+</A><A NAME="1013881">
+The entity (such as a person, organization, or router) identified by a <a href="glossary.htm#1018895">certificate</a>. In particular, the subject field of a certificate contains the certified entity's <a href="glossary.htm#1021328">subject name</a> and other characteristics.<P>
+</A>
+<A NAME="subject name"></A><A NAME="1021328">
+<B>subject name.</B>&nbsp;
+</A><A NAME="1021338">
+A <a href="glossary.htm#1022191">distinguished name (DN)</a> that uniquely describes the <a href="glossary.htm#1013880">subject</a> of a <a href="glossary.htm#1018895">certificate</a>.<P>
+</A>
+<A NAME="subordinate CA"></A><A NAME="999541">
+<B>subordinate CA.</B>&nbsp;
+</A><A NAME="999591">
+A <a href="glossary.htm#1020903">certificate authority (CA)</a> whose certificate is signed by another subordinate CA or by the root CA. See also <a href="glossary.htm#1018500">certificate chain</a>, <a href="glossary.htm#1015631">root CA</a>.<P>
+</A>
+<A NAME="symmetric encryption"></A><A NAME="999604">
+<B>symmetric encryption.</B>&nbsp;
+</A><A NAME="999625">
+An encryption method that uses a single cryptographic key to both encrypt and decrypt a given message.<P>
+</A>
+<A NAME="tamper detection"></A><A NAME="999618">
+<B>tamper detection.</B>&nbsp;
+</A><A NAME="999631">
+A mechanism ensuring that data received in electronic form has not been tampered with; that is, that the data received corresponds entirely with the original version of the same data.<P>
+</A>
+<A NAME="TLS"></A><A NAME="1027427">
+<B>TLS.</B>&nbsp;
+</A><A NAME="1027428">
+See <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>.<P>
+</A>
+<A NAME="token"></A><A NAME="1024528">
+<B>token.</B>&nbsp;
+</A><A NAME="1024586">
+See <a href="glossary.htm#1028962">security device</a>.<P>
+</A>
+<A NAME="trust"></A><A NAME="1019748">
+<B>trust.</B>&nbsp;
+</A><A NAME="1020186">
+Confident reliance on a person or other entity. In the context of <a href="glossary.htm#999412">public-key infrastructure (PKI)</a>, trust usually refers to the relationship between the user of a certificate and the <a href="glossary.htm#1020903">certificate authority (CA)</a> that issued the certificate. If you use Personal Security Manager to specify that you trust a CA, Personal Security Manager trusts valid certificates issued by that CA unless you specify otherwise in the settings for individual certificates. You use the Authorities panel of the Certificates tab in Personal Security Manager to specify the kinds of certificates you trust or don't trust different CAs to issue. <P>
+</A>
+<A NAME="1028719">
+<B></B><a href="glossary.htm#1028962"></a><P>
+</A>
+</dl>
+
+
+<BR>
+
+&copy; Copyright 2000 Netscape Communications Corporation
+</FONT> </CENTER>
+
+<BR>
+
+</BODY>
+
+</HTML>

mozilla/security/psm/doc/license.txt

@@ -0,0 +1,343 @@
+
+NETSCAPE CLIENT PRODUCTS LICENSE AGREEMENT
+Redistribution Or Rental Not Permitted
+
+These terms apply to Personal Security Manager.
+
+BY CLICKING THE ACCEPTANCE BUTTON OR INSTALLING OR
+USING PERSONAL SECURITY MANAGER SOFTWARE (THE "PRODUCT"), 
+THE INDIVIDUAL OR ENTITY LICENSING THE PRODUCT
+("LICENSEE") IS CONSENTING TO BE BOUND BY AND IS
+BECOMING A PARTY TO THIS AGREEMENT.  IF LICENSEE DOES
+NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, THE
+BUTTON INDICATING NON-ACCEPTANCE MUST BE
+SELECTED, AND LICENSEE MUST NOT INSTALL OR USE
+THE SOFTWARE.
+
+1. LICENSE AGREEMENT.  As used in this Agreement, for
+residents of Europe, the Middle East or Africa,
+"Netscape" shall mean Netscape Communications Ireland
+Limited; for residents of Japan, "Netscape" shall
+mean Netscape Communications (Japan), Ltd.; for
+residents of all other countries, "Netscape" shall
+mean Netscape Communications Corporation.  In this
+Agreement "Licensor" shall mean Netscape except under
+the following circumstances: (i) if Licensee acquired
+the Product as a bundled component of a third party
+product or service, then such third party shall be
+Licensor; and (ii) if any third party software is
+included as part of the default installation and no
+license is presented for acceptance the first time
+that third party software is invoked, then the use of
+that third party software shall be governed by this
+Agreement, but the term "Licensor," with respect to
+such third party software, shall mean the
+manufacturer of that software and not Netscape.  With
+the exception of the situation described in (ii)
+above, the use of any included third party software
+product shall be governed by the third party's
+license agreement and not by this Agreement, whether
+that license agreement is presented for acceptance
+the first time that the third party software is
+invoked, is included in a file in electronic form, or
+is included in the package in printed form.  If more
+than one license agreement was provided for the
+Product, and the terms vary, the order of precedence
+of those license agreements is as follows: a signed
+agreement, a license agreement available for review
+on the Netscape website, a printed or electronic
+agreement that states clearly that it supersedes
+other agreements, a printed agreement provided with
+the Product, an electronic agreement provided with
+the Product.
+
+2. LICENSE GRANT.  Licensor grants Licensee a
+non-exclusive and non-transferable license to
+reproduce and use for personal or internal business
+purposes the executable code version of the Product,
+provided any copy must contain all of the original
+proprietary notices.  This license does not entitle
+Licensee to receive from Netscape hard-copy
+documentation, technical support, telephone
+assistance, or enhancements or updates to the
+Product.  Licensee may not customize the Product
+unless Licensee has also licensed the Netscape
+Client Customization Kit ("CCK"), and then only to
+the extent permitted in the license agreement for CCK,
+as applicable.  Licensee may not redistribute the
+Product unless Licensee has separately entered into a
+distribution agreement with Netscape such as the
+Unlimited Distribution Program Agreement.
+
+3. RESTRICTIONS.  Except as otherwise expressly
+permitted in this Agreement, or in another Netscape
+agreement to which Licensee is a party such as the
+CCK license agreement or a distribution agreement,
+Licensee may not: (i) modify or create any derivative
+works of the Product or documentation, including translation
+or localization; (ii) decompile, disassemble, reverse engineer,
+or otherwise attempt to derive the source code for the
+Product (except to the extent applicable laws
+specifically prohibit such restriction or as provided by the
+Netscape Public License or Mozilla Public License
+for portions of the product governed by those licenses);
+(iii) redistribute, encumber, sell, rent, lease,
+sublicense, or otherwise transfer rights to the
+Product; (iv) remove or alter any trademark, logo,
+copyright or other proprietary notices, legends,
+symbols or labels in the Product; or (v) publish any
+results of benchmark tests run on the Product to a
+third party without Netscape's prior written
+consent.
+
+4. FEES.  There is no license fee for the Product.
+If Licensee wishes to receive the Product on media,
+there may be a small charge for the media and for
+shipping and handling.  Licensee is responsible for
+any and all taxes.
+
+5. TERMINATION.  Without prejudice to any other
+rights, Licensor may terminate this Agreement if
+Licensee breaches any of its terms and conditions.
+Upon termination, Licensee shall destroy all copies
+of the Product.
+
+6. PROPRIETARY RIGHTS.  Title, ownership rights, and
+intellectual property rights in the Product shall
+remain in Netscape and/or its suppliers.  Licensee
+acknowledges such ownership and intellectual property
+rights and will not take any action to jeopardize,
+limit or interfere in any manner with Netscape's or
+its suppliers' ownership of or rights with respect to
+the Product.  The Product is protected by copyright
+and other intellectual property laws and by
+international treaties.  Title and related rights in
+the content accessed through the Product is the
+property of the applicable content owner and is
+protected by applicable law.  The license granted
+under this Agreement gives Licensee no rights to such
+content.
+
+7. USE AND AVAILABILITY OF OPEN SOURCE
+CODE. Portions of Personal Security Manager were created using source
+code governed by the Netscape Public License (NPL) and
+the Mozilla Public License (MPL).  The source code for
+the portions of Personal Security Manager governed by the NPL and MPL
+is available from http://www.mozilla.org under those licenses.
+
+8. DISCLAIMER OF WARRANTY.  THE PRODUCT IS PROVIDED
+FREE OF CHARGE, AND, THEREFORE, ON AN "AS IS" BASIS,
+WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT
+LIMITATION THE WARRANTIES THAT IT IS FREE OF DEFECTS,
+MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR
+NON-INFRINGING.  THE ENTIRE RISK AS TO THE QUALITY
+AND PERFORMANCE OF THE PRODUCT IS BORNE BY LICENSEE.
+SHOULD THE PRODUCT PROVE DEFECTIVE IN ANY RESPECT,
+LICENSEE AND NOT LICENSOR OR ITS SUPPLIERS OR
+RESELLERS OR ANY CONTRIBUTORS TO THE SOURCE CODE
+OF THE PORTIONS OF PERSONAL SECURITY MANAGER AVAILABLE FROM
+HTTP://WWW.MOZILLA.ORG ASSUMES THE ENTIRE COST
+OF ANY SERVICE AND REPAIR.  IN ADDITION, THE SECURITY
+MECHANISMS IMPLEMENTED BY THE PRODUCT HAVE
+INHERENT LIMITATIONS, AND LICENSEE MUST DETERMINE
+THAT THE PRODUCT SUFFICIENTLY MEETS ITS REQUIREMENTS.
+THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL
+PART OF THIS AGREEMENT.  NO USE OF THE PRODUCT IS
+AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
+
+9. LIMITATION OF LIABILITY.  TO THE MAXIMUM EXTENT
+PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL
+LICENSOR OR ITS SUPPLIERS OR RESELLERS OR ANY
+CONTRIBUTORS TO THE SOURCE CODE OF THE PORTIONS OF 
+PERSONAL SECURITY MANAGER AVAILABLE FROM
+HTTP://WWW.MOZILLA.ORG BE LIABLE FOR
+ANY INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL
+DAMAGES ARISING OUT OF THE USE OF OR INABILITY TO USE
+THE PRODUCT, INCLUDING, WITHOUT LIMITATION, DAMAGES
+FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE
+OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL
+DAMAGES OR LOSSES, EVEN IF ADVISED OF THE POSSIBILITY
+THEREOF, AND REGARDLESS OF THE LEGAL OR EQUITABLE
+THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH THE
+CLAIM IS BASED.  IN ANY CASE, LICENSOR'S ENTIRE
+LIABILITY UNDER ANY PROVISION OF THIS AGREEMENT SHALL
+NOT EXCEED IN THE AGGREGATE THE SUM OF THE FEES
+LICENSEE PAID FOR THIS LICENSE (IF ANY) AND FEES FOR
+SUPPORT OF THE PRODUCT RECEIVED BY NETSCAPE UNDER A
+SEPARATE SUPPORT AGREEMENT (IF ANY), WITH THE
+EXCEPTION OF DEATH OR PERSONAL INJURY CAUSED BY THE
+NEGLIGENCE OF LICENSOR TO THE EXTENT APPLICABLE LAW
+PROHIBITS THE LIMITATION OF DAMAGES IN SUCH CASES.
+SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
+LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO
+THIS EXCLUSION AND LIMITATION MAY NOT BE APPLICABLE.
+NETSCAPE IS NOT RESPONSIBLE FOR ANY LIABILITY ARISING
+OUT OF CONTENT PROVIDED BY LICENSEE OR A THIRD PARTY
+THAT IS ACCESSED THROUGH THE PRODUCT AND/OR ANY
+MATERIAL LINKED THROUGH SUCH CONTENT.
+
+10. ENCRYPTION.  If Licensee wishes to use the
+cryptographic features of the Product, then Licensee
+may need to obtain and install a signed digital
+certificate from a certificate authority or a
+certificate server.  Licensee may be charged
+additional fees for certification services.  Licensee
+is responsible for maintaining the security of the
+environment in which the Product is used and the
+integrity of the private key file used with the
+Product.  In addition, the use of digital
+certificates is subject to the terms specified by the
+certificate provider, and there are inherent
+limitations in the capabilities of digital
+certificates.  If Licensee is sending or receiving
+digital certificates, Licensee is responsible for
+familiarizing itself with and evaluating such terms
+and limitations.  If the Product is a version with
+FORTEZZA, Licensee will need to obtain PC Card
+Readers and FORTEZZA Crypto Cards from another vendor
+to enable the FORTEZZA features.
+
+11. EXPORT CONTROL.  Licensee agrees to comply with
+all export laws and restrictions and regulations of
+the United States or foreign agencies or authorities,
+and not to export or re-export the Product or any
+direct product thereof in violation of any such
+restrictions, laws or regulations, or without all
+necessary approvals.  As applicable, each party shall
+obtain and bear all expenses relating to any
+necessary licenses and/or exemptions with respect to
+its own export of the Product from the U.S.  Neither
+the Product nor the underlying information or
+technology may be downloaded or otherwise exported or
+re-exported (i) into Cuba, Iran, Iraq, Libya, North
+Korea, Sudan, Syria or any other country subject to
+U.S. trade sanctions covering the Product, to
+individuals or entities controlled by such countries,
+or to nationals or residents of such countries other
+than nationals who are lawfully admitted permanent
+residents of countries not subject to such sanctions;
+or (ii) to anyone on the U.S. Treasury Department's
+list of Specially Designated Nationals and Blocked
+Persons or the U.S. Commerce Department's Table of
+Denial Orders.  By downloading or using the Product,
+Licensee agrees to the foregoing and represents and
+warrants that it complies with these conditions.
+
+12. HIGH RISK ACTIVITIES.  The Product is not
+fault-tolerant and is not designed, manufactured or
+intended for use or resale as on-line control
+equipment in hazardous environments requiring
+fail-safe performance, such as in the operation of
+nuclear facilities, aircraft navigation or
+communication systems, air traffic control, direct
+life support machines, or weapons systems, in which
+the failure of the Product could lead directly to
+death, personal injury, or severe physical or
+environmental damage ("High Risk Activities").
+Accordingly, Licensor and its suppliers specifically
+disclaim any express or implied warranty of fitness
+for High Risk Activities.  Licensee agrees that
+Licensor and its suppliers will not be liable for any
+claims or damages arising from the use of the Product
+in such applications.
+
+13. U.S. GOVERNMENT END USERS.  The Product is a
+"commercial item," as that term is defined in 48
+C.F.R. 2.101 (Oct. 1995), consisting of "commercial
+computer software" and "commercial computer software
+documentation," as such terms are used in 48 C.F.R.
+12.212 (Sept.  1995).  Consistent with 48 C.F.R.
+12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4
+(June 1995), all U.S. Government End Users acquire
+the Product with only those rights set forth herein.
+
+13. MISCELLANEOUS.  (a) This Agreement constitutes
+the entire agreement between the parties concerning
+the subject matter hereof.  (b) This Agreement may be
+amended only by a writing signed by both parties.
+(c) Except to the extent applicable law, if any,
+provides otherwise, this Agreement shall be governed
+by the laws of the State of California, U.S.A.,
+excluding its conflict of law provisions.  (d) Unless
+otherwise agreed in writing, all disputes relating to
+this Agreement (excepting any dispute relating to
+intellectual property rights) shall be subject to
+final and binding arbitration in Santa Clara County,
+California, under the auspices of JAMS/EndDispute,
+with the losing party paying all costs of
+arbitration.  (e) This Agreement shall not be
+governed by the United Nations Convention on
+Contracts for the International Sale of Goods.  (f)
+If any provision in this Agreement should be held
+illegal or unenforceable by a court having
+jurisdiction, such provision shall be modified to the
+extent necessary to render it enforceable without
+losing its intent, or severed from this Agreement if
+no such modification is possible, and other
+provisions of this Agreement shall remain in full
+force and effect.  (g) The controlling language of
+this Agreement is English.  If Licensee has received
+a translation into another language, it has been
+provided for Licensee's convenience only.  (h) A
+waiver by either party of any term or condition of
+this Agreement or any breach thereof, in any one
+instance, shall not waive such term or condition or
+any subsequent breach thereof.  (i) The provisions of
+this Agreement which require or contemplate
+performance after the expiration or termination of
+this Agreement shall be enforceable notwithstanding
+said expiration or termination.  (j) Licensee may not
+assign or otherwise transfer by operation of law or
+otherwise this Agreement or any rights or obligations
+herein except in the case of a merger or the sale of
+all or substantially all of Licensee's assets to
+another entity.  (k) This Agreement shall be binding
+upon and shall inure to the benefit of the parties,
+their successors and permitted assigns.  (l) Neither
+party shall be in default or be liable for any delay,
+failure in performance (excepting the obligation to
+pay) or interruption of service resulting directly or
+indirectly from any cause beyond its reasonable
+control.  (m) The relationship between Licensor and
+Licensee is that of independent contractors and
+neither Licensee nor its agents shall have any
+authority to bind Licensor in any way.  (n) If any
+dispute arises under this Agreement, the prevailing
+party shall be reimbursed by the other party for any
+and all legal fees and costs associated therewith.
+(o) If any Netscape professional services are being
+provided, then such professional services are
+provided pursuant to the terms of a separate
+Professional Services Agreement between Netscape and
+Licensee.  The parties acknowledge that such services
+are acquired independently of the Product licensed
+hereunder, and that provision of such services is not
+essential to the functionality of such Product.  (p)
+The headings to the sections of this Agreement are
+used for convenience only and shall have no
+substantive meaning.  (q) Licensor may use Licensee's
+name in any customer reference list or in any press
+release issued by Licensor regarding the licensing of
+the Product and/or provide Licensee's name and the
+names of the Product licensed by Licensee to third
+parties.
+
+14. LICENSEE OUTSIDE THE U.S.  If Licensee is located
+outside the U.S., then the provisions of this Section
+shall apply.  (i) Les parties aux presentes
+confirment leur volonte que cette convention de meme
+que tous les documents y compris tout avis qui s'y
+rattache, soient rediges en langue anglaise.
+(translation: "The parties confirm that this
+Agreement and all related documentation is and will
+be in the English language.")  (ii) Licensee is
+responsible for complying with any local laws in its
+jurisdiction which might impact its right to import,
+export or use the Product, and Licensee represents
+that it has complied with any regulations or
+registration procedures required by applicable law to
+make this license enforceable.
+
+
+Netscape Client Software EULA           Rev. [022500]
+

mozilla/security/psm/doc/psmtest.html

@@ -0,0 +1,29 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<head>
+  <title>Personal Security Manager Detection Page</title>
+  <script language=javascript>
+
+    function init_title()
+    {
+      with(window.frames.the_frame) {
+        document.write('<BODY><H1>Personal Security Manager Detection Page</H1><P><P>');
+        if (typeof(crypto.version) == "undefined") {
+          document.write('<FONT color="#ff0000">Personal Security Manager not loaded</FONT>');
+        } else {
+          document.write('<FONT color="#007700">Personal Security Manager&nbsp;Running&nbsp;(version ', crypto.version); 
+          document.write(')</FONT>'); 
+        }
+        document.write('</BODY>');
+        document.close();
+      }
+    }
+  
+
+
+</script>
+</head>
+
+<frameset rows="*,1" border=0 onload="init_title()">
+  <frame src="about:blank" name="the_frame">
+  <frame src="about:blank">
+</frameset>

mozilla/security/psm/doc/release_notes.html

@@ -0,0 +1,297 @@
+<!DOCTYPE html PUBLIC "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<head>
+   
+  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+   
+  <meta name="GENERATOR" content="Mozilla/4.75 [en] (WinNT; U) [Netscape]">
+   
+  <meta name="Author" content="Sean Cotter">
+  <title>Personal Security Manager Release Notes</title>
+</head>
+<body>
+<center>
+<h1><img src="bannerrn.gif" height="32" width="468" align="Center"></h1>
+</center>
+<center>
+<h2>Netscape Personal Security Manager</h2>
+</center>
+<center>
+<h2>Release 1.4</h2>
+</center>
+<center>
+<h2>12/18/2000</h2>
+</center>
+<center>
+<hr width="100%"></center>
+These release notes contain the most recent information about this release
+of Netscape Personal Security Manager. Please read these notes before using
+the software.
+<p>These notes include information for IS professionals who are thoroughly
+familiar with security and public-key infrastructure (PKI) issues.</p>
+<p>Use of this product is subject to the terms detailed in the license agreement
+at <a href="http://docs.iplanet.com/docs/manuals/psm/14/license.txt.">http://docs.iplanet.com/docs/manuals/psm/14/license.txt.</a></p>
+<p></p>
+<hr width="100%">
+<h2>Contents</h2>
+<a href="#Documentation">Documentation</a><br>
+<a href="#Changes Since PSM 1.3">Changes Since Personal Security Manager 1.3</a>
+<br>
+<a href="#Software/Hardware Requirements">Software/Hardware Requirements</a>
+<br>
+<a href="#unpacking">Installing Personal Security Manager</a><br>
+<a href="#Using the Test Bed">Using Personal Security Manager</a><br>
+<a href="#Known Bugs/Issues for 14 Release">Known Bugs/Issues for Personal
+Security Manager 1.4</a><br>
+<a href="#Feedback">Feedback</a>
+<p></p>
+<hr width="100%">
+<h2><a name="Documentation"></a>Documentation</h2>
+The following documentation is available with Personal Security Manager:
+<ul>
+  <li><a href="contents.htm">Personal Security Manager Help</a> -- This online
+help system can also be accessed by clicking the Help button in any personal
+Security Manager window.</li>
+  <li><a href="cmcjavascriptapi.html">JavaScript API for Client Certificate
+Management</a> -- This reference describes a new Javascript API for performing
+user certificate management operations with Personal Security Manager, including
+one-click issuance, forced certificate backup by end users, and automatic
+archival of encryption private keys.</li>
+</ul>
+For the latest release notes, deployment guide, and other information,see
+<a href="http://docs.iPlanet.com/docs/manuals/psm.html">http://docs.iPlanet.com/docs/manuals/psm.html</a><a href="http://developer.iPlanet.com/docs/manuals/psm.html">
+.</a>
+<p></p>
+<hr width="100%">
+<h2><a name="Changes Since PSM 1.3"></a>Changes Since Personal Security Manager
+1.3</h2>
+The <a href="http://www.ietf.org/rfc/rfc2246.txt">Transport Layer Security
+(TLS)</a> protocol is turned on by default in Personal Security Manager1.4.
+To turn TLS off, open Personal Security Manager, click the Advanced tab, click
+Options in the left frame, then deselect the checkbox labeled "Enable TLS."
+<p>TLS is an IETF standard based on the Secure Sockets Layer (SSL) protocol.
+It can be thought of as SSL version 3.1. Some servers that do not implement
+SSL correctly cannot negotiate the SSL handshake with client software (such
+as Personal Security Manager) that supports TLS. To allow Personal Security
+Manager to use SSL with such TLS-intolerant servers, you must disable TLS
+as described above.</p>
+<p>Most other changes since Personal Security Manager 1.3 involve minor bug
+fixes and optimizations.</p>
+<p>This version of Netscape Personal Security Manager ships with Netscape
+6 and also works with Mozilla and Communicator 4.7x. </p>
+<p></p>
+<hr width="100%">
+<h4><a name="Software/Hardware Requirements"></a><font size="+2">Software/Hardware
+Requirements</font></h4>
+<b>Operating systems supported:</b> Windows NT, Windows 95, Windows 98, Windows
+2000; Solaris 2.6, 2.7, 2.8; and Red Hat Linux 6.1.
+<p></p>
+<hr width="100%">
+<h2><a name="unpacking"></a>Installing Personal Security Manager</h2>
+Netscape Personal Security Manager 1.4 is installed with Netscape 6 and recent versions
+of Mozilla. 
+
+<p>When you install Netscape 6 on Windows, Personal Security Manager is installed
+in the directory <tt>C:\Program Files\Common Files\Netscape Shared\Security\</tt>.
+
+<p>When you install Netscape 6 on Unix, Personal Security Manager is installed
+in a directory called <tt>psm</tt> in the same directory where the <tt>netscape</tt>
+executable resides.<br>
+
+<p>The sections that follow describe how to install the Personal Security Manager 
+files for use with Communicator 4.7x.</p>
+<h3>Installing on Windows 95/98/2000/NT for Use With Communicator 4.7x</h3>
+
+To install Netscape Personal Security Manager on Windows 95/98/2000/NT for use with
+Communicator 4.7 or later, save the file in a convenient location with the
+specified filename, then drag the file's icon into a Navigator window (that
+is, a browser window displayed by Communicator). Dropping the file's icon
+over the browser window initiates SmartUpdate, which automatically installs
+Personal Security Manager. Afterinstallation is complete, exit Communicator
+and relaunch it. If your copy of Communicator is installed in the default
+location, SmartUpdate installs the Personal Security Manager files in the
+directory<tt>C:\Program Files\CommonFiles\Netscape Shared\Security\</tt>
+and adds the file <tt>cmnav.dll</tt>in the directory <tt>C:\Program Files\Netscape\Communicator\Program</tt>.<br>
+<h3>Installing on Unix for Use With Communicator 4.7x</h3>
+
+To install Personal Security Manager for use with Communicator 4.7 or later on Unix, you
+must be logged in as the same Unix user you will be logged in as when you
+run Communicator. For the Unix installation to succeed, you must have write
+privileges for both the directory where the Netscape executable resides and
+the directory where the installation script creates the directory containing
+the Personal Security Manager files. To install Personal Security Manager for
+use with Communicator 4.7x, download the tar file for the version of the product
+that you want to install and follow these steps:<br>
+<ol>
+  <li>Exit Communicator, if it is running.</li>
+  <li>Decompress the downloaded file to some convenient location.</li>
+  <li>Run the psm-install program.</li>
+</ol>
+The psm-install program allows you to specify the directory in which Personal
+Security Manager will be installed. In this release, you must install Personal
+Security Manager locally. To do so, you can either install it in the default
+location (<tt>/opt/netscape/security</tt>) or in some other local location. However,
+if you install Personal Security Manager anywhere other than the default
+location, Communicator must also be installed locally. To run Personal Security
+Manager on Unix, you must be logged in as the same Unix user you were logged
+in as when you installed it.<br>
+<h3>Disabling Personal Security Manager</h3>
+To <b>disable</b> Personal Security Manager temporarily, exit the browser,
+then:
+<ul>
+  <li>on Unix, remove the directory<tt>psm</tt> from the directory where
+the<tt>netscape</tt>executable resides.</li>
+  <li>on Windows, rename the directory <tt>C:\Program Files\Common Files\Netscape
+Shared\Security</tt> to something else.</li>
+</ul>
+<hr width="100%">
+<h2><a name="Using the Test Bed"></a>Using Personal Security Manager</h2>
+The sections that follow describe how to test some of the features of Personal
+Security Manager that are available with this release:
+<ul>
+  <li><a href="#Start Up Personal Security Manager with">Start Up Personal
+SecurityManager with Netscape 6</a></li>
+  <li><a href="#Use SSL with Server Authentication">Test Basic SSL</a></li>
+  <li><a href="#Get a Certificate">Get an SSL Client Certificate</a></li>
+  <li><a href="#View Your Personal Certificate">View Your Certificate</a></li>
+  <li><a href="#Using Your Personal Certificate for Client">Test Client Authentication</a></li>
+  <li><a href="#Validate Certificates Using OSCP">Validate Certificates Using
+OCSP</a></li>
+</ul>
+The sections that follow briefly describe how to test some of the features
+listed above.
+<p>For information on the JavaScript API supported by Personal SecurityManager,
+see <a href="cmcjavascriptapi.html">JavaScript API for ClientCertificate
+Management</a> and the Personal Security Manager DeploymentGuide. For the
+latest versions of these documents, see <a href="http://docs.iPlanet.com/docs/manuals/psm.html">
+http://docs.iPlanet.com/docs/manuals/psm.html</a>.</p>
+<h3><a name="Start Up Personal Security Manager with"></a>Use Personal Security
+Manager with Netscape 6</h3>
+Personal Security Manager starts automatically the first time Netscape 6
+needs to perform some action involving security, such as handling anSSL session.
+<p>Follow these steps to view your security settings and confirm that&nbsp;
+Personal Security Manager is running:</p>
+<ol>
+  <li>Launch Netscape 6.</li>
+  <li>Choose Security &amp; Privacy from the Tasks menu, then choose Security
+Manager to view your Personal Security Manager settings.</li>
+  <li>Close the Personal Security Manager window.</li>
+  <li>Go to the page <a href="psmtest.html">psmtest.html</a> (in the same
+directoryas these release notes), then choose Page Source from the View menu
+tosee the JavaScript code that a web programmer can use to detect Personal
+Security Manager and its version number.</li>
+</ol>
+Note that the version number has two parts. The first is the version ofthe
+PSM client library, and the second is the version of the PSM serverlibrary.
+<br>
+&nbsp;
+<h3><a name="Use SSL with Server Authentication"></a>Test Basic SSL</h3>
+Go to any online store, banking service, brokerage account, or other website
+that supports SSL. Verify that the lock in the lower-left corner ofthe browser
+window is closed when you reach the pages for which SSL shouldbe enabled,
+for example a page where you are asked to give your creditcard number.
+<h3><a name="Get a Certificate"></a>Get an SSL Client Certificate</h3>
+Go to any public or private CA and apply for an SSL client certificate.
+<p>To test one-click certificate issuance, dual key-pair certificates,and
+other Personal Security Manager features, system administrators shoulddownload,
+install, and configure Netscape Certificate Management System.For complete
+CMS documentation and other information, see <a href="http://docs.iPlanet.com/docs/manuals/cms.html">
+http://docs.iPlanet.com/docs/manuals/cms.html</a>.To download the latest
+version of CMS, see <a href="http://www.iplanet.com/downloads/download/">
+http://www.iplanet.com/downloads/download/</a>.</p>
+<h3><a name="View Your Personal Certificate"></a>View Your Certificate</h3>
+After you have obtained a certificate, follow these steps to view it:
+<ol>
+  <li>Click the Security icon in the Navigator toolbar.</li>
+  <li>Click the Certificates tab.</li>
+  <li>Click to select your certificate.</li>
+  <li>Click View.</li>
+</ol>
+You should see information about your new certificate.
+<h3><a name="Using Your Personal Certificate for Client"></a><font size="+1">
+TestClient Authentication</font></h3>
+Personal Security Manager allows the SSL server and client to negotiatewhich
+certificate to use, and in most cases they can agree on a singlecorrect certificate
+for the client to present. When this happens, the usercan access an SSL site
+that requires client authentication with zero additionalclicks.
+<p>To test client authentication with Netscape Enterprise Server, systemadministrators
+should follow these steps:</p>
+<ul>
+  <li>Install an Enterprise Server and configure it for client authentication
+as described in <a href="http://docs.iplanet.com/docs/manuals/cms/41/dep_gide/entsrv.htm">
+AppendixD, Using SSL with Enterprise Server 3.x</a>, of <i>Netscape Certificate
+Management System Installation and Deployment Guide</i>.</li>
+  <li>Test the Enterprise Server installation as described at the end of
+AppendixD using Personal Security Manager.</li>
+</ul>
+<h3><a name="Validate Certificates Using OSCP"></a>Validate Certificates
+UsingOSCP</h3>
+Personal Security Manager supports the use of the On-Line Certificate Status
+Protocol (OSCP) to check the validity of certificates in real time. Information
+about this protocol and how configure Personal Security Manager 1.3 andNetscape
+Certificate Management System 4.2 to support it is available from<a href="http://docs.iPlanet.com/docs/manuals/psm/12/psmdply.htm">
+http://docs.iPlanet.com/docs/manuals/psm/12/psmdply.htm</a>
+<p>It's important to note that Personal Security Manager will accept signatures
+from responders only under the following conditions:</p>
+<ul>
+  <li>The response was signed by a delegated responder--that is, the responder's
+certificate was signed by the same CA as the certificate&nbsp; you're trying
+to verify and has the <tt>extendedKeyUsage</tt> bit set indicating thatthe
+certificate is an OCSP response signer. The certificate should be thesame
+as a CA certificate with the addition of the <tt>extendedKeyUsage</tt>bit.</li>
+  <li>The user has designated a default responder in the OCSP Settings dialog
+box (available from the Advanced tab under Options).</li>
+</ul>
+Common problems include the following:
+<ul>
+  <li>Time drift between the client and server machine. Personal Security
+Managerexpects the time of the response to be within the past 24 hours. If
+thereis a difference in the clocks between the machine used to sign the response,
+so the response looks to Personal Security Manager like it was signed inthe
+future, Personal Security Manager interprets this as an error. Runntp on
+both machines to fix this problem.</li>
+  <li>The response doesn't include the certificates required to complete
+thechain needed to verify the signer's certificate. The client frequently
+doesn't have all the certificates in the database that are needed to verify
+the signer's certificate, in which case Personal Security Manager can'tverify
+the signer's certificate and OCSP fails. Make sure the entire chainis included
+with every response. This is the safest way to avoid this problem.</li>
+  <li>If you are using ValiCert, misconfiguration may cause the Validation
+Authoritynot to send the certificate chain (including the CA root certificate
+andthe OCSP responder's certificate) correctly.</li>
+</ul>
+<hr width="100%">
+<h2><a name="Known Bugs/Issues for 14 Release"></a>Known Bugs/Issues for
+Personal Security Manager 1.4</h2>
+<ul>
+  <li>To run Personal Security Manager on Unix with Netscape 6 or Communicator,
+you must be logged in as thesame Unix user you were logged in as when the
+browser was installed.</li>
+  <li>FORTEZZA is not guaranteed to work with this release. [# 94220]</li>
+  <li>In some unusual circumstances you may encounter problems such as valid
+certificates not being verified or the browser freezing up. If you encounter
+a problem that doesn't appear to have a logical explanation, try the following
+as a last resort:</li>
+  <ol>
+    <li>Exit the browser, then relaunch it. If necessary, use Control-Alt-Delete
+on Windows 95/98/2000/NT to bring up the Task Manager and click End Process
+for both <tt>psm.exe</tt> and <tt>netscp6.exe</tt>.</li>
+    <li><b>Warning:</b> <b>Before taking this step, back up your own certificates
+stored internally by Personal Security Manager.</b> If exiting and relaunching
+the browser doesn't take care of the problem, in some rare cases it maywork
+to exit the browser, then delete or rename your <tt>cert7.db</tt> and<tt>
+key3.db</tt>files (located in your user profile directory on Windows 95/98/2000/NT,
+or in the directory in which the Netscape or Mozilla executable resideson
+Unix) and relaunch the browser. You should also look for all otherfiles in
+the same directory that begin with <tt>cert</tt> or<tt>key</tt>and end in
+      <tt>.db</tt> and delete those files as well before relaunchingthe browser.</li>
+  </ol>
+</ul>
+<hr width="100%">
+<h2><a name="Feedback"></a>Feedback</h2>
+To send feedback to the Personal Security Manager development team, send email
+to <a href="mailto:psmfeedback@netscape.com">psmfeedback@netscape.com</a>. 
+Feedback back sent to this address will be read by the team, but you will
+not receive a personal response.
+</body>
+</html>

mozilla/security/psm/lib/Makefile

@@ -0,0 +1,74 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+

mozilla/security/psm/lib/Makefile.in

@@ -0,0 +1,32 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= protocol client nlslayer
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/security/psm/lib/client/MANIFEST

@@ -0,0 +1,3 @@
+cmtclist.h
+cmtcmn.h
+cmtjs.h

mozilla/security/psm/lib/client/Makefile

@@ -0,0 +1,74 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include config.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+

mozilla/security/psm/lib/client/Makefile.in

@@ -0,0 +1,74 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+LIBRARY_NAME	= cmt
+
+EXPORTS = \
+	cmtcmn.h \
+	cmtjs.h  \
+	cmtclist.h \
+	$(NULL)
+
+MODULE = security
+
+CSRCS = cmtinit.c  \
+	cmtssl.c   \
+	cmtutils.c \
+	cmtcert.c  \
+	cmthash.c  \
+	cmtpkcs7.c \
+	cmtres.c   \
+	cmtjs.c    \
+	cmtevent.c \
+        cmtpasswd.c \
+	cmtadvisor.c \
+	cmtrng.c \
+	cmtsdr.c \
+	$(NULL)
+
+ifeq ($(MOZ_OS2_TOOLS),VACPP)
+EXTRA_DSO_LDOPTS	+= $(DIST)/lib/protocol.$(LIB_SUFFIX)
+else
+EXTRA_DSO_LDOPTS	+= -L$(DIST)/lib -lprotocol
+endif
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/security/psm/lib/client/cmtadvisor.c

@@ -0,0 +1,99 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#ifdef XP_MAC
+#include "cmtmac.h"
+#endif
+
+CMTStatus CMT_SecurityAdvisor(PCMT_CONTROL control, CMTSecurityAdvisorData* data, CMUint32 *resID)
+{
+    CMTItem message = {0, NULL, 0};
+    SecurityAdvisorRequest request;
+    SingleNumMessage reply;
+
+    if (!control) {
+        return CMTFailure;
+    }
+
+    if (!data) {
+        return CMTFailure;
+    }
+
+    request.infoContext = data->infoContext;
+    request.resID = data->resID;
+    request.hostname = data->hostname;
+	request.senderAddr = data->senderAddr;
+	request.encryptedP7CInfo = data->encryptedP7CInfo;
+	request.signedP7CInfo = data->signedP7CInfo;
+	request.decodeError = data->decodeError;
+	request.verifyError = data->verifyError;
+	request.encryptthis = data->encryptthis;
+	request.signthis = data->signthis;
+	request.numRecipients = data->numRecipients;
+	request.recipients = data->recipients;
+    message.type = SSM_REQUEST_MESSAGE | SSM_SECURITY_ADVISOR;
+
+    if (CMT_EncodeMessage(SecurityAdvisorRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Send the message and get the response */
+	if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+	}
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_SECURITY_ADVISOR)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *resID = reply.value;
+
+    return CMTSuccess;
+loser:
+
+    if (message.data) {
+        free(message.data);
+    }
+    return CMTFailure;
+}
+
+
+
+

mozilla/security/psm/lib/client/cmtclist.h

@@ -0,0 +1,111 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef cmtclist_h___
+#define cmtclist_h___
+
+typedef struct CMTCListStr CMTCList;
+/*
+** Circular linked list
+*/
+struct CMTCListStr {
+    CMTCList	*next;
+    CMTCList	*prev;
+};
+
+/*
+** Insert element "_e" into the list, before "_l".
+*/
+#define CMT_INSERT_BEFORE(_e,_l)	 \
+	(_e)->next = (_l);	 \
+	(_e)->prev = (_l)->prev; \
+	(_l)->prev->next = (_e); \
+	(_l)->prev = (_e);	 \
+
+/*
+** Insert element "_e" into the list, after "_l".
+*/
+#define CMT_INSERT_AFTER(_e,_l)	 \
+	(_e)->next = (_l)->next; \
+	(_e)->prev = (_l);	 \
+	(_l)->next->prev = (_e); \
+	(_l)->next = (_e);	 \
+
+/*
+** Append an element "_e" to the end of the list "_l"
+*/
+#define CMT_APPEND_LINK(_e,_l) CMT_INSERT_BEFORE(_e,_l)
+
+/*
+** Insert an element "_e" at the head of the list "_l"
+*/
+#define CMT_INSERT_LINK(_e,_l) CMT_INSERT_AFTER(_e,_l)
+
+/* Return the head/tail of the list */
+#define CMT_LIST_HEAD(_l) (_l)->next
+#define CMT_LIST_TAIL(_l) (_l)->prev
+
+/*
+** Remove the element "_e" from it's circular list.
+*/
+#define CMT_REMOVE_LINK(_e)	       \
+	(_e)->prev->next = (_e)->next; \
+	(_e)->next->prev = (_e)->prev; \
+
+/*
+** Remove the element "_e" from it's circular list. Also initializes the
+** linkage.
+*/
+#define CMT_REMOVE_AND_INIT_LINK(_e)    \
+	(_e)->prev->next = (_e)->next; \
+	(_e)->next->prev = (_e)->prev; \
+	(_e)->next = (_e);	       \
+	(_e)->prev = (_e);	       \
+
+/*
+** Return non-zero if the given circular list "_l" is empty, zero if the
+** circular list is not empty
+*/
+#define CMT_CLIST_IS_EMPTY(_l) \
+    ((_l)->next == (_l))
+
+/*
+** Initialize a circular list
+*/
+#define CMT_INIT_CLIST(_l)  \
+	(_l)->next = (_l); \
+	(_l)->prev = (_l); \
+
+#define CMT_INIT_STATIC_CLIST(_l) \
+    {(_l), (_l)}
+
+#endif /* cmtclist_h___ */

mozilla/security/psm/lib/client/cmtevent.c

@@ -0,0 +1,480 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include <string.h>
+#ifdef XP_UNIX
+#include <sys/time.h>
+#endif
+
+/* Typedefs */
+typedef void (*taskcompleted_handler_fn)(CMUint32 resourceID, CMUint32 numReqProcessed, CMUint32 resultCode, void* data);
+
+CMTStatus CMT_SetUIHandlerCallback(PCMT_CONTROL control, 
+                                   uiHandlerCallback_fn f, void *data)
+{
+    return CMT_RegisterEventHandler(control, SSM_UI_EVENT, 0,
+                                    (void_fun)f, data);
+}
+
+void CMT_SetFilePathPromptCallback(PCMT_CONTROL control,
+                                   filePathPromptCallback_fn f, void* arg)
+{
+    control->userFuncs.promptFilePath = f;
+    control->userFuncs.filePromptArg  = arg;
+}
+
+void CMT_SetPromptCallback(PCMT_CONTROL control, 
+                           promptCallback_fn f, void *arg)
+{
+    control->userFuncs.promptCallback = f;
+    control->userFuncs.promptArg      = arg;
+}
+
+void CMT_SetSavePrefsCallback(PCMT_CONTROL control, savePrefsCallback_fn f)
+{
+    control->userFuncs.savePrefs = f;
+}
+
+CMTStatus CMT_RegisterEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                                   CMUint32 resourceID, void_fun handler, 
+                                   void* data)
+{
+    PCMT_EVENT ptr;
+
+    /* This is the first connection */
+    if (control->cmtEventHandlers == NULL) {
+        control->cmtEventHandlers = ptr = 
+            (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+        if (!ptr) {
+            goto loser;
+        }
+    } else {
+        /* Look for another event handler of the same type.  Make sure the
+           event handler with a rsrcid of 0 is farther down the list so
+	   that it doesn't get chosen when there's an event handler for
+	   a specific rsrcid.
+	 */
+	for (ptr=control->cmtEventHandlers; ptr != NULL; ptr = ptr->next) {
+            if (ptr->type == type && resourceID != 0) {
+                /* So we've got an event handler that wants to over-ride
+                   an existing event handler.  We'll put it before the one
+                   that's already here.
+                 */
+                if (ptr->previous == NULL) {
+                    /* We're going to insert at the front of the list*/
+                    control->cmtEventHandlers = ptr->previous = 
+                        (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+                    if (ptr->previous == NULL) {
+                        goto loser;
+		    }
+		    ptr->previous->next = ptr;
+		    ptr = control->cmtEventHandlers;
+		} else {
+		    /* We want to insert in the middle of the list */
+		    PCMT_EVENT tmpEvent;
+		    
+		    tmpEvent = (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+		    if (tmpEvent == NULL) {
+		        goto loser;
+		    }
+		    tmpEvent->previous  = ptr->previous;
+		    ptr->previous->next = tmpEvent;
+		    tmpEvent->next      = ptr;
+		    ptr->previous       = tmpEvent;
+		    ptr = tmpEvent;
+		}
+		break;
+	    }
+	    if (ptr->next == NULL) break;
+	}
+	if (ptr == NULL) {
+	    goto loser;	
+	}
+	if (ptr->next == NULL) {
+	    /* We're adding the event handler at the end of the list. */
+	    ptr->next = (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+	    if (!ptr->next) {
+	        goto loser;
+	    } 
+	    /* Fix up the pointers */
+	    ptr->next->previous = ptr;
+	    ptr = ptr->next;
+	}
+    }
+
+    /* Fill in the data */
+    ptr->type = type;
+    ptr->resourceID = resourceID;
+    ptr->handler = handler;
+    ptr->data = data;
+    
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_UnregisterEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                                     CMUint32 resourceID) 
+{
+    PCMT_EVENT ptr, pptr = NULL;
+    
+    for (ptr = control->cmtEventHandlers; ptr != NULL;
+	 pptr = ptr, ptr = ptr->next) {
+        if ((ptr->type == type) && (ptr->resourceID == resourceID)) {
+	    if (pptr == NULL) {
+	        /* node is at head */
+	        control->cmtEventHandlers = ptr->next;
+            if (control->cmtEventHandlers != NULL) {
+                control->cmtEventHandlers->previous = NULL;
+            }
+            free(ptr);
+            return CMTSuccess;
+	    }
+	    /* node is elsewhere */
+	    pptr->next = ptr->next;
+        if (ptr->next != NULL) {
+            ptr->next->previous = pptr;
+        }
+	    free(ptr);
+	    return CMTSuccess;
+        }
+    }
+    return CMTFailure;
+}
+
+PCMT_EVENT CMT_GetEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                               CMUint32 resourceID)
+{
+    PCMT_EVENT ptr;
+    
+    for (ptr = control->cmtEventHandlers; ptr != NULL; ptr = ptr->next) {
+        if ((ptr->type == type) && ((ptr->resourceID == resourceID) || 
+                                    !ptr->resourceID)) {
+            return ptr;
+        }
+    }
+    return NULL;
+}
+
+PCMT_EVENT CMT_GetFirstEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                                    CMUint32 resourceID)
+{
+    PCMT_EVENT ptr;
+
+    for (ptr = control->cmtEventHandlers; ptr != NULL; ptr = ptr->next) {
+        if ((ptr->type == type) && ((ptr->resourceID == resourceID) || 
+                                    !ptr->resourceID)) {
+            return ptr;
+        }
+    }
+    return NULL;
+}
+
+PCMT_EVENT CMT_GetNextEventHandler(PCMT_CONTROL control, PCMT_EVENT e)
+{
+    PCMT_EVENT ptr;
+
+    for (ptr = control->cmtEventHandlers; ptr != NULL || ptr == e; 
+         ptr = ptr->next) {
+    }
+
+    for (; ptr != NULL; ptr = ptr->next) {
+        if ((ptr->type == e->type) && ((ptr->resourceID == e->resourceID) || 
+                                       !ptr->resourceID)) {
+            return ptr;
+        }
+    }
+    return NULL;
+}
+
+void CMT_ProcessEvent(PCMT_CONTROL cm_control)
+{
+    CMTSocket sock; 
+    CMTItem eventData={ 0, NULL, 0 };
+
+    /* Get the control socket */
+    sock = cm_control->sock;
+
+    /* Acquire a lock on the control connection */
+    CMT_LOCK(cm_control->mutex);
+    /* Do another select here to be sure 
+       that the socket is readable */
+    if (cm_control->sockFuncs.select(&sock, 1, 1) != sock) {
+        /* There's no event. */
+        goto done;
+    }
+
+    /* Read the event */
+    if (CMT_ReceiveMessage(cm_control, &eventData) == CMTFailure) {
+        goto done;
+    }
+    CMT_UNLOCK(cm_control->mutex);
+    /* Dispatch the event */
+    CMT_DispatchEvent(cm_control, &eventData);
+    return;
+done:
+    /* Release the lock on the control connection */
+    CMT_UNLOCK(cm_control->mutex);
+}
+
+void CMT_EventLoop(PCMT_CONTROL cm_control)
+{
+    CMTSocket sock;
+
+    /* Get the control socket */
+    sock = cm_control->sock;
+    CMT_ReferenceControlConnection(cm_control);
+    /* Select on the control socket to see if it's readable */
+    while(cm_control->sockFuncs.select(&sock, 1, 0)) {
+      CMT_ProcessEvent(cm_control);
+    }
+    CMT_CloseControlConnection(cm_control);
+    return;
+}
+
+void
+CMT_PromptUser(PCMT_CONTROL cm_control, CMTItem *eventData)
+{
+    char *promptReply  = NULL;
+    CMTItem   response={ 0, NULL, 0 };
+    PromptRequest request;
+    PromptReply reply;
+    void * clientContext;
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(PromptRequestTemplate, &request, eventData) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Copy the client context to a pointer */
+    clientContext = CMT_CopyItemToPtr(request.clientContext);
+
+    if (cm_control->userFuncs.promptCallback == NULL) {
+        goto loser;
+    }
+    promptReply = 
+        cm_control->userFuncs.promptCallback(cm_control->userFuncs.promptArg, 
+                                             request.prompt, clientContext, 1);
+
+    response.type = SSM_EVENT_MESSAGE | SSM_PROMPT_EVENT;
+    if (!promptReply) {
+        /* the user canceled the prompt or other errors occurred */
+        reply.cancel = CM_TRUE;
+    }
+    else {
+        /* note that this includes an empty string (zero length) password */
+        reply.cancel = CM_FALSE;
+    }
+    reply.resID = request.resID;
+    reply.promptReply = promptReply;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(PromptReplyTemplate, &response, &reply) != CMTSuccess) {
+        goto loser;
+    }
+
+    CMT_TransmitMessage(cm_control, &response);
+ loser:
+    if (promptReply != NULL) {
+      cm_control->userFuncs.userFree(promptReply);
+    }
+    return;
+}
+
+void CMT_GetFilePath(PCMT_CONTROL cm_control, CMTItem * eventData)
+{
+    char *fileName=NULL;
+    CMTItem response = { 0, NULL, 0 };
+    FilePathRequest request;
+    FilePathReply reply;
+
+    /* Decode the request */
+    if (CMT_DecodeMessage(FilePathRequestTemplate, &request, eventData) != CMTSuccess) {
+        goto loser;
+    }
+
+    if (cm_control->userFuncs.promptFilePath == NULL) {
+        goto loser;
+    }
+    fileName = 
+     cm_control->userFuncs.promptFilePath(cm_control->userFuncs.filePromptArg,
+                                          request.prompt, request.fileRegEx, 
+                                          request.getExistingFile);
+
+    response.type = SSM_EVENT_MESSAGE | SSM_FILE_PATH_EVENT;
+    reply.resID = request.resID;
+    reply.filePath = fileName;
+
+    /* Encode the reply */
+    if (CMT_EncodeMessage(FilePathReplyTemplate, &response, &reply) != CMTSuccess) {
+        goto loser;
+    }
+
+    CMT_TransmitMessage(cm_control, &response);
+    cm_control->userFuncs.userFree(fileName); 
+loser:
+   return;
+}
+
+void CMT_SavePrefs(PCMT_CONTROL cm_control, CMTItem* eventData)
+{
+    SetPrefListMessage request;
+    int i;
+
+    /* decode the request */
+    if (CMT_DecodeMessage(SetPrefListMessageTemplate, &request, eventData) !=
+        CMTSuccess) {
+        return;
+    }
+
+    if (cm_control->userFuncs.savePrefs == NULL) {
+        /* callback was not registered: bail */
+        return;
+    }
+    cm_control->userFuncs.savePrefs(request.length, 
+                                    (CMTSetPrefElement*)request.list);
+
+    for (i = 0; i < request.length; i++) {
+        if (request.list[i].key != NULL) {
+            free(request.list[i].key);
+        }
+        if (request.list[i].value != NULL) {
+            free(request.list[i].value);
+        }
+    }
+    return;
+}
+
+void CMT_DispatchEvent(PCMT_CONTROL cm_control, CMTItem * eventData)
+{
+    CMUint32 eventType;
+    CMTItem msgCopy;
+
+    /* Init the msgCopy */
+    msgCopy.data = 0;    
+
+    /* Get the event type */
+    if ((eventData->type & SSM_CATEGORY_MASK) != SSM_EVENT_MESSAGE) {
+        /* Somehow there was a message on the socket that was not 
+         * an event message.  Dropping it on the floor.
+         */
+        goto loser;
+    }
+    eventType = (eventData->type & SSM_TYPE_MASK);
+
+    /* We must now dispatch the event based on it's type */
+    switch (eventType) {
+        case SSM_UI_EVENT:
+        {
+            PCMT_EVENT p;
+            UIEvent event;
+            void * clientContext = NULL;
+
+	    /* Copy the message to allow a second try with the old format */
+	    msgCopy.len = eventData->len;
+	    msgCopy.data = calloc(msgCopy.len, 1);
+	    if (msgCopy.data) {
+              memcpy(msgCopy.data, eventData->data, eventData->len);
+	    }
+
+            /* Get the event data first */
+            if (CMT_DecodeMessage(UIEventTemplate, &event, eventData) != CMTSuccess) {
+		/* Attempt to decode using the old format.  Modal is True */
+		if (!msgCopy.data || 
+		    CMT_DecodeMessage(OldUIEventTemplate, &event, &msgCopy) != CMTSuccess) {
+                  goto loser;
+                }
+
+                /* Set default modal value */
+                event.isModal = CM_TRUE;
+            }
+
+            /* Convert the client context to a pointer */
+            clientContext = CMT_CopyItemToPtr(event.clientContext);
+
+            /* Call any handlers for this event */
+            p = CMT_GetEventHandler(cm_control, eventType, event.resourceID);
+            if (!p) {
+                goto loser;
+            }
+            (*(uiHandlerCallback_fn)(p->handler))(event.resourceID, 
+                                                  clientContext, event.width,
+                                                  event.height, event.isModal, event.url, 
+                                                  p->data);
+            break;
+        }
+
+        case SSM_TASK_COMPLETED_EVENT:
+        {
+           PCMT_EVENT p;
+           TaskCompletedEvent event;
+
+            /* Get the event data */
+            if (CMT_DecodeMessage(TaskCompletedEventTemplate, &event, eventData) != CMTSuccess) {
+                goto loser;
+            }
+
+            /* Call handler for this event */
+            p = CMT_GetEventHandler(cm_control, eventType, event.resourceID);
+            if (!p) {
+                goto loser;
+            }
+            (*(taskcompleted_handler_fn)(p->handler))(event.resourceID, 
+                                                      event.numTasks, 
+                                                      event.result, p->data);
+            break;
+        }
+        case SSM_AUTH_EVENT: 
+             CMT_ServicePasswordRequest(cm_control, eventData);
+             break;
+        case SSM_FILE_PATH_EVENT:
+    	     CMT_GetFilePath(cm_control, eventData);
+             break;
+        case SSM_PROMPT_EVENT:
+	         CMT_PromptUser(cm_control, eventData);
+	         break;
+        case SSM_SAVE_PREF_EVENT:
+            CMT_SavePrefs(cm_control, eventData);
+            break;
+        default:
+            break;
+    }
+loser:
+    free(eventData->data);
+    free(msgCopy.data);
+    return;
+}
+

mozilla/security/psm/lib/client/cmthash.c

@@ -0,0 +1,216 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2)
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#include "string.h"
+#else
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+
+CMTStatus CMT_HashCreate(PCMT_CONTROL control, CMUint32 algID, 
+                         CMUint32 * connID)
+{
+    CMTItem message;
+    SingleNumMessage request;
+    DataConnectionReply reply;
+
+    /* Check passed in parameters */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.value = algID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_HASH_STREAM;
+
+    /* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the response */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_HASH_STREAM)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        CMTSocket sock;
+
+        sock = control->sockFuncs.socket(0);
+        if(sock == NULL) {
+            goto loser;
+        }
+        
+        if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+        }
+        /* Send the hello message */
+		control->sockFuncs.send(sock, control->nonce.data, control->nonce.len);
+
+        /* Save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID)
+		    != CMTSuccess) {
+            goto loser;
+        }
+
+        /* Set the connection ID */
+        *connID = reply.connID;
+        return CMTSuccess;
+	} 
+loser:
+    *connID = 0;
+	return CMTFailure;
+}
+
+CMTStatus CMT_HASH_Destroy(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    if (!control) {
+        goto loser;
+    }
+
+    /* Get the cotext implementation data */
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+
+    return CMTFailure;
+}
+
+CMTStatus CMT_HASH_Begin(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    return CMTSuccess;
+}
+
+CMTStatus CMT_HASH_Update(PCMT_CONTROL control, CMUint32 connectionID, const unsigned char * buf, CMUint32 len)
+{
+    CMTSocket sock;
+    CMUint32 sent;
+
+    /* Do some parameter checking */
+    if (!control || !buf) {
+        goto loser;
+    }
+
+    /* Get the data socket */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Write the data to the socket */
+    sent = CMT_WriteThisMany(control, sock, (void*)buf, len);
+    if (sent != len) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+
+    return CMTFailure;
+}
+
+CMTStatus CMT_HASH_End(PCMT_CONTROL control, CMUint32 connectionID, 
+                       unsigned char * result, CMUint32 * resultlen, 
+                       CMUint32 maxLen)
+{
+    CMTItem hash = { 0, NULL, 0 };
+
+    /* Do some parameter checking */
+    if (!control || !result || !resultlen) {
+        goto loser;
+    }
+
+    /* Close the connection */
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Get the context info */
+    if (CMT_GetStringAttribute(control, connectionID, SSM_FID_HASHCONN_RESULT,
+                               &hash) == CMTFailure) {
+        goto loser;
+    }
+    if (!hash.data) {
+        goto loser;
+    }
+
+    *resultlen = hash.len;
+    if (hash.len > maxLen) {
+        memcpy(result, hash.data, maxLen);
+    } else {
+        memcpy(result, hash.data, hash.len);
+    }   
+
+    if (hash.data) {
+        free(hash.data);
+    }
+
+    return CMTSuccess;
+
+loser:
+    if (hash.data) {
+        free(hash.data);
+    }
+
+    return CMTFailure;
+}

mozilla/security/psm/lib/client/cmtimpl.h

@@ -0,0 +1,56 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __CMTIMPL_H_
+#define __CMTIMPL_H_
+
+typedef unsigned long CMT_HANDLE;
+
+struct _CMTControl {
+  CMT_HANDLE channelID;
+  int socketID;
+  CMTStatus (* cmtEventCallback)(struct _CMTControl * control, 
+				 CMTItem * event,  void * arg);
+  void * cmtEventCallbackArg;
+  struct _CMTData * cmtDataConnection;
+} _CMTControl;
+
+
+
+struct _CMTData {
+  CMT_HANDLE channelID;
+  int socketID;
+  struct _CMTData * next;
+  struct _CMTData * previous;
+};
+
+#endif /*__CMTIMPL_H_*/

mozilla/security/psm/lib/client/cmtinit.c

@@ -0,0 +1,490 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2)
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/stat.h>
+#ifndef XP_BEOS
+#include <netinet/tcp.h>
+#endif
+#else
+#ifdef XP_MAC
+#include <Events.h> // for WaitNextEvent
+#else /* Windows */
+#include <windows.h>
+#include <winsock.h>
+#include <direct.h>
+#include <sys/stat.h>
+#endif
+#endif
+
+#include "messages.h"
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include <string.h>
+
+#if defined(XP_UNIX) || defined(XP_BEOS)
+#define DIRECTORY_SEPARATOR '/'
+#elif defined(WIN32) || defined(XP_OS2)
+#define DIRECTORY_SEPARATOR '\\'
+#elif defined XP_MAC
+#define DIRECTORY_SEPARATOR ':'
+#endif
+
+/* Local defines */
+#define CARTMAN_PORT	11111
+#define MAX_PATH_LEN    256
+
+/* write to the cmnav.log */
+#if 0
+#define LOG(x); do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, x); fclose(f); } } while(0);
+#define LOG_S(x); do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, "%s", x); fclose(f); } } while(0);
+#define ASSERT(x); if (!(x)) { LOG("ASSERT:"); LOG(#x); LOG("\n"); exit(-1); }
+#else
+#define LOG(x); ;
+#define LOG_S(x); ;
+#define ASSERT(x); ;
+#endif
+
+static char*
+getCurrWorkDir(char *buf, int maxLen)
+{
+#if defined WIN32
+    return _getcwd(buf, maxLen);
+#elif defined(XP_UNIX) || defined(XP_BEOS)
+    return getcwd(buf, maxLen);
+#else
+    return NULL;
+#endif
+}
+
+static void
+setWorkingDir(char *path)
+{
+#if defined WIN32
+    _chdir(path);
+#elif defined(XP_UNIX) || defined(XP_BEOS)
+    chdir(path);
+#else
+    return;
+#endif
+}
+
+static CMTStatus
+launch_psm(char *executable)
+{
+#ifndef XP_MAC
+    char command[MAX_PATH_LEN];
+#endif
+#ifdef WIN32
+    STARTUPINFO sui;
+    PROCESS_INFORMATION pi;
+    UNALIGNED long *posfhnd;
+    int i;
+    char *posfile;
+
+    sprintf(command,"%s > psmlog", executable);
+    ZeroMemory( &sui, sizeof(sui) );
+    sui.cb = sizeof(sui);
+    sui.cbReserved2 = (WORD)(sizeof( int ) + (3 * (sizeof( char ) + 
+                                                   sizeof( long ))));
+    sui.lpReserved2 = calloc( sui.cbReserved2, 1 );
+    *((UNALIGNED int *)(sui.lpReserved2)) = 3;
+    posfile = (char *)(sui.lpReserved2 + sizeof( int ));
+    posfhnd = (UNALIGNED long *)(sui.lpReserved2 + sizeof( int ) + 
+                                 (3 * sizeof( char )));
+    
+    for ( i = 0, posfile = (char *)(sui.lpReserved2 + sizeof( int )),
+              posfhnd = (UNALIGNED long *)(sui.lpReserved2 + sizeof( int ) + (3 * sizeof( char ))) ;
+          i < 3 ; i++, posfile++, posfhnd++ ) {
+        
+        *posfile = 0;
+        *posfhnd = (long)INVALID_HANDLE_VALUE;
+    }
+    /* Now, fire up PSM */
+    if (!CreateProcess(NULL, command, NULL, NULL, TRUE, DETACHED_PROCESS, 
+                       NULL, NULL, &sui, &pi)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+#elif defined(XP_UNIX) || defined(XP_BEOS)
+    sprintf(command,"./%s &", executable);
+    if (system(command) == -1) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+#else
+    return CMTFailure;
+#endif
+}
+
+PCMT_CONTROL CMT_EstablishControlConnection(char            *inPath, 
+                                            CMT_SocketFuncs *sockFuncs,
+                                            CMT_MUTEX       *mutex)
+{
+    PCMT_CONTROL control;
+#ifndef XP_MAC
+    char *executable;
+    char *newWorkingDir;
+    char oldWorkingDir[MAX_PATH_LEN];
+    size_t stringLen;
+#endif    
+    int i;
+    char *path = NULL;
+
+    /*	On the Mac, we do special magic in the Seamonkey PSM component, so
+    	if PSM isn't launched by the time we reach this point, we're not doing well. */
+#ifndef XP_MAC
+
+    struct stat stbuf;
+    
+    /*
+     * Create our own copy of path.
+     * I'd like to do a straight strdup here, but that caused problems
+     * for https.
+     */
+    stringLen = strlen(inPath);
+
+    path = (char*) malloc(stringLen+1);
+    memcpy(path, inPath, stringLen);
+    path[stringLen] = '\0';
+
+    control = CMT_ControlConnect(mutex, sockFuncs);
+    if (control != NULL) {
+        return control;
+    }
+    /*
+     * We have to try to launch it now, so it better be a valid 
+     * path.
+     */
+    if (stat(path, &stbuf) == -1) {
+        goto loser;
+    }
+    /*
+     * Now we have to parse the path and launch the psm server.
+     */
+    executable = strrchr(path, DIRECTORY_SEPARATOR);
+    if (executable != NULL) {
+        *executable = '\0';
+        executable ++;
+        newWorkingDir = path;
+    } else {
+        executable = path;
+        newWorkingDir = NULL;
+    }
+    if (getCurrWorkDir(oldWorkingDir, MAX_PATH_LEN) == NULL) {
+        goto loser;
+    }
+    setWorkingDir(newWorkingDir);
+    if (launch_psm(executable) != CMTSuccess) {
+        goto loser;
+    }
+    setWorkingDir(oldWorkingDir);
+#endif
+
+    /*
+     * Now try to connect to the psm server.  We will try to connect
+     * a maximum of 30 times and then give up.
+     */
+#ifdef WIN32
+    for (i=0; i<30; i++) {
+        Sleep(1000);
+        control = CMT_ControlConnect(mutex, sockFuncs);
+        if (control != NULL) {
+            break;
+        }
+    }
+#elif defined(XP_UNIX) || defined(XP_BEOS)
+    i = 0;
+    while (i<1000) {
+        i += sleep(10);
+	control = CMT_ControlConnect(mutex, sockFuncs);
+	if (control != NULL) {
+	  break;
+	}
+    }
+#elif defined(XP_MAC)
+	for (i=0; i<30; i++) 
+	{
+		EventRecord theEvent;
+		WaitNextEvent(0, &theEvent, 30, NULL);
+		control = CMT_ControlConnect(mutex, sockFuncs);
+		if (control != NULL) 
+			break;
+	}
+
+#else
+    /*
+     * Figure out how to sleep for a while first
+     */
+    for (i=0; i<30; i++) {
+      control = CMT_ControlConnect(mutex, sockFuncs);
+      if (control!= NULL) {
+	break;
+      }
+    }
+#endif
+    if (control == NULL) {
+        goto loser;
+    }
+    if (path) {
+        free (path);
+    }
+    return control;
+ loser:
+    if (control != NULL) {
+        CMT_CloseControlConnection(control);
+    }
+    if (path) {
+        free(path);
+    }
+    return NULL;
+}
+
+
+PCMT_CONTROL CMT_ControlConnect(CMT_MUTEX *mutex, CMT_SocketFuncs *sockFuncs)
+{
+    PCMT_CONTROL control = NULL; 
+    CMTSocket sock=NULL;
+#ifdef XP_UNIX
+    int unixSock = 1;
+    char path[20];
+#else
+    int unixSock = 0;
+    char *path=NULL;
+#endif
+
+    if (sockFuncs == NULL) {
+        return NULL;
+    }
+#ifdef XP_UNIX
+    sprintf(path, "/tmp/.nsmc-%d", (int)geteuid());
+#endif    
+
+    sock = sockFuncs->socket(unixSock);
+    if (sock == NULL) {
+        LOG("Could not create a socket to connect to Control Connection.\n");
+        goto loser;
+    }
+    /* Connect to the psm process */
+    if (sockFuncs->connect(sock, CARTMAN_PORT, path)) {
+	  LOG("Could not connect to Cartman\n");
+	  goto loser;
+    }
+
+#ifdef XP_UNIX
+    if (sockFuncs->verify(sock) != CMTSuccess) {
+        goto loser;
+    }
+#endif
+
+	LOG("Connected to Cartman\n");
+	
+	/* fill in the CMTControl struct */
+	control = (PCMT_CONTROL)calloc(sizeof(CMT_CONTROL), 1);
+	if (control == NULL ) {
+		goto loser;
+	}
+	control->sock = sock;
+    if (mutex != NULL) {
+        control->mutex = (CMT_MUTEX*)calloc(sizeof(CMT_MUTEX),1);
+        if (control->mutex == NULL) {
+            goto loser;
+        }
+        *control->mutex = *mutex;
+    }
+    memcpy(&control->sockFuncs, sockFuncs, sizeof(CMT_SocketFuncs));
+    control->refCount = 1;
+	goto done;
+    
+ loser:
+	if (control != NULL) {
+		free(control);
+    }
+    if (sock != NULL) {
+        sockFuncs->close(sock);
+    }
+	control = NULL;
+    
+ done:
+	return control;
+}
+
+CMTStatus CMT_CloseControlConnection(PCMT_CONTROL control)
+{
+	/* XXX Don't know what to do here yet */
+    if (control != NULL) {
+        CMInt32 refCount;
+        CMT_LOCK(control->mutex);
+        control->refCount--;
+        refCount = control->refCount;
+        CMT_UNLOCK(control->mutex);
+        if (refCount <= 0) {
+            if (control->mutex != NULL) {
+                free (control->mutex);
+            }
+            control->sockFuncs.close(control->sock);
+            free(control);
+        }
+    }
+    
+	return CMTSuccess;
+}
+
+CMTStatus CMT_Hello(PCMT_CONTROL control, CMUint32 version, char* profile, 
+                    char* profileDir)
+{
+	CMTItem message;
+    PCMT_EVENT eventHandler;
+    CMBool doesUI;
+    HelloRequest request;
+    HelloReply reply;
+
+	/* Check the passed parameters */
+	if (!control) {
+		return CMTFailure;
+	}
+	if (!profile) {
+		return CMTFailure;
+	}
+    if (!profileDir) {
+        return CMTFailure;
+    }
+    
+	/* Create the hello message */
+    eventHandler = CMT_GetEventHandler(control, SSM_UI_EVENT, 0);
+    doesUI = (eventHandler == NULL) ? CM_FALSE : CM_TRUE;
+
+    /* Setup the request struct */
+    request.version = version;
+    request.policy = 0; /* no more policy */
+    request.doesUI = doesUI;
+    request.profile = profile;
+    request.profileDir = profileDir;
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_HELLO_MESSAGE;
+
+    if (CMT_EncodeMessage(HelloRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+	/* Send the message and get the response */
+	if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+	}
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_HELLO_MESSAGE)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(HelloReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+	/* Successful response */
+	if (reply.result == 0) {
+            /* Save the nonce value */
+            control->sessionID = reply.sessionID;
+            control->protocolVersion = reply.version;
+            control->port = reply.httpPort;
+            control->nonce = reply.nonce;
+            control->policy = reply.policy;
+            control->serverStringVersion = reply.stringVersion;
+
+            /* XXX Free the messages */
+            return CMTSuccess;
+	}
+loser:
+	/* XXX Free the messages */
+	return CMTFailure;
+}
+
+CMTStatus CMT_PassAllPrefs(PCMT_CONTROL control, int num,
+                           CMTSetPrefElement* list)
+{
+    SetPrefListMessage request;
+    SingleNumMessage reply;
+    CMTItem message;
+
+    if ((control == NULL) || (list == NULL)) {
+        return CMTFailure;
+    }
+
+    /* pack the request */
+    request.length = num;
+    request.list = (SetPrefElement*)list;
+
+    if (CMT_EncodeMessage(SetPrefListMessageTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+    message.type = SSM_REQUEST_MESSAGE | SSM_PREF_ACTION;
+
+    /* send the message */
+    if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PREF_ACTION)) {
+        goto loser;
+    }
+
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* don't really need to check the return value */
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+char* CMT_GetServerStringVersion(PCMT_CONTROL control)
+{
+    if (control == NULL) {
+        return NULL;
+    }
+    return control->serverStringVersion;
+}

mozilla/security/psm/lib/client/cmtjs.c

@@ -0,0 +1,556 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtutils.h"
+#include "cmtjs.h"
+#include "messages.h"
+
+CMTStatus
+CMT_GenerateKeyPair(PCMT_CONTROL control, CMUint32 keyGenContext, 
+		    CMUint32 mechType, CMTItem *param, CMUint32 keySize, 
+		    CMUint32 *keyPairId)
+{
+    CMTItem message;
+    CMTStatus rv;
+    KeyPairGenRequest request = {0, 0, 0, {0, NULL, 0}};
+    SingleNumMessage reply;
+
+    if (!control) {
+        return CMTFailure;
+    }
+
+    request.keyGenCtxtID = keyGenContext;
+    request.genMechanism = mechType;
+    if (param) {
+        request.params = *param;
+    }
+    request.keySize = keySize;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(KeyPairGenRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_CREATE_KEY_PAIR;
+
+    /* Send the message and get the response */
+    rv = CMT_SendMessage(control, &message); 
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_CREATE_KEY_PAIR)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+    *keyPairId = reply.value;
+    return CMTSuccess;
+    
+loser:
+    *keyPairId = 0;
+    return CMTFailure;
+}
+
+
+CMTStatus
+CMT_CreateNewCRMFRequest(PCMT_CONTROL control, CMUint32 keyPairID, 
+			 SSMKeyGenType keyGenType, CMUint32 *reqID)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleNumMessage request;
+    SingleNumMessage reply;
+    
+    if (!control) {
+        return CMTFailure;
+    }
+
+    request.value = keyPairID;
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | 
+                    SSM_CREATE_CRMF_REQ;
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+  
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_CREATE_CRMF_REQ)) {
+        goto loser;
+    }
+
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *reqID = reply.value;
+
+    rv = CMT_SetNumericAttribute(control, *reqID, SSM_FID_CRMFREQ_KEY_TYPE,
+				 keyGenType);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_EncodeCRMFRequest(PCMT_CONTROL control, CMUint32 *crmfReqID, 
+		      CMUint32 numRequests, char ** der)
+{
+    CMTItem   message;
+    CMTStatus  rv;
+    EncodeCRMFReqRequest request;
+    SingleItemMessage reply;
+
+    if (!control) {
+        return CMTFailure;
+    }
+
+    request.numRequests = numRequests;
+    request.reqIDs = (long *) crmfReqID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(EncodeCRMFReqRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | SSM_DER_ENCODE_REQ;
+
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_DER_ENCODE_REQ)) {
+        goto loser;
+    }
+
+    /* XXX Should this be a string? Decode the message */
+    if (CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *der = (char *) reply.item.data;
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_ProcessCMMFResponse(PCMT_CONTROL control, char *nickname,
+			char *certRepString, CMBool doBackup,
+			void *clientContext)
+{
+    CMTItem   message;
+    CMTStatus  rv;
+    CMMFCertResponseRequest request;
+
+    if(!control) {
+        return CMTFailure;
+    }
+
+    request.nickname = nickname;
+    request.base64Der = certRepString;
+    request.doBackup = doBackup;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CMMFCertResponseRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type =  SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | SSM_PROCESS_CMMF_RESP;
+
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_PROCESS_CMMF_RESP)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_CreateResource(PCMT_CONTROL control, SSMResourceType resType,
+		   CMTItem *params, CMUint32 *rsrcId, CMUint32 *errorCode)
+{
+    CMTItem message;
+    CMTStatus rv;
+    CreateResourceRequest request = {0, {0, NULL, 0}};
+    CreateResourceReply reply;
+
+    request.type = resType;
+    if (params) {
+        request.params = *params;
+    } 
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CreateResourceRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_CREATE_RESOURCE;
+    
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_CREATE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(CreateResourceReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *rsrcId = reply.resID;
+    *errorCode = reply.result;
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_SignText(PCMT_CONTROL control, CMUint32 resID, char* stringToSign, char* hostName, char* caOption, CMInt32 numCAs, char** caNames)
+{
+    CMTItem message;
+    SignTextRequest request;
+
+    
+    /* So some basic parameter checking */
+    if (!control || !stringToSign) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resID;
+    request.stringToSign = stringToSign;
+    request.hostName = hostName;
+    request.caOption = caOption;
+    request.numCAs = numCAs;
+    request.caNames = caNames;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(SignTextRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_FORMSIGN_ACTION | SSM_SIGN_TEXT;
+
+    /* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_FORMSIGN_ACTION | SSM_SIGN_TEXT)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_ProcessChallengeResponse(PCMT_CONTROL control, char *challengeString,
+			     char **responseString)
+{
+    CMTItem   message;
+    CMTStatus  rv;
+    SingleStringMessage request;
+    SingleStringMessage reply;
+
+    /* Set the request */
+    request.string = challengeString;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleStringMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | SSM_CHALLENGE;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+    
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_CHALLENGE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleStringMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *responseString = reply.string;
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_FinishGeneratingKeys(PCMT_CONTROL control, CMUint32 keyGenContext)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleNumMessage request;
+
+    /* Set up the request */
+    request.value = keyGenContext;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_FINISH_KEY_GEN;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the reply */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_FINISH_KEY_GEN)) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_GetLocalizedString(PCMT_CONTROL        control,
+                       SSMLocalizedString  whichString,
+                       char              **localizedString)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleNumMessage request;
+    GetLocalizedTextReply reply;
+
+    /* Set up the request */
+    request.value = whichString;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_LOCALIZED_TEXT;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_LOCALIZED_TEXT)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(GetLocalizedTextReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    if (reply.whichString != whichString) {
+        goto loser;
+    }
+    *localizedString = reply.localizedString;
+    return CMTSuccess;
+ loser:
+    *localizedString = NULL;
+    return rv; 
+}
+
+CMTStatus
+CMT_AddNewModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 char         *libraryPath,
+                 unsigned long pubMechFlags,
+                 unsigned long pubCipherFlags)
+{
+    CMTItem message;
+    CMTStatus rv;
+    AddNewSecurityModuleRequest request;
+    SingleNumMessage reply;
+
+    /* Set up the request */
+    request.moduleName = moduleName;
+    request.libraryPath = libraryPath;
+    request.pubMechFlags = pubMechFlags;
+    request.pubCipherFlags = pubCipherFlags;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(AddNewSecurityModuleRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_ADD_NEW_MODULE;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_ADD_NEW_MODULE)) {
+        goto loser;
+    }
+
+    /* Decode the response */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    return (CMTStatus) reply.value;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_DeleteModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 int          *moduleType)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleStringMessage request;
+    SingleNumMessage reply;
+
+    /* Set up the request */
+    request.string = moduleName;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleStringMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_DEL_MODULE;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_DEL_MODULE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *moduleType = reply.value;
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_LogoutAllTokens(PCMT_CONTROL control)
+{
+  CMTItem message;
+  CMTStatus rv;
+
+  message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_LOGOUT_ALL;
+  message.data = NULL;
+  message.len  = 0;
+
+  rv = CMT_SendMessage(control, &message);
+  if (rv != CMTSuccess) {
+    return rv;
+  }
+  if (message.type !=  (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | 
+			SSM_LOGOUT_ALL)) {
+    return CMTFailure;
+  }
+  return CMTSuccess;
+}
+
+CMTStatus CMT_GetSSLCapabilities(PCMT_CONTROL control, CMInt32 *capabilites)
+{
+    SingleNumMessage reply;
+    CMTItem message;
+    CMTStatus rv;
+
+    message.type = (SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | 
+                    SSM_ENABLED_CIPHERS);
+    message.data = NULL;
+    message.len  = 0;
+
+    rv = CMT_SendMessage(control, &message);
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION |
+			 SSM_ENABLED_CIPHERS)) {
+        goto loser;
+    }
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, 
+                          &message) != CMTSuccess) {
+        goto loser;
+    }
+    *capabilites = reply.value;
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}

mozilla/security/psm/lib/client/cmtjs.h

@@ -0,0 +1,555 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef _CMTJS_H_
+#define _CMTJS_H_
+#include "cmtcmn.h"
+#include "ssmdefs.h"
+#include "rsrcids.h"
+/*
+ * Define some constants.
+ */
+
+/*
+ * These defines are used in conjuction with the function
+ * CMT_AddNewModule.
+ */
+#define PUBLIC_MECH_RSA_FLAG         0x00000001ul
+#define PUBLIC_MECH_DSA_FLAG         0x00000002ul
+#define PUBLIC_MECH_RC2_FLAG         0x00000004ul
+#define PUBLIC_MECH_RC4_FLAG         0x00000008ul
+#define PUBLIC_MECH_DES_FLAG         0x00000010ul
+#define PUBLIC_MECH_DH_FLAG          0x00000020ul
+#define PUBLIC_MECH_FORTEZZA_FLAG    0x00000040ul
+#define PUBLIC_MECH_RC5_FLAG         0x00000080ul
+#define PUBLIC_MECH_SHA1_FLAG        0x00000100ul
+#define PUBLIC_MECH_MD5_FLAG         0x00000200ul
+#define PUBLIC_MECH_MD2_FLAG         0x00000400ul
+ 
+#define PUBLIC_MECH_RANDOM_FLAG      0x08000000ul
+#define PUBLIC_MECH_FRIENDLY_FLAG    0x10000000ul
+#define PUBLIC_OWN_PW_DEFAULTS       0X20000000ul
+#define PUBLIC_DISABLE_FLAG          0x40000000ul
+
+
+/*
+ * This is the lone supported constant for the Cipher flag
+ * for CMT_AddNewModule
+ */
+#define PUBLIC_CIPHER_FORTEZZA_FLAG  0x00000001ul
+
+CMT_BEGIN_EXTERN_C
+
+/*
+ * FUNCTION: CMT_GenerateKeyPair
+ * -----------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    keyGenContext
+ *        The Resource ID of a key gen context to use for creating the
+ *        key pair.
+ *    mechType
+ *        A PKCS11 mechanism used to generate the key pair. Valid values are:
+ *          CKM_RSA_PKCS_KEY_PAIR_GEN    0x00000000
+ *          CKM_DSA_KEY_PAIR_GEN         0x00000010
+ *        The definition of these values can be found at 
+ *        http://www.rsa.com/rsalabs/pubs/pkcs11.html
+ *        The psm module currently supports v2.01 of PKCS11
+ *    params
+ *        This parameter will be used to pass parameters to the Key Pair
+ *        generation process.  Currently this feature is not supported, so 
+ *        pass in NULL for this parameter.
+ *    keySize
+ *        The size (in bits) of the key to generate.
+ *    keyPairId
+ *        A pointer to pre-allocated memory where the function can place
+ *        the value of the resource ID of the key pair that gets created.
+ *
+ * NOTES:
+ * This function will send a message to the psm server requesting that 
+ * a public/private key pair be generated. The key gen context will queue
+ * the request. You can send as many key gen requests as you want with a
+ * given key gen context. After sending all the key gen requests, the user
+ * must call CMT_FinishGeneratingKeys so that the key gen context actually
+ * generates the keys.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates the request for key generation
+ * was queued successfully and the corresponding resource ID can be found
+ * at *keyPairId.  Any other return value indicates an error and the value
+ * at *keyPairId should be ignored.
+ */
+CMTStatus
+CMT_GenerateKeyPair(PCMT_CONTROL control, CMUint32 keyGenContext, 
+		    CMUint32 mechType, CMTItem *params, CMUint32 keySize, 
+		    CMUint32 *keyPairId);
+
+/*
+ * FUNCTION: CMT_FinishGeneratingKeys
+ * ----------------------------------
+ * INPUTS
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    keyGenContext
+ *        The resource ID of the key gen context which should finish 
+ *        generating its key pairs.
+ * NOTES
+ * This function will send a message to the psm server notifying the key 
+ * gen context with the resource ID of keyGenContext to finish generating
+ * all of the key gen requests it has queued up. After each key gen has 
+ * finished, the psm server will send a SSM_TASK_COMPLETED_EVENT. So in order
+ * to detect when all of the key gens are done, the user should register 
+ * an event handler.  See comments for CMT_RegisterEventHandler for information
+ * on how to successfully register event handler callbacks. You must register
+ * the event handler with keyGenContext as the target resource ID for this
+ * to work correctly.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates the key gen context has started to
+ * generate the key pairs in its queue. Any other return value indicates an
+ * error and the key pairs will not be generated.
+ */
+CMTStatus
+CMT_FinishGeneratingKeys(PCMT_CONTROL control, CMUint32 keyGenContext);
+
+/*
+ * FUNCTION: CMT_CreateNewCRMFRequest
+ * ----------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    keyPairID
+ *        The resource ID of the key pair that should be associated with
+ *        the CRMF request created. At the time this function is called,
+ *        key pair should have already been created. 
+ *    keyGenType
+ *        An enumeration that explains how the key pair will be used.
+ *        Look at the definition of SSMKeyGenType in ssmdefs.h for valid
+ *        values and their affects on the request.
+ *    reqID
+ *        A pointer to a pre-allocatd chunk of memory where the library 
+ *        can place the resource ID of the new CRMF request.
+ * NOTES:
+ * This function sends a message to the psm server requesting that a new 
+ * CRMF resource object be created. Each CRMF request must be associated with 
+ * a public/private key pair, that is why the keyPairID parameter exists.
+ * The keyGenType parameter is used to initialize the request, eg set the
+ * correct keyUsage extension.
+ * 
+ * Before encoding a CRMF request, the user will want to set the appropriate
+ * attributes to build up the request. The supported attributes are:
+ *
+ * Attribute Enumeration          Attribute Type       What value means
+ * ---------------------          --------------       ----------------
+ * SSM_FID_CRMFREQ_REGTOKEN       String               The value to encode as 
+ *                                                     the registration token
+ *                                                     value for the request.
+ *
+ * SSM_FID_CRMFREQ_AUTHENTICATOR String                The value to encode as
+ *                                                     authenticator control
+ *                                                     in the request.
+ * 
+ * SSM_FID_DN                    String                The RFC1485 formatted
+ *                                                     DN to include in the
+ *                                                     CRMF request.
+ *
+ * For information on how to properly set the attribute of a resource, refer
+ * to the comments for the functions CMT_SetNumericAttribute and 
+ * CMT_SetStringAttribute.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates a new CRMF resource was created by
+ * the psm server and has the resource ID placed at *reqID. Any other return
+ * value indicates an error and the value at *reqID should be ignored.
+ */
+CMTStatus
+CMT_CreateNewCRMFRequest(PCMT_CONTROL control, CMUint32 keyPairID, 
+			 SSMKeyGenType keyGenType, CMUint32 *reqID);
+
+/*
+ * FUNCTION: CMT_EncodeCRMFRequest
+ * ------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    crmfReqID
+ *        An array of resource ID's for CRMF objects to be encoded.
+ *    numRequests
+ *        The length of the array crmfReqID that is passed in.
+ *    der
+ *        A pointer to a pre-allocated pointer for a char* where the library
+ *        can place the final DER-encoding of the requests.
+ * NOTES
+ * This function will send a message to the psm server requesting that 
+ * a number of CRMF requests be encoded into their appropriate DER 
+ * representation. The DER that is sent back will be of the type 
+ * CertReqMessages as define in the internet draft for CRMF. To look at the
+ * draft, visit the following URL: 
+ * http://search.ietf.org/internet-drafts/internet-draft-ietf-pkix-crmf-01.txt
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates psm successfully encoded the requests
+ * and placed the base64 DER encoded request at *der. Any other return value
+ * indicates an error and the value at *der should be ignored.
+ */
+CMTStatus
+CMT_EncodeCRMFRequest(PCMT_CONTROL control, CMUint32 *crmfReqID, 
+		      CMUint32 numRequests, char ** der);
+
+/*
+ * FUNCTION: CMT_ProcessCMMFResponse
+ * ---------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    nickname
+ *        The nickname that should be associated with the certificate 
+ *        contained in the CMMF Response.
+ *    certRepString
+ *        This is the base 64 encoded CertRepContent that issues a certificate.
+ *        The psm server will decode the base 64 data and then parse the
+ *        CertRepContent.
+ *    doBackup
+ *        A boolean value indicating whether or not psm should initiate the
+ *        process of backing up the newly issued certificate into a PKCS-12
+ *        file.
+ *    clientContext
+ *         Client supplied data pointer that is returned to the client during
+ *         a UI event.
+ * NOTES:
+ * This function takes a CertRepContent as defined in the CMMF internet draft
+ * (http://search.ietf.org/internet-drafts/draft-ietf-pkix-cmmf-02.txt) and
+ * imports the certificate into the user's database. The certificate will have
+ * the string value of nickanme as it's nickname when added to the database
+ * unless another certificate with that same Distinguished Name (DN) already
+ * exists in the database, in which case the nickname of the certificate that
+ * already exists will be used. If the value passed in for doBackup is 
+ * non-zero, then the psm server will initiate the process of backing up the
+ * certificate(s) that were just imported.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates the certificate(s) were successfully
+ * added to the database. Any other return value means the certificate(s) could
+ * not be successfully added to the database.
+ */
+CMTStatus
+CMT_ProcessCMMFResponse(PCMT_CONTROL control, char *nickname, 
+			char *certRepString, CMBool doBackup,
+			void *clientContext);
+
+/*
+ * FUNCTION: CMT_CreateResource
+ * ----------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    resType
+ *        The enumeration representing the resource type to create.
+ *    params
+ *        A resource dependent binary string that will be sent to the psm 
+ *        server. Each resource will expect a binary string it defines.
+ *    rsrcId
+ *        A pointer to a pre-allocated chunk of memory where the library
+ *        can place the resource ID of the newly created resource.
+ *    errorCode
+ *        A pointer to a pre-allocated chunk of memory where the library
+ *        can place the errorCode returned by the psm server after creating
+ *        the resource.
+ * NOTES:
+ * This function sends a message to the psm server requesting that a new 
+ * resource be created.  The params parameter depends on the type of resource
+ * being created.  Below is a table detailing the format of the params for 
+ * a given resource type. Only the resource types listed below can be created
+ * by calling this function.
+ *
+ * Resource Type constant                  Value for params
+ * ------------------------------          ----------------
+ * SSM_RESTYPE_KEYGEN_CONTEXT              NULL
+ * SSM_RESTYPE_SECADVISOR_CONTEXT          NULL
+ * SSM_RESTYPE_SIGNTEXT                    NULL
+ *
+ * RETURN
+ * A return value of CMTSuccess means the psm server received the request and
+ * processed the create resource create. If the value at *errorCode is zero,
+ * then the value at *rsrcId is the resource ID of the newly created resource.
+ * Otherwise, creating the new resource failed and *errorCode contains the
+ * error code returned by the psm server. ???What are the return values and
+ * what do they mean. Any other return value indicates there was an error 
+ * in the communication with the psm server and the values at *rsrcId and 
+ * *errorCode should be ignored.
+ */
+CMTStatus
+CMT_CreateResource(PCMT_CONTROL control, SSMResourceType resType,
+		   CMTItem *params, CMUint32 *rsrcId, CMUint32 *errorCode);
+
+/*
+ * FUNCTION: CMT_SignText
+ * ----------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    resID
+ *        The resource ID of an SSMSignTextResource.
+ *    stringToSign
+ *        The string that the psm server should sign.
+ *    hostName
+ *        The host name of the site that is requesting a string to be
+ *        signed.  This is used for displaying the UI that tells the user
+ *        a web site has requested the use sign some text.
+ *    caOption
+ *        If the value is "auto" then psm will select the certificate
+ *        to use for signing automatically.
+ *        If the value is "ask" then psm will display a list of 
+ *        certificates for signing.
+ *    numCAs
+ *        The number of CA names included in the array caNames passed in as
+ *        the last parameter to this function.
+ *    caNames
+ *        An array of CA Names to use for filtering the user certs to use
+ *        for signing the text.
+ * NOTES
+ * This function will sign the text passed via the parameter stringToSign.
+ * The function will also cause the psm server to send some UI notifying the
+ * user that a site has requested the user sign some text.  The hostName 
+ * parameter is used in the UI to inform the user which site is requesting
+ * the signed text.  The caOption is used to determine if the psm server 
+ * should automatically select which personal cert to use in signing the
+ * text.  The caNames array is ussed to narrow down the field of personal
+ * certs to use when signing the text. In other words, only personal certs 
+ * trusted by the CA's passed in will be used.
+ *
+ * RETURN
+ * If the function returns CMTSuccess, that indicates the psm server 
+ * successfully signed the text.  The signed text can be retrieved by 
+ * calling CMT_GetStringResource and passing in SSM_FID_SIGNTEXT_RESULT
+ * as the field ID. Any other return value indicates an error meaning the
+ * string was not signed successfully.
+ */
+CMTStatus
+CMT_SignText(PCMT_CONTROL control, CMUint32 resID, char* stringToSign,
+             char* hostName, char *caOption, CMInt32 numCAs, char** caNames);
+
+/*
+ * FUNCTION: CMT_ProcessChallengeResponse
+ * --------------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    challengeString
+ *        The base64 encoded Challenge string received as the 
+ *        Proof-Of-Possession Challenge in response to CRMF request that
+ *        specified Challenge-Reponse as the method for Proof-Of-Possession.
+ *    responseString
+ *        A pointer to pre-allocated char* where the library can place a
+ *        copy of the bas64 encoded response to the challenge presented.
+ * NOTES
+ * This function takes the a challenge--that is encrypted with the public key
+ * of a certificate we created--and decrypts it with the private key we 
+ * generated.  The format of the challenge is as follows:
+ *
+ * Challenge ::= SEQUENCE { 
+ *      owf                 AlgorithmIdentifier  OPTIONAL, 
+ *      -- MUST be present in the first Challenge; MAY be omitted in any 
+ *      -- subsequent Challenge in POPODecKeyChallContent (if omitted, 
+ *      -- then the owf used in the immediately preceding Challenge is 
+ *      -- to be used). 
+ *      witness             OCTET STRING, 
+ *      -- the result of applying the one-way function (owf) to a 
+ *      -- randomly-generated INTEGER, A.  [Note that a different 
+ *      -- INTEGER MUST be used for each Challenge.] 
+ *      sender              GeneralName, 
+ *      -- the name of the sender. 
+ *      key                 OCTET STRING, 
+ *      -- the public key used to encrypt the challenge.  This will allow 
+ *      -- the client to find the appropriate key to do the decryption. 
+ *      challenge           OCTET STRING 
+ *      -- the encryption (under the public key for which the cert. 
+ *      -- request is being made) of Rand, where Rand is specified as 
+ *      --   Rand ::= SEQUENCE { 
+ *      --      int      INTEGER, 
+ *      --       - the randomly-generated INTEGER A (above) 
+ *      --      senderHash  OCTET STRING 
+ *      --       - the result of applying the one-way function (owf) to 
+ *      --       - the sender's general name 
+ *      --   } 
+ *      -- the size of "int" must be small enough such that "Rand" can be 
+ *      -- contained within a single PKCS #1 encryption block. 
+ *  } 
+ * This challenge is based on the Challenge initially defined in the CMMF
+ * internet draft, but differs in that this structure includes the sender
+ * as part of the challenge along with the public key and includes a has
+ * of the sender in the encrypted Rand structure.  The reason for including
+ * the key is to facilitate looking up the key that should be used to 
+ * decipher the challenge.  Including the hash of the sender in the encrypted
+ * Rand structure makes the challenge smaller and allows it to fit in 
+ * one RSA block. 
+ *
+ * The response is of the type POPODecKeyRespContent as defined in the CMMF
+ * internet draft.
+ *
+ * RETURN
+ * A return value of CMTSuccess indicates psm successfully parsed and processed
+ * the challenge and created a response.  The base64 encoded response to the
+ * challenge is placed at *responseString.  Any other return value indicates
+ * an error and the value at *responseString should be ignored.
+ */
+CMTStatus
+CMT_ProcessChallengeResponse(PCMT_CONTROL control, char *challengeString,
+			     char **responseString);
+
+/*
+ * FUNCTION: CMT_GetLocalizedString
+ * --------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    whichString
+ *        The enumerated value corresponding to the localized string to 
+ *        retrieve from the psm server
+ *    localizedString
+ *        A pointer to a pre-allocated char* where the library can place 
+ *        copy of the localized string retrieved from the psm server.
+ * NOTES
+ * This function retrieves a localized string from the psm server.  These 
+ * strings are useful for strings that aren't localized in the client 
+ * making use of the psm server, but need to be displayed by the user. Look
+ * in protocol.h for the enumerations of the localized strings that can 
+ * be fetched from psm via this method.
+ *
+ * RETURN
+ * A return value of CMTSuccess indicates the localized string was retrieved
+ * successfully and the localized value is located at *localizedString.  Any
+ * other return value indicates an error and the value at *localizedString
+ * should be ignored.
+ */
+CMTStatus 
+CMT_GetLocalizedString(PCMT_CONTROL        control, 
+                       SSMLocalizedString  whichString,
+                       char              **localizedString); 
+
+/*
+ * FUNCTION: CMT_DeleteModule
+ * --------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    moduleName
+ *        The name of the PKCS11 module to delete.
+ *    moduleType
+ *        A pointer to a pre-allocated integer where the library can place
+ *        a value that tells what the type of module was deleted.
+ * NOTES
+ * This function will send a message to the psm server requesting the server 
+ * delete a PKCS-11 module stored in psm's security module database. moduleName
+ * is the value passed in as moduleName when the module was added to the 
+ * security module database of psm.
+ * The values that may be returned by psm for moduleType are:
+ *
+ *    0      The module was an external module developped by a third party
+ *           that was added to the psm security module.
+ *
+ *    1      The module deleted was the internal PKCS-11 module that comes
+ *           built in with the psm server.
+ *
+ *    2      The module that was deleted was the FIPS  internal module.
+ *
+ * RETURN
+ * A return value of CMTSuccess indicates the security module was successfully
+ * delete from the psm security module database and the value at *moduleType
+ * will tell what type of module was deleted.
+ * Any other return value indicates an error and the value at *moduleType 
+ * should be ignored.
+ */
+CMTStatus
+CMT_DeleteModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 int          *moduleType);
+
+
+/*
+ * FUNCTION: CMT_AddNewModule
+ * --------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    moduleName
+ *        The name to be associated with the module once it is added to 
+ *        the psm security module database.
+ *    libraryPath
+ *        The path to the library to be  loaded.  The library should be 
+ *        loadable at run-time.
+ *    pubMechFlags
+ *        A bit vector indicating all cryptographic mechanisms that should
+ *        be turned on by default.  This module will become the default 
+ *        handler for the mechanisms that are set by this bit vector.
+ *    pubCipherFlags
+ *        A bit vector indicating all SSL or S/MIME cipher functions
+ *        supported by the module. Most modules will pas in 0x0 for this
+ *        parameter.
+ * NOTES:
+ * This function sends a message to the psm server and requests the .so
+ * file on UNIX or .dll file on Windows be loaded as a PKCS11 module and 
+ * be stored in the psm security module database.  The module will be stored
+ * with the name moduleName that is passed in and will always expect the 
+ * library to live at the path passed in via the parameter libraryPath.
+ * The pubMechFlags tell the psm server how this module should be used.
+ * Valid values are the #define constants defined at the beginning of
+ * this file.
+ * 
+ * RETURN
+ * A return value of CMTSuccess indicates the module was successfully loaded
+ * and placed in the security module database of psm.  Any other return value
+ * indicates an error and means the module was not loaded successfully and
+ * not stored in the psm server's security module database.
+ */
+CMTStatus
+CMT_AddNewModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 char         *libraryPath,
+                 unsigned long pubMechFlags,
+                 unsigned long pubCipherFlags);
+
+CMT_END_EXTERN_C
+
+#endif /*_CMTJS_H_*/

mozilla/security/psm/lib/client/cmtmac.c

@@ -0,0 +1,75 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#include "cmtmac.h"
+#include "macsocket.h"
+#include "stdlib.h"
+
+#ifndef XP_MAC
+#error Link with the builtin strdup() on your platform.
+#endif
+
+
+static void 
+my_strcpy(char *dest, const char *source)
+{
+	char *i = dest;
+	const char *j = source;
+	while(*j)
+		*i++ = *j++;
+	*i = '\0';
+}
+
+static int
+my_strlen(const char *str)
+{
+	const char *c = str;
+	int i = 0;
+	
+	while(*c++ != '\0')
+		i++;
+	return i;
+}
+
+char * strdup(const char *oldstr)
+{
+	/* used to keep the mac client library from referring to strdup elsewhere */
+	char *newstr;
+	
+	newstr = (char *) malloc(my_strlen(oldstr)+1);
+	if (newstr)
+		my_strcpy(newstr, oldstr);
+	return newstr;
+}
+

mozilla/security/psm/lib/client/cmtmac.h

@@ -0,0 +1,40 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#ifndef __CMTMAC_H__
+#define __CMTMAC_H__
+
+char * strdup(const char *str);
+
+#endif

mozilla/security/psm/lib/client/cmtpasswd.c

@@ -0,0 +1,119 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/************************************************************************
+ * Code to handle password requests from the the PSM module.
+ * 
+ ************************************************************************
+ */
+
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+
+void CMT_SetAppFreeCallback(PCMT_CONTROL control, 
+			    applicationFreeCallback_fn f)
+{
+  control->userFuncs.userFree = f;
+}
+    
+void CMT_ServicePasswordRequest(PCMT_CONTROL cm_control, CMTItem * requestData)
+{ 
+  CMTItem response = {0, NULL, 0};
+  PasswordRequest request;
+  PasswordReply reply;
+  void * clientContext;
+
+  /********************************************
+   *  What we trying to do here: 
+   *  1) Throw up a dialog box and request a password.
+   *  2) Create a message and send it to the PSM module.
+   ********************************************
+   */
+  
+  /* Decode the request */
+  if (CMT_DecodeMessage(PasswordRequestTemplate, &request, requestData) != CMTSuccess) {
+      goto loser;
+  }
+
+  /* Copy the client context to a pointer */
+  clientContext = CMT_CopyItemToPtr(request.clientContext);
+
+  if (cm_control->userFuncs.promptCallback == NULL) {
+      goto loser;
+  }
+  reply.passwd = 
+    cm_control->userFuncs.promptCallback(cm_control->userFuncs.promptArg, 
+					 request.prompt, clientContext, 1);
+  reply.tokenID = request.tokenKey;
+  if (!reply.passwd) {
+      /* the user cancelled the prompt or other errors occurred */
+      reply.result = -1;
+  }
+  else {
+      /* note that this includes an empty string (zero length password) */
+      reply.result = 0;
+  }
+
+  /* Encode the reply */
+  if (CMT_EncodeMessage(PasswordReplyTemplate, &response, &reply) != CMTSuccess) {
+      goto loser;
+  }
+
+  /* Set the message response type */
+  response.type = SSM_EVENT_MESSAGE | SSM_AUTH_EVENT;
+  CMT_TransmitMessage(cm_control, &response);
+  goto done;
+loser:
+  /* something has gone wrong */
+
+done:
+  /*clean up anyway */
+  /* We can't just free up memory allocated by the host
+     application because the versions of free may not match up.
+     When you run the plug-in with an optimized older browser,
+     you'll see tons of Asserts (why they still have asserts in an
+     optimized build is a different question, but without them 
+     I wouldn't have figured out this problem) about a pointer not
+     being a valid heap pointer and eventually crash.  This was 
+     the offending free line.
+     So we need to call a function within the browser that 
+     calls the free linked in with it.  js_free is
+     such a function.  But this is extremely ugly.
+   */
+  if (reply.passwd) 
+    cm_control->userFuncs.userFree(reply.passwd);
+  if (request.prompt) 
+    free(request.prompt);
+  return;
+}
+

mozilla/security/psm/lib/client/cmtpkcs7.c

@@ -0,0 +1,664 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2)
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/time.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#else /* Windows */
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+
+typedef struct _CMTP7Private {
+    CMTPrivate priv;
+    CMTP7ContentCallback cb;
+    void *cb_arg;
+} CMTP7Private;
+
+CMTStatus CMT_PKCS7DecoderStart(PCMT_CONTROL control, void* clientContext, CMUint32 * connectionID, CMInt32 * result,
+                                CMTP7ContentCallback cb, void *cb_arg)
+{
+    CMTItem message;
+    CMTStatus rv;
+    CMTP7Private *priv=NULL;
+    SingleItemMessage request;
+    DataConnectionReply reply;
+
+    /* Check passed in parameters */
+    if (!control) {
+        goto loser;
+    }
+
+    request.item = CMT_CopyPtrToItem(clientContext);
+
+    /* Encode message */
+    if (CMT_EncodeMessage(SingleItemMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7DECODE_STREAM;
+
+    /* Send the message. */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7DECODE_STREAM)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        CMTSocket sock;
+
+        priv = (CMTP7Private *)malloc(sizeof(CMTP7Private));
+        if (priv == NULL)
+            goto loser;
+        priv->priv.dest = (CMTReclaimFunc) free;
+        priv->cb = cb;
+        priv->cb_arg = cb_arg;
+        sock = control->sockFuncs.socket(0);
+        if (sock == NULL) {
+            goto loser;
+        }
+ 
+       if (control->sockFuncs.connect(sock, (short)reply.port, 
+                                      NULL) != CMTSuccess) {
+            goto loser;
+        }
+ 
+        if (control->sockFuncs.send(sock, control->nonce.data, 
+                                    control->nonce.len) != control->nonce.len){
+            goto loser;
+        }
+
+        /* Save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID)
+            != CMTSuccess) {
+            goto loser;
+        }
+        *connectionID = reply.connID;
+
+        rv = CMT_SetPrivate(control, reply.connID, &priv->priv);
+        if (rv != CMTSuccess)
+            goto loser;
+
+        return CMTSuccess;
+    } 
+
+loser:
+    if (priv) {
+        free(priv);
+    }
+
+	*result = reply.result;
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7DecoderUpdate(PCMT_CONTROL control, CMUint32 connectionID, const char * buf, CMUint32 len)
+{
+    CMUint32 sent;
+    CMTP7Private *priv;
+    unsigned long nbytes;
+    char read_buf[128];
+    CMTSocket sock, ctrlsock, selSock, sockArr[2];
+
+    /* Do some parameter checking */
+    if (!control || !buf) {
+        goto loser;
+    }
+
+    /* Get the data socket */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    /* Write the data to the socket */
+    sent = CMT_WriteThisMany(control, sock, (void*)buf, len);
+    if (sent != len) {
+        goto loser;
+    }
+
+	ctrlsock = control->sock;
+	sockArr[0] = ctrlsock;
+	sockArr[1] = sock;
+    while ((selSock = control->sockFuncs.select(sockArr,2,1))) 
+    {
+		if (selSock == ctrlsock) {
+			CMT_ProcessEvent(control);
+		} else {
+	        nbytes = control->sockFuncs.recv(sock, read_buf, sizeof(read_buf));
+		    if (nbytes == -1) {
+			    goto loser;
+			}
+			if (nbytes == 0) {
+	            break;
+		    }
+			priv->cb(priv->cb_arg, read_buf, nbytes);
+		}
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+                                                                                
+CMTStatus CMT_PKCS7DecoderFinish(PCMT_CONTROL control, CMUint32 connectionID, 
+                                 CMUint32 * resourceID)
+{
+    CMTP7Private *priv;
+    long nbytes;
+    char buf[128];
+    CMTSocket sock, ctrlsock, selSock, sockArr[2];
+#ifndef XP_MAC
+    int numTries = 0;
+#endif
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    ctrlsock = control->sock;
+    /* drain socket before we close it */
+    control->sockFuncs.shutdown(sock);
+    sockArr[0] = sock;
+    sockArr[1] = ctrlsock;
+    /* Let's see if doing a poll first gets rid of a weird bug where we
+     * lock up the client.
+     * There are some cases where the server doesn't put up data fast 
+     * enough, so we should loop on this poll instead of just trying it
+     * once.
+     */
+#ifndef XP_MAC
+ poll_sockets:
+    if (control->sockFuncs.select(sockArr,2,1) != NULL)
+#endif
+	{
+        while (1) {
+            selSock = control->sockFuncs.select(sockArr,2,0);
+            if (selSock == ctrlsock) {
+                CMT_ProcessEvent(control);
+            } else if (selSock == sock) {
+                nbytes = control->sockFuncs.recv(sock, buf, sizeof(buf));
+                if (nbytes < 0) {
+                    goto loser;
+                } else if (nbytes == 0) {
+                    break;
+                }
+                if (priv->cb)
+                    priv->cb(priv->cb_arg, buf, nbytes);
+            }
+        }
+    }
+#ifndef XP_MAC
+    else {
+#ifdef WIN32
+        if (numTries < 20) {
+            Sleep(100);
+            numTries++;
+            goto poll_sockets;
+        }
+#endif
+#ifdef XP_UNIX
+	if (numTries < 25) {
+	  numTries += sleep(1);
+	  goto poll_sockets;
+	}
+#endif
+    }
+#endif
+    
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Get the PKCS7 content info */
+    if (CMT_GetRIDAttribute(control, connectionID, SSM_FID_P7CONN_CONTENT_INFO,
+                            resourceID) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+    if (control) {
+        CMT_CloseDataConnection(control, connectionID);
+    }
+    
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7DestroyContentInfo(PCMT_CONTROL control, CMUint32 resourceID)
+{
+    if (!control) {
+        goto loser;
+    }
+
+    /* Delete the resource */
+    if (CMT_DestroyResource(control, resourceID, SSM_FID_P7CONN_CONTENT_INFO) == CMTFailure) {
+        goto loser;
+    }
+    return CMTSuccess;
+
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7VerifyDetachedSignature(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 certUsage, CMUint32 hashAlgID, CMUint32 keepCerts, CMTItem* digest, CMInt32 * result)
+{
+    CMTItem message;
+    VerifyDetachedSigRequest request;
+    SingleNumMessage reply;
+
+    /* Do some parameter checking */
+    if (!control || !digest || !result) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.pkcs7ContentID = resourceID;
+    request.certUsage = certUsage;
+    request.hashAlgID = hashAlgID;
+    request.keepCert = (CMBool) keepCerts;
+    request.hash = *digest;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(VerifyDetachedSigRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_VERIFY_DETACHED_SIG;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING |SSM_VERIFY_DETACHED_SIG)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *result = reply.value;
+    return CMTSuccess;
+loser:
+	*result = reply.value;
+	return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7VerifySignature(PCMT_CONTROL control, CMUint32 pubKeyAlgID,
+                                   CMTItem *pubKeyParams, CMTItem *signerPubKey,
+                                   CMTItem *computedHash, CMTItem *signature,
+                                   CMInt32 *result)
+{
+	return CMTFailure;
+}
+
+CMTStatus CMT_CreateSigned(PCMT_CONTROL control, CMUint32 scertRID,
+                           CMUint32 ecertRID, CMUint32 dig_alg,
+                           CMTItem *digest, CMUint32 *ciRID, CMInt32 *errCode)
+{
+    CMTItem message;
+    CreateSignedRequest request;
+    CreateContentInfoReply reply;
+    char checkMessageForError = 0;
+
+    /* Do some parameter checking */
+    if (!control || !scertRID || !digest || !ciRID) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.scertRID = scertRID;
+    request.ecertRID = ecertRID;
+    request.dig_alg = dig_alg;
+    request.digest = *digest;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CreateSignedRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_SIGNED;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+    checkMessageForError = 1;
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_SIGNED)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *ciRID = reply.ciRID;
+    if (reply.result == 0) {
+		return CMTSuccess;
+	} 
+
+loser:
+    if (checkMessageForError && 
+	CMT_DecodeMessage(SingleNumMessageTemplate, 
+			  &reply, &message) == CMTSuccess) {
+        *errCode = reply.errorCode;
+    } else {
+        *errCode = 0;
+    }
+	return CMTFailure;
+}
+
+CMTStatus CMT_CreateEncrypted(PCMT_CONTROL control, CMUint32 scertRID,
+                              CMUint32 *rcertRIDs, CMUint32 *ciRID)
+{
+    CMTItem message;
+    CMInt32 nrcerts;
+    CreateEncryptedRequest request;
+    CreateContentInfoReply reply;
+
+    /* Do some parameter checking */
+    if (!control || !scertRID || !rcertRIDs || !ciRID) {
+        goto loser;
+    }
+
+    /* Calculate the number of certs */
+    for (nrcerts =0; rcertRIDs[nrcerts] != 0; nrcerts++) {
+        /* Nothing */
+        ;
+    }
+
+    /* Set up the request */
+    request.scertRID = scertRID;
+    request.nrcerts = nrcerts;
+    request.rcertRIDs = (long *) rcertRIDs;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CreateEncryptedRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_ENCRYPTED;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message response type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_ENCRYPTED)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *ciRID = reply.ciRID;
+    if (reply.result == 0) {
+		return CMTSuccess;
+	} 
+loser:
+	return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7EncoderStart(PCMT_CONTROL control, CMUint32 ciRID,
+                                CMUint32 *connectionID, CMTP7ContentCallback cb,
+                                void *cb_arg)
+{
+    CMTItem message;
+    CMTStatus rv;
+    CMTP7Private *priv;
+    PKCS7DataConnectionRequest request;
+    DataConnectionReply reply;
+
+    /* Check passed in parameters */
+    if (!control || !ciRID) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = ciRID;
+    request.clientContext.len = 0;
+    request.clientContext.data = NULL;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(PKCS7DataConnectionRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7ENCODE_STREAM;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7ENCODE_STREAM)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        CMTSocket sock;
+
+        priv = (CMTP7Private *)malloc(sizeof(CMTP7Private));
+        if (priv == NULL)
+            goto loser;
+        priv->priv.dest = (CMTReclaimFunc) free;
+        priv->cb = cb;
+        priv->cb_arg = cb_arg;
+
+        sock = control->sockFuncs.socket(0);
+        if (sock == NULL) {
+            goto loser;
+        }
+        if (control->sockFuncs.connect(sock, (short)reply.port, 
+                                       NULL) != CMTSuccess) {
+            goto loser;
+        }
+        if (control->sockFuncs.send(sock, control->nonce.data, 
+                                   control->nonce.len) != control->nonce.len) {
+            goto loser;
+        }
+        /* Save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID)
+            != CMTSuccess) {
+            goto loser;
+        }
+        *connectionID = reply.connID;
+
+        rv = CMT_SetPrivate(control, reply.connID, &priv->priv);
+        if (rv != CMTSuccess)
+            goto loser;
+        return CMTSuccess;
+    } 
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7EncoderUpdate(PCMT_CONTROL control, CMUint32 connectionID,
+                                 const char *buf, CMUint32 len)
+{
+    CMUint32 sent;
+    CMTP7Private *priv;
+    unsigned long nbytes;
+    char read_buf[128];
+    CMTSocket sock, ctrlsock, sockArr[2], selSock;
+
+    /* Do some parameter checking */
+    if (!control || !connectionID || !buf) {
+        goto loser;
+    }
+
+    /* Get the data socket */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    /* Write the data to the socket */
+    sent = CMT_WriteThisMany(control, sock, (void*)buf, len);
+    if (sent != len) {
+        goto loser;
+    }
+	ctrlsock = control->sock;
+	sockArr[0] = ctrlsock;
+	sockArr[1] = sock;
+    while ((selSock = control->sockFuncs.select(sockArr, 2, 1)) != NULL) 
+    {
+		if (selSock == ctrlsock) {
+			CMT_ProcessEvent(control);
+		} else {
+	        nbytes = control->sockFuncs.recv(sock, read_buf, sizeof(read_buf));
+		    if (nbytes == -1) {
+			    goto loser;
+			} else if (nbytes == 0) {
+	            break;
+		    } else {
+			    priv->cb(priv->cb_arg, read_buf, nbytes);
+			}
+		}
+    }
+    return CMTSuccess;
+
+loser:
+
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7EncoderFinish(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    CMTP7Private *priv;
+    CMInt32 nbytes;
+    char buf[128];
+    CMTSocket sock, ctrlsock, sockArr[2], selSock;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    ctrlsock = control->sock;
+    sockArr[0] = ctrlsock;
+    sockArr[1] = sock;
+    control->sockFuncs.shutdown(sock);
+    while (1) {
+        selSock = control->sockFuncs.select(sockArr, 2, 0);
+        if (selSock == ctrlsock) {
+            CMT_ProcessEvent(control);
+        } else if (selSock == sock) {
+            nbytes = control->sockFuncs.recv(sock, buf, sizeof(buf));
+            if (nbytes < 0) {
+                goto loser;
+            } else if (nbytes == 0) {
+                break;
+            } else {
+                priv->cb(priv->cb_arg, buf, nbytes);
+            }
+        }
+    }
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+    if (control) {
+        CMT_CloseDataConnection(control, connectionID);
+    }
+    
+    return CMTFailure;
+}

mozilla/security/psm/lib/client/cmtres.c

@@ -0,0 +1,479 @@
+/* -*- mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2)
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#else
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include <string.h>
+
+CMTStatus CMT_GetNumericAttribute(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 fieldID, CMInt32 *value)
+{
+    CMTItem message;
+    GetAttribRequest request;
+    GetAttribReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(GetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_NUMERIC_ATTRIBUTE;
+
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_NUMERIC_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(GetAttribReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *value = reply.value.u.numeric;
+
+    /* Success */
+    if (reply.result == 0) {
+        return CMTSuccess;
+    } 
+
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_SetNumericAttribute(PCMT_CONTROL control, CMUint32 resourceID,
+				  CMUint32 fieldID, CMInt32 value)
+{
+    CMTItem message;
+    SetAttribRequest request;
+
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+    request.value.type = SSM_NUMERIC_ATTRIBUTE;
+    request.value.u.numeric = value;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(SetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+                   SSM_SET_ATTRIBUTE | SSM_NUMERIC_ATTRIBUTE;
+
+    if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | 
+                              SSM_SET_ATTRIBUTE    | SSM_NUMERIC_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_PadStringValue(CMTItem *dest, CMTItem src)
+{
+    dest->data = NewArray(unsigned char, src.len+1);
+    if (dest->data == NULL) {
+        return CMTFailure;
+    }
+    memcpy(dest->data, src.data, src.len);
+    dest->data[src.len] = '\0';
+    dest->len = src.len;
+    free(src.data);
+    return CMTSuccess;
+}
+
+CMTStatus CMT_GetStringAttribute(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 fieldID, CMTItem *value)
+{
+    CMTItem message;
+    GetAttribRequest request;
+    GetAttribReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(GetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_STRING_ATTRIBUTE;
+    
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_STRING_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    /* Decode the response */
+    if (CMT_DecodeMessage(GetAttribReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        return CMT_PadStringValue(value, reply.value.u.string);
+    } 
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_SetStringAttribute(PCMT_CONTROL control, CMUint32 resourceID,
+		       CMUint32 fieldID, CMTItem *value)
+{
+    CMTItem message;
+    SetAttribRequest request;
+    
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+    request.value.type = SSM_STRING_ATTRIBUTE;
+    request.value.u.string = *value;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+                   SSM_SET_ATTRIBUTE | SSM_STRING_ATTRIBUTE;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message request type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | 
+                         SSM_SET_ATTRIBUTE    | SSM_STRING_ATTRIBUTE)) {
+        goto loser;
+    }
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_DuplicateResource(PCMT_CONTROL control, CMUint32 resourceID,
+				CMUint32 *newResID)
+{
+    CMTItem message;
+    SingleNumMessage request;
+    DupResourceReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.value = resourceID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_DUPLICATE_RESOURCE;
+
+    /* Send the mesage */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_DUPLICATE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DupResourceReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *newResID = reply.resID;
+        return CMTSuccess;
+    } 
+
+loser:
+    *newResID = 0;
+    return CMTFailure;
+}
+
+CMTStatus CMT_DestroyResource(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 resourceType)
+{
+    CMTItem message;
+    DestroyResourceRequest request;
+    SingleNumMessage reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.resType = resourceType;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(DestroyResourceRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_DESTROY_RESOURCE;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_DESTROY_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.value == 0) {
+        return CMTSuccess;
+    }
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_PickleResource(PCMT_CONTROL control, CMUint32 resourceID, CMTItem * pickledResource)
+{
+    CMTItem message;
+    SingleNumMessage request;
+    PickleResourceReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.value = resourceID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_PICKLE_RESOURCE;
+
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_PICKLE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(PickleResourceReplyTemplate, &reply,&message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *pickledResource = reply.blob;
+        return CMTSuccess;
+    } 
+
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_UnpickleResource(PCMT_CONTROL control, CMUint32 resourceType, CMTItem pickledResource, CMUint32 * resourceID)
+{
+    CMTItem message;
+    UnpickleResourceRequest request;
+    UnpickleResourceReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resourceType = resourceType;
+    request.resourceData = pickledResource;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(UnpickleResourceRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_UNPICKLE_RESOURCE;
+    
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_UNPICKLE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(UnpickleResourceReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *resourceID = reply.resID;
+        return CMTSuccess;
+    } 
+
+loser:
+    *resourceID = 0;
+    return CMTFailure;
+}
+
+CMTStatus CMT_GetRIDAttribute(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 fieldID, CMUint32 *value)
+{
+    CMTItem message;
+    GetAttribRequest request;
+    GetAttribReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(GetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_RID_ATTRIBUTE;
+
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message response type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_RID_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(GetAttribReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *value = reply.value.u.rid;
+        return CMTSuccess;
+    } 
+loser:
+    return CMTFailure;
+}
+ 

mozilla/security/psm/lib/client/cmtrng.c

@@ -0,0 +1,270 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  cmtrng.c -- Support for PSM random number generator and the seeding
+              thereof with data from the client.
+
+  Created by mwelch 1999 Oct 21
+ */
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+#include <string.h>
+
+CMTStatus
+CMT_EnsureInitializedRNGBuf(PCMT_CONTROL control)
+{
+    if (control->rng.outBuf == NULL)
+    {
+        control->rng.outBuf = (char *) calloc(RNG_OUT_BUFFER_LEN, sizeof(char));
+        if (control->rng.outBuf == NULL)
+            goto loser;
+
+        control->rng.validOutBytes = 0;
+        control->rng.out_cur = control->rng.outBuf;
+        control->rng.out_end = control->rng.out_cur + RNG_OUT_BUFFER_LEN;
+        
+        control->rng.inBuf = (char *) calloc(RNG_IN_BUFFER_LEN, sizeof(char));
+        if (control->rng.outBuf == NULL)
+            goto loser;
+    }
+
+    return CMTSuccess;
+
+ loser:
+    if (control->rng.outBuf != NULL)
+    {
+        free(control->rng.outBuf);
+        control->rng.outBuf = NULL;
+    }
+    if (control->rng.inBuf != NULL)
+    {
+        free(control->rng.inBuf);
+        control->rng.inBuf = NULL;
+    }
+
+    return CMTFailure;
+}
+
+
+size_t 
+CMT_RequestPSMRandomData(PCMT_CONTROL control, 
+                         void *buf, CMUint32 maxbytes)
+{
+    SingleNumMessage req;
+    SingleItemMessage reply;
+    CMTItem message;
+    size_t rv = 0;
+    
+    /* Parameter checking */
+    if (!control || !buf || (maxbytes == 0))
+        goto loser;
+
+    /* Initialization. */
+    memset(&reply, 0, sizeof(SingleItemMessage));
+
+    /* Ask PSM for the data. */
+    req.value = maxbytes;
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &req) != CMTSuccess)
+        goto loser;
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_MISC_ACTION | SSM_MISC_GET_RNG_DATA;
+    
+    /* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure)
+        goto loser;
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_MISC_ACTION | SSM_MISC_GET_RNG_DATA))
+        goto loser;
+
+    /* Decode message */
+    if (CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message) != CMTSuccess)
+        goto loser;
+
+    /* Success - fill the return buf with what we got */
+    if (reply.item.len > maxbytes)
+        reply.item.len = maxbytes;
+
+    memcpy(buf, reply.item.data, reply.item.len);
+    rv = reply.item.len;
+
+ loser:
+    if (reply.item.data)
+        free(reply.item.data);
+    if (message.data)
+        free(message.data);
+
+    return rv;
+}
+
+size_t 
+CMT_GenerateRandomBytes(PCMT_CONTROL control, 
+                        void *buf, CMUint32 maxbytes)
+{
+    CMUint32 remaining = maxbytes;
+    CMT_RNGState *rng = &(control->rng);
+    char *walk = (char *) buf;
+
+    /* Is there already enough in the incoming cache? */
+    while(remaining > rng->validInBytes)
+    {
+        /* Get what we have on hand. */
+        memcpy(walk, rng->in_cur, rng->validInBytes);
+        walk += rng->validInBytes;
+        remaining -= rng->validInBytes;
+
+        /* Request a buffer from PSM. */
+        rng->validInBytes = CMT_RequestPSMRandomData(control, 
+                                                     rng->inBuf, 
+                                                     RNG_IN_BUFFER_LEN);
+        if (rng->validInBytes == 0)
+            return (maxbytes - remaining); /* call failed */
+        rng->in_cur = rng->inBuf;
+    }
+    if (remaining > 0)
+    {
+        memcpy(walk, rng->in_cur, remaining);
+        rng->in_cur += remaining;
+        rng->validInBytes -= remaining;
+    }
+    return maxbytes;
+}
+
+void
+cmt_rng_xor(void *dstBuf, void *srcBuf, int len)
+{
+    unsigned char *s = (unsigned char*) srcBuf;
+    unsigned char *d = (unsigned char*) dstBuf;
+    unsigned char tmp;
+    int i;
+
+    for(i=0; i<len; i++, s++, d++)
+    {
+        tmp = *d;
+        /* I wish C had circular shift operators. So do others on the team. */
+        tmp = ((tmp << 1) | (tmp >> 7));
+        *d = tmp ^ *s;
+    }
+}
+
+CMTStatus 
+CMT_RandomUpdate(PCMT_CONTROL control, void *data, size_t numbytes)
+{
+    size_t dataLeft = numbytes, cacheLeft;
+    char *walk = (char *) data;
+
+    if (CMT_EnsureInitializedRNGBuf(control) != CMTSuccess)
+        goto loser;
+
+    /* If we have more than what the buffer can handle, wrap around. */
+    cacheLeft = (control->rng.out_end - control->rng.out_cur);
+    while (dataLeft >= cacheLeft)
+    {
+        cmt_rng_xor(control->rng.out_cur, walk, cacheLeft);
+        walk += cacheLeft;
+        dataLeft -= cacheLeft;
+
+        control->rng.out_cur = control->rng.outBuf;
+
+        /* Max out used space */
+        control->rng.validOutBytes = cacheLeft = RNG_OUT_BUFFER_LEN;
+    }
+
+    /* 
+       We now have less seed data available than we do space in the buf.
+       Write what we have and update validOutBytes if we're not looping already.
+     */
+    cmt_rng_xor(control->rng.out_cur, walk, dataLeft);
+    control->rng.out_cur += dataLeft;
+    if (control->rng.validOutBytes < RNG_OUT_BUFFER_LEN)
+        control->rng.validOutBytes += dataLeft;
+
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+size_t
+CMT_GetNoise(PCMT_CONTROL control, void *buf, CMUint32 maxbytes)
+{
+    /* ### mwelch - GetNoise and GenerateRandomBytes can be the 
+       same function now, because presumably the RNG is being 
+       seeded with environmental noise on the PSM end before we 
+       make any of these requests */
+    return CMT_GenerateRandomBytes(control, buf, maxbytes);
+}
+
+CMTStatus 
+CMT_FlushPendingRandomData(PCMT_CONTROL control)
+{
+    CMTItem message;
+
+    memset(&message, 0, sizeof(CMTItem));
+
+    if (CMT_EnsureInitializedRNGBuf(control) != CMTSuccess)
+        return CMTFailure; /* couldn't initialize RNG buffer */
+
+    if (control->rng.validOutBytes == 0)
+        return CMTSuccess; /* no random data available == we're flushed */
+
+    /* We have random data available. Send this to PSM.
+       We're sending an event, so no reply is needed. */
+    message.type = SSM_EVENT_MESSAGE 
+        | SSM_MISC_ACTION 
+        | SSM_MISC_PUT_RNG_DATA;
+    message.len = control->rng.validOutBytes;
+    message.data = (unsigned char *) calloc(message.len, sizeof(char));
+    if (!message.data)
+        goto loser;
+    memcpy(message.data, control->rng.outBuf, message.len);
+
+    if (CMT_TransmitMessage(control, &message) == CMTFailure)
+        goto loser;
+
+    /* Clear the RNG ring buffer, we've used that data */
+    control->rng.out_cur = control->rng.outBuf;
+    control->rng.validOutBytes = 0;
+    /* zero the buffer, because we XOR in new data */
+    memset(control->rng.outBuf, 0, RNG_OUT_BUFFER_LEN);
+
+    goto done;
+ loser:
+    if (message.data)
+        free(message.data);
+    return CMTFailure;
+ done:
+    return CMTSuccess;
+}

mozilla/security/psm/lib/client/cmtsdr.c

@@ -0,0 +1,237 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  cmtsdr.c -- Support for the Secret Decoder Ring, which provides
+      encryption and decryption using stored keys.
+
+  Created by thayes 18 April 2000
+ */
+#include "stddef.h"
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "protocolshr.h"
+#include "rsrcids.h"
+#include <string.h>
+
+#undef PROCESS_LOCALLY
+
+/* Encryption result - contains the key id and the resulting data */
+/* An empty key id indicates that NO encryption was performed */
+typedef struct EncryptionResult
+{
+  CMTItem keyid;
+  CMTItem data;
+} EncryptionResult;
+
+/* Constants for testing */
+static const char *kPrefix = "Encrypted:";
+
+static CMTItem
+CMT_CopyDataToItem(const unsigned char *data, CMUint32 len)
+{
+  CMTItem item;
+
+  item.data = (unsigned char*) calloc(len, 1);
+  item.len = len;
+  memcpy(item.data, data, len);
+
+  return item;
+}
+
+
+static CMTStatus
+tmp_SendMessage(PCMT_CONTROL control, CMTItem *message)
+{
+#ifndef PROCESS_LOCALLY
+  return CMT_SendMessage(control, message);
+#else
+  if (message->type == SSM_SDR_ENCRYPT_REQUEST) 
+    return CMT_DoEncryptionRequest(message);
+  else if (message->type == SSM_SDR_DECRYPT_REQUEST)
+    return CMT_DoDecryptionRequest(message);
+
+  return CMTFailure;
+#endif
+}
+/* End test code */
+
+CMTStatus
+CMT_SDREncrypt(PCMT_CONTROL control, void *ctx,
+               const unsigned char *key, CMUint32 keyLen,
+               const unsigned char *data, CMUint32 dataLen,
+               unsigned char **result, CMUint32 *resultLen)
+{
+  CMTStatus rv = CMTSuccess;
+  CMTItem message;
+  EncryptRequestMessage request;
+  SingleItemMessage reply;
+
+  /* Fill in the request */
+  request.keyid = CMT_CopyDataToItem(key, keyLen);
+  request.data = CMT_CopyDataToItem(data, dataLen);
+  request.ctx = CMT_CopyPtrToItem(ctx);
+
+  reply.item.data = 0;
+  reply.item.len = 0;
+  message.data = 0;
+  message.len = 0;
+
+  /* Encode */
+  rv = CMT_EncodeMessage(EncryptRequestTemplate, &message, &request);
+  if (rv != CMTSuccess) {
+    goto loser;
+  }
+
+  message.type = SSM_SDR_ENCRYPT_REQUEST;
+
+  /* Send */
+  /* if (CMT_SendMessage(control, &message) != CMTSuccess) goto loser; */
+  rv = tmp_SendMessage(control, &message);
+  if (rv != CMTSuccess) goto loser;
+
+  if (message.type != SSM_SDR_ENCRYPT_REPLY) { rv = CMTFailure; goto loser; }
+
+  rv = CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message);
+  if (rv != CMTSuccess)
+    goto loser;
+
+  *result = reply.item.data;
+  *resultLen = reply.item.len;
+
+  reply.item.data = 0;
+
+loser:
+  if (message.data) free(message.data);
+  if (request.keyid.data) free(request.keyid.data);
+  if (request.data.data) free(request.data.data);
+  if (request.ctx.data) free(request.ctx.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv; /* need return value */
+}
+
+CMTStatus
+CMT_SDRDecrypt(PCMT_CONTROL control, void *ctx,
+               const unsigned char *data, CMUint32 dataLen,
+               unsigned char **result, CMUint32 *resultLen)
+{
+  CMTStatus rv;
+  CMTItem message;
+  DecryptRequestMessage request;
+  SingleItemMessage reply;
+
+  /* Fill in the request */
+  request.data = CMT_CopyDataToItem(data, dataLen);
+  request.ctx = CMT_CopyPtrToItem(ctx);
+
+  reply.item.data = 0;
+  reply.item.len = 0;
+  message.data = 0;
+  message.len = 0;
+
+  /* Encode */
+  rv = CMT_EncodeMessage(DecryptRequestTemplate, &message, &request);
+  if (rv != CMTSuccess) {
+    goto loser;
+  }
+
+  message.type = SSM_SDR_DECRYPT_REQUEST;
+
+  /* Send */
+  /* if (CMT_SendMessage(control, &message) != CMTSuccess) goto loser; */
+  rv = tmp_SendMessage(control, &message);
+  if (rv != CMTSuccess) goto loser;
+
+  if (message.type != SSM_SDR_DECRYPT_REPLY) { rv = CMTFailure; goto loser; }
+
+  rv = CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message);
+  if (rv != CMTSuccess)
+    goto loser;
+
+  *result = reply.item.data;
+  *resultLen = reply.item.len;
+
+  reply.item.data = 0;
+
+loser:
+  if (message.data) free(message.data);
+  if (request.data.data) free(request.data.data);
+  if (request.ctx.data) free(request.ctx.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv; /* need return value */
+}
+
+CMTStatus
+CMT_SDRChangePassword(PCMT_CONTROL control, void *ctx)
+{
+  CMTStatus rv = CMTSuccess;
+  CMTItem message;
+  SingleItemMessage request;
+  SingleNumMessage reply;
+
+  /* Fill in the request */
+  request.item = CMT_CopyPtrToItem(ctx);
+
+  message.data = 0;
+  message.len = 0;
+
+  /* Encode */
+  rv = CMT_EncodeMessage(SingleItemMessageTemplate, &message, &request);
+  if (rv != CMTSuccess) {
+    goto loser;
+  }
+
+  message.type = (SSM_REQUEST_MESSAGE|SSM_MISC_ACTION|SSM_MISC_UI|SSM_UI_CHANGE_PASSWORD);
+
+  /* Send */
+  rv = CMT_SendMessage(control, &message);
+  if (rv != CMTSuccess) goto loser;
+
+  if (message.type != 
+     (SSM_REPLY_OK_MESSAGE|SSM_MISC_ACTION|SSM_MISC_UI|SSM_UI_CHANGE_PASSWORD)) { 
+    rv = CMTFailure;
+    goto loser; 
+  }
+
+  rv = CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message);
+  if (rv != CMTSuccess)
+    goto loser;
+
+loser:
+  if (request.item.data) free(request.item.data);
+  if (message.data) free(message.data);
+
+  return rv; /* need return value */
+}

mozilla/security/psm/lib/client/cmtssl.c

@@ -0,0 +1,467 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2)
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#else /* windows */
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+
+
+
+CMTStatus CMT_OpenSSLConnection(PCMT_CONTROL control, CMTSocket sock,
+                                SSMSSLConnectionRequestType flags, 
+                                CMUint32 port, char * hostIP, 
+                                char * hostName, CMBool forceHandshake, void* clientContext)
+{
+	CMTItem message;
+    SSLDataConnectionRequest request;
+    DataConnectionReply reply;
+    CMUint32 sent;
+	
+	/* Do some parameter checking */
+	if (!control || !hostIP || !hostName) {
+		goto loser;
+	}
+
+    request.flags = flags;
+    request.port = port;
+    request.hostIP = hostIP;
+    request.hostName = hostName;
+    request.forceHandshake = forceHandshake;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+
+    /* Encode message */
+    if (CMT_EncodeMessage(SSLDataConnectionRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_SSL_CONNECTION;
+    
+	/* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_SSL_CONNECTION)) {
+        goto loser;
+    }
+
+    /* Decode message */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+	/* Success */
+	if (reply.result == 0) {
+	  if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+	  }
+	  sent = CMT_WriteThisMany(control, sock, control->nonce.data, 
+                               control->nonce.len);
+	  if (sent != control->nonce.len) {
+            goto loser;
+	  }
+	  
+	  /* Save connection info */
+	  if (CMT_AddDataConnection(control, sock, reply.connID)
+	      != CMTSuccess) {
+	    goto loser;
+	  }
+
+	  return CMTSuccess;
+	} 
+	
+loser:
+	return CMTFailure;
+}
+
+CMTStatus CMT_GetSSLDataErrorCode(PCMT_CONTROL control, CMTSocket sock,
+                                  CMInt32* errorCode)
+{
+    CMUint32 connID;
+
+    if (!control || !errorCode) {
+        goto loser;
+    }
+
+    /* get the data connection */
+    if (CMT_GetDataConnectionID(control, sock, &connID) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* get the PR error */
+    if (CMT_GetNumericAttribute(control, connID, SSM_FID_SSLDATA_ERROR_VALUE,
+                                errorCode) != CMTSuccess) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_ReleaseSSLSocketStatus(PCMT_CONTROL control, CMTSocket sock)
+{
+    CMUint32 connectionID;
+
+    if (!control || !sock) {
+        goto loser;
+    }
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+        goto loser;
+    }
+    if (CMT_SetNumericAttribute(control, connectionID, 
+                                SSM_FID_SSLDATA_DISCARD_SOCKET_STATUS,
+                                0) != CMTSuccess) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_GetSSLSocketStatus(PCMT_CONTROL control, CMTSocket sock, 
+                                 CMTItem* pickledStatus, CMInt32* level)
+{
+    CMUint32 connectionID;
+    SingleNumMessage request;
+    CMTItem message;
+    PickleSecurityStatusReply reply;
+
+    if (!control || !pickledStatus || !level) {
+        goto loser;
+    }
+
+	/* get the data connection */
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+		goto loser;
+	}
+
+    /* set up the request */
+    request.value = connectionID;
+
+    /* encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+        SSM_CONSERVE_RESOURCE | SSM_PICKLE_SECURITY_STATUS;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION |
+                         SSM_CONSERVE_RESOURCE | SSM_PICKLE_SECURITY_STATUS)) {
+        goto loser;
+    }
+
+    /* decode the reply */
+    if (CMT_DecodeMessage(PickleSecurityStatusReplyTemplate, &reply, &message)
+        != CMTSuccess) {
+        goto loser;
+    }
+
+    /* success */
+    if (reply.result == 0) {
+        *pickledStatus = reply.blob;
+        *level = reply.securityLevel;
+        return CMTSuccess;
+    }
+
+loser:
+    return CMTFailure;
+}
+
+
+CMTStatus CMT_OpenTLSConnection(PCMT_CONTROL control, CMTSocket sock,
+                                CMUint32 port, char* hostIP, char* hostName)
+{
+    TLSDataConnectionRequest request;
+    CMTItem message;
+    DataConnectionReply reply;
+    CMUint32 sent;
+
+    /* do some parameter checking */
+    if (!control || !hostIP || !hostName) {
+        goto loser;
+    }
+
+    request.port = port;
+    request.hostIP = hostIP;
+    request.hostName = hostName;
+
+    /* encode the message */
+    if (CMT_EncodeMessage(TLSDataConnectionRequestTemplate, &message, &request)
+        != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | 
+        SSM_TLS_CONNECTION;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | 
+                         SSM_TLS_CONNECTION)) {
+        goto loser;
+    }
+
+    /* decode the message */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* success */
+    if (reply.result == 0) {
+        if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+        }
+        sent = CMT_WriteThisMany(control, sock, control->nonce.data, 
+                                 control->nonce.len);
+        if (sent != control->nonce.len) {
+            goto loser;
+        }
+
+        /* save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID) != CMTSuccess) {
+            goto loser;
+        }
+
+        return CMTSuccess;
+    }
+loser:
+    return CMTFailure;
+}
+
+
+CMTStatus CMT_TLSStepUp(PCMT_CONTROL control, CMTSocket sock, 
+                        void* clientContext)
+{
+    TLSStepUpRequest request;
+    SingleNumMessage reply;
+    CMTItem message;
+    CMUint32 connectionID;
+
+    /* check arguments */
+    if (!control || !sock) {
+        goto loser;
+    }
+
+    /* get the data connection ID */
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set up the request */
+    request.connID = connectionID;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+
+    /* encode the request */
+    if (CMT_EncodeMessage(TLSStepUpRequestTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_TLS_STEPUP;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION |
+                         SSM_TLS_STEPUP)) {
+        goto loser;
+    }
+
+    /* decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    return (CMTStatus) reply.value;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_OpenSSLProxyConnection(PCMT_CONTROL control, CMTSocket sock,
+                                     CMUint32 port, char* hostIP, 
+                                     char* hostName)
+{
+    TLSDataConnectionRequest request;
+    CMTItem message;
+    DataConnectionReply reply;
+    CMUint32 sent;
+
+    /* do some parameter checking */
+    if (!control || !hostIP || !hostName) {
+        goto loser;
+    }
+
+    request.port = port;
+    request.hostIP = hostIP;
+    request.hostName = hostName;
+
+    /* encode the message */
+    if (CMT_EncodeMessage(TLSDataConnectionRequestTemplate, &message, &request)
+        != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | 
+        SSM_PROXY_CONNECTION;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | 
+                         SSM_PROXY_CONNECTION)) {
+        goto loser;
+    }
+
+    /* decode the message */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* success */
+    if (reply.result == 0) {
+        if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+        }
+        sent = CMT_WriteThisMany(control, sock, control->nonce.data, 
+                                 control->nonce.len);
+        if (sent != control->nonce.len) {
+            goto loser;
+        }
+
+        /* save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID) != CMTSuccess) {
+            goto loser;
+        }
+
+        return CMTSuccess;
+    }
+loser:
+    return CMTFailure;
+}
+
+
+CMTStatus CMT_ProxyStepUp(PCMT_CONTROL control, CMTSocket sock, 
+                        void* clientContext, char* remoteUrl)
+{
+    ProxyStepUpRequest request;
+    SingleNumMessage reply;
+    CMTItem message;
+    CMUint32 connectionID;
+
+    /* check arguments */
+    if (!control || !sock || !remoteUrl) {
+        goto loser;
+    }
+
+    /* get the data connection ID */
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set up the request */
+    request.connID = connectionID;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+    request.url = remoteUrl;
+
+    /* encode the request */
+    if (CMT_EncodeMessage(ProxyStepUpRequestTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+        SSM_PROXY_STEPUP;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION |
+                         SSM_PROXY_STEPUP)) {
+        goto loser;
+    }
+
+    /* decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    return (CMTStatus) reply.value;
+loser:
+    return CMTFailure;
+}

mozilla/security/psm/lib/client/cmtutils.c

@@ -0,0 +1,648 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#if defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_OS2)
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#else /* Windows */
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "newproto.h"
+#include <string.h>
+
+/* Local defines */
+#if 0
+#define PSM_WAIT_BEFORE_SLEEP           (CM_TicksPerSecond() * 60)
+#define PSM_SPINTIME                    PSM_WAIT_BEFORE_SLEEP
+#define PSM_KEEP_CONNECTION_ALIVE       (PSM_WAIT_BEFORE_SLEEP * 900)
+#endif
+
+/* If you want to dump the messages sent between the plug-in and the PSM 
+ * server, then remove the comment for the appropriate define.
+ */
+#if 0
+#define PRINT_SEND_MESSAGES
+#define PRINT_RECEIVE_MESSAGES
+#endif
+
+#ifdef PRINT_SEND_MESSAGES
+#ifndef DEBUG_MESSAGES
+#define DEBUG_MESSAGES
+#endif /*DEBUG_MESSAGES*/
+#endif /*PRINT_SEND_MESSAGES*/
+
+#ifdef PRINT_RECEIVE_MESSAGES
+#ifndef DEBUG_MESSAGES
+#define DEBUG_MESSAGES
+#endif /*DEBUG_MESSAGES*/
+#endif /*PRINT_RECEIVE_MESSAGES*/
+
+#ifdef DEBUG_MESSAGES
+#define LOG(x) do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, x); fclose(f); } } while(0);
+#define LOG_S(x) do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, "%s", x); fclose(f); } } while(0);
+#define ASSERT(x) if (!(x)) { LOG("ASSERT:"); LOG(#x); LOG("\n"); exit(-1); }
+#else
+#define LOG(x)
+#define LOG_S(x)
+#define ASSERT(x)
+#endif
+
+CMUint32
+cmt_Strlen(char *str)
+{
+    CMUint32 len = strlen(str);
+    return sizeof(CMInt32) + (((len + 3)/4)*4);
+}
+
+CMUint32
+cmt_Bloblen(CMTItem *blob)
+{
+    return sizeof(CMInt32) + (((blob->len +3)/4)*4);
+}
+
+char *
+cmt_PackString(char *buf, char *str)
+{
+    CMUint32 len = strlen(str);
+    CMUint32 networkLen = htonl(len);
+    CMUint32 padlen = ((len + 3)/4)*4;
+
+    memcpy(buf, &networkLen, sizeof(CMUint32));
+    memcpy(buf + sizeof(CMUint32), str, len);
+    memset(buf + sizeof(CMUint32) + len, 0, padlen - len);
+
+    return buf+sizeof(CMUint32)+padlen;
+}
+
+char *
+cmt_PackBlob(char *buf, CMTItem *blob)
+{
+    CMUint32 len = blob->len;
+    CMUint32 networkLen = htonl(len);
+    CMUint32 padlen = (((blob->len + 3)/4)*4);
+
+    *((CMUint32*)buf) = networkLen;
+    memcpy(buf + sizeof(CMUint32), blob->data, len);
+    memset(buf + sizeof(CMUint32) + len, 0, padlen - len);
+
+    return buf + sizeof(CMUint32) + padlen;
+}
+
+char *
+cmt_UnpackString(char *buf, char **str)
+{
+    char *p = NULL;
+    CMUint32 len, padlen;
+
+    /* Get the string length */
+    len = ntohl(*(CMUint32*)buf);
+
+    /* Get the padded length */
+    padlen = ((len + 3)/4)*4;
+
+    /* Allocate the string and copy the data */
+    p = (char *) malloc(len + 1);
+    if (!p) {
+        goto loser;
+    }
+    /* Copy the data and NULL terminate */
+    memcpy(p, buf+sizeof(CMUint32), len);
+    p[len] = 0;
+
+    *str = p;
+    return buf+sizeof(CMUint32)+padlen;
+loser:
+    *str = NULL;
+    if (p) {
+        free(p);
+    }
+    return buf+sizeof(CMUint32)+padlen;
+}
+
+char *
+cmt_UnpackBlob(char *buf, CMTItem **blob)
+{
+    CMTItem *p = NULL;
+    CMUint32 len, padlen;
+
+    /* Get the blob length */
+    len = ntohl(*(CMUint32*)buf);
+    
+    /* Get the padded length */
+    padlen = ((len + 3)/4)*4;
+
+    /* Allocate the CMTItem for the blob */
+    p = (CMTItem*)malloc(sizeof(CMTItem));
+    if (!p) {
+        goto loser;
+    }
+    p->len = len;
+    p->data = (unsigned char *) malloc(len);
+    if (!p->data) {
+        goto loser;
+    }
+
+    /* Copy that data across */
+    memcpy(p->data, buf+sizeof(CMUint32), len);
+    *blob = p;
+
+    return buf+sizeof(CMUint32)+padlen;
+
+loser:
+    *blob = NULL;
+    CMT_FreeMessage(p);
+
+    return buf+sizeof(CMUint32)+padlen;
+}
+
+#ifdef DEBUG_MESSAGES
+void prettyPrintMessage(CMTItem *msg)
+{
+  int numLines = ((msg->len+7)/8);
+  char curBuffer[9], *cursor, string[2], hexVal[8];
+  char hexArray[25];
+  int i, j, numToCopy;
+
+  /*Try printing out 8 bytes at a time. */
+  LOG("\n**********************************************************\n");
+  LOG("About to pretty Print Message\n\n");
+  curBuffer[9] = '\0';
+  hexArray[24] = '\0';
+  hexVal[2] = '\0';
+  string[1] = '\0';
+  LOG("Header Info\n");
+  LOG("Message Type: ");
+  sprintf(hexArray, "%lx\n", msg->type);
+  LOG(hexArray);
+  LOG("Message Length: ");
+  sprintf (hexArray, "%ld\n\n", msg->len);
+  LOG(hexArray);
+  LOG("Body of Message\n");
+  for (i=0, cursor=msg->data; i<numLines; i++, cursor+=8) {
+    /* First copy over the buffer to our local array */
+    numToCopy = ((msg->len - (unsigned int)((unsigned long)cursor-(unsigned long)msg->data)) < 8) ?
+                msg->len - (unsigned int)((unsigned long)cursor-(unsigned long)msg->data) : 8;
+    memcpy(curBuffer, cursor, 8);
+    for (j=0;j<numToCopy;j++) {
+      string[0] = curBuffer[j];
+      if (isprint(curBuffer[j])) {
+	string[0] = curBuffer[j];
+      } else {
+	string[0] = ' ';
+      }
+      LOG(string);
+    }
+    string[0] = ' ';
+    for (;j<8;j++) {
+      LOG(string);
+    }
+    LOG("\t");
+    for (j=0; j<numToCopy; j++) {
+      sprintf (hexVal,"%.2x", 0x0ff & (unsigned short)curBuffer[j]);
+      LOG(hexVal);
+      LOG(" ");
+    }
+    LOG("\n");
+  }
+  LOG("Done Pretty Printing Message\n");
+  LOG("**********************************************************\n\n");
+}
+#endif
+
+CMTStatus CMT_ReadMessageDispatchEvents(PCMT_CONTROL control, CMTItem* message)
+{
+    CMTStatus status;
+    CMBool done = CM_FALSE;
+    CMUint32 msgCategory;
+    
+    /* We have to deal with other types of data on the socket and */
+    /* handle them accordingly */
+    while (!done) {
+    	status = CMT_ReceiveMessage(control, message);
+        if (status != CMTSuccess) {
+            goto loser;
+        }
+        msgCategory = (message->type & SSM_CATEGORY_MASK);
+        switch (msgCategory) {
+            case SSM_REPLY_OK_MESSAGE:
+                done = CM_TRUE;
+                break;
+            case SSM_REPLY_ERR_MESSAGE:
+                done = CM_TRUE;
+                break;
+            case SSM_EVENT_MESSAGE:
+                CMT_DispatchEvent(control, message);
+                break;
+            /* XXX FIX THIS!!! For the moment I'm ignoring all other types */
+            default:
+                break;
+        }
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_SendMessage(PCMT_CONTROL control, CMTItem* message)
+{
+	CMTStatus status;
+#ifdef PRINT_SEND_MESSAGES
+    LOG("About to print message sent to PSM\n");
+    prettyPrintMessage(message);
+#endif
+
+    /* Acquire lock on the control connection */
+    CMT_LOCK(control->mutex);
+
+    /* Try to send pending random data */
+    if (message->type != (SSM_REQUEST_MESSAGE | SSM_HELLO_MESSAGE))
+    {
+        /* If we've already said hello, then flush random data
+           just before sending the request. */
+        status = CMT_FlushPendingRandomData(control);
+        if (status != CMTSuccess)
+            goto loser;
+    }
+    
+	status = CMT_TransmitMessage(control, message);
+	if (status != CMTSuccess) {
+		goto loser;
+	}
+
+    if (CMT_ReadMessageDispatchEvents(control, message) != CMTSuccess) {
+        goto loser;
+    }
+    /* Release the control connection lock */
+    CMT_UNLOCK(control->mutex);
+	return CMTSuccess;
+loser:
+    /* Release the control connection lock */
+    CMT_UNLOCK(control->mutex);
+	return CMTFailure;
+}
+
+CMTStatus CMT_TransmitMessage(PCMT_CONTROL control, CMTItem * message)
+{
+    CMTMessageHeader header;
+	CMUint32 sent;
+
+    /* Set up the message header */
+    header.type = htonl(message->type);
+    header.len = htonl(message->len);
+
+	/* Send the message header */
+	sent = CMT_WriteThisMany(control, control->sock, 
+                             (void *)&header, sizeof(CMTMessageHeader));
+	if (sent != sizeof(CMTMessageHeader)) {
+		goto loser;
+	}
+
+	/* Send the message body */
+	sent = CMT_WriteThisMany(control, control->sock, (void *)message->data, 
+                             message->len);
+	if (sent != message->len) {
+		goto loser;
+	}
+
+    /* Free the buffer */
+    free(message->data);
+    message->data = NULL;
+	return CMTSuccess;
+
+loser:
+	return CMTFailure;
+}
+
+CMTStatus CMT_ReceiveMessage(PCMT_CONTROL control, CMTItem * response)
+{
+    CMTMessageHeader header;
+    CMUint32 numread;
+
+    /* Get the message header */
+    numread = CMT_ReadThisMany(control, control->sock, 
+                            (void *)&header, sizeof(CMTMessageHeader));
+    if (numread != sizeof(CMTMessageHeader)) {
+        goto loser;
+    }
+
+    response->type = ntohl(header.type);
+    response->len = ntohl(header.len);
+    response->data = (unsigned char *) malloc(response->len);
+    if (response->data == NULL) {
+        goto loser;
+    }
+
+    numread = CMT_ReadThisMany(control, control->sock, 
+                            (void *)(response->data), response->len); 
+    if (numread != response->len) {
+        goto loser;
+    }
+
+#ifdef PRINT_RECEIVE_MESSAGES
+    LOG("About to print message received from PSM.\n");
+    prettyPrintMessage(response);
+#endif /*PRINT_RECEIVE_MESSAGES*/
+    return CMTSuccess;
+loser:
+    if (response->data) {
+        free(response->data);
+    }
+    return CMTFailure;
+}
+
+CMUint32 CMT_ReadThisMany(PCMT_CONTROL control, CMTSocket sock, 
+                          void * buffer, CMUint32 thisMany)
+{
+	CMUint32 total = 0;
+  
+	while (total < thisMany) {
+		int got;
+		got = control->sockFuncs.recv(sock, (void*)((char*)buffer + total),
+                                      thisMany-total);
+		if (got < 0 ) {
+			break;
+		} 
+		total += got;
+	} 
+	return total;
+}
+ 
+CMUint32 CMT_WriteThisMany(PCMT_CONTROL control, CMTSocket sock, 
+                           void * buffer, CMUint32 thisMany)
+{
+	CMUint32 total = 0;
+  
+	while (total < thisMany) {
+		CMInt32 got;
+		got = control->sockFuncs.send(sock, (void*)((char*)buffer+total), 
+                                      thisMany-total);
+		if (got < 0) {
+			break;
+		}
+		total += got;
+	}
+	return total;
+}
+
+CMTItem* CMT_ConstructMessage(CMUint32 type, CMUint32 length)
+{
+    CMTItem * p;
+
+    p = (CMTItem*)malloc(sizeof(CMTItem));
+    if (!p) {
+	goto loser;
+    }
+
+    p->type = type;
+    p->len = length;
+    p->data = (unsigned char *) malloc(length);
+    if (!p->data) {
+	goto loser;
+    }
+    return p;
+
+loser:
+    CMT_FreeMessage(p);
+    return NULL;
+}
+
+void CMT_FreeMessage(CMTItem * p)
+{
+    if (p != NULL) {
+	if (p->data != NULL) {
+	    free(p->data);
+	}
+	free(p);
+    }
+}
+
+CMTStatus CMT_AddDataConnection(PCMT_CONTROL control, CMTSocket sock, 
+                                CMUint32 connectionID)
+{
+	PCMT_DATA ptr;
+
+	/* This is the first connection */
+	if (control->cmtDataConnections == NULL) {
+		control->cmtDataConnections = ptr = 
+            (PCMT_DATA)calloc(sizeof(CMT_DATA), 1);
+		if (!ptr) {
+			goto loser;
+		}
+	} else {
+	    /* Position at the last entry */
+	    for (ptr = control->cmtDataConnections; (ptr != NULL && ptr->next 
+                                                 != NULL); ptr = ptr->next);
+		ptr->next = (PCMT_DATA)calloc(sizeof(CMT_DATA), 1);
+		if (!ptr->next) {
+			goto loser;
+		} 
+		/* Fix up the pointers */
+		ptr->next->previous = ptr;
+		ptr = ptr->next;
+	}
+
+	/* Fill in the data */
+	ptr->sock = sock;
+	ptr->connectionID = connectionID;
+
+	return CMTSuccess;
+loser:
+	return CMTFailure;
+}
+
+int
+CMT_DestroyDataConnection(PCMT_CONTROL control, CMTSocket sock)
+{
+    PCMT_DATA ptr, pptr = NULL;
+    int rv=CMTSuccess;
+
+    if (!control) return rv;
+
+    control->sockFuncs.close(sock);
+    for (ptr = control->cmtDataConnections; ptr != NULL;
+	 pptr = ptr, ptr = ptr->next) {
+	if (ptr->sock == sock) {
+	    if (pptr == NULL) {
+		/* node is at head */
+		control->cmtDataConnections = ptr->next;
+		if (ptr->priv != NULL)
+		    ptr->priv->dest(ptr->priv);
+		free(ptr);
+		return rv;
+	    }
+	    /* node is elsewhere */
+	    pptr->next = ptr->next;
+	    if (ptr->priv != NULL)
+	        ptr->priv->dest(ptr->priv);
+	    free(ptr);
+	    return rv;
+	}
+    }
+    return rv;
+}
+
+CMTStatus CMT_CloseDataConnection(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    /* PCMT_DATA ptr, pptr = NULL; */
+    CMTSocket sock;
+    /* int rv;*/
+
+    /* Get the socket for this connection */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Free data connection associated with this socket */
+    if (CMT_DestroyDataConnection(control, sock) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_GetDataConnectionID(PCMT_CONTROL control, CMTSocket sock, CMUint32 * connectionID)
+{
+	PCMT_DATA ptr;
+
+	for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+		if (ptr->sock == sock) {
+			*connectionID = ptr->connectionID;
+			return CMTSuccess;
+		}
+	}
+
+	return CMTFailure;
+}
+
+CMTStatus CMT_GetDataSocket(PCMT_CONTROL control, CMUint32 connectionID, CMTSocket * sock)
+{
+	PCMT_DATA ptr;
+
+	for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+		if (ptr->connectionID == connectionID) {
+			*sock = ptr->sock;
+			return CMTSuccess;
+		}
+	}
+
+	return CMTFailure;
+}
+
+
+CMTStatus CMT_SetPrivate(PCMT_CONTROL control, CMUint32 connectionID,
+			 CMTPrivate *cmtpriv)
+{
+  PCMT_DATA ptr;
+
+  for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+    if (ptr->connectionID == connectionID) {
+      ptr->priv = cmtpriv;
+      return CMTSuccess;
+    }
+  }
+  return CMTFailure;
+}
+
+CMTPrivate *CMT_GetPrivate(PCMT_CONTROL control, CMUint32 connectionID)
+{
+  PCMT_DATA ptr;
+
+  for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+    if (ptr->connectionID == connectionID) {
+      return ptr->priv;
+    }
+  }
+  return NULL;
+}
+
+void CMT_FreeItem(CMTItem *p)
+{
+  CMT_FreeMessage(p);
+}
+
+CMTItem CMT_CopyPtrToItem(void* p)
+{
+    CMTItem value = {0, NULL, 0};
+
+    if (!p) {
+        return value;
+    }
+
+    value.len = sizeof(p);
+    value.data = (unsigned char *) malloc(value.len);
+    memcpy(value.data, &p, value.len);
+
+    return value;
+}
+
+void * CMT_CopyItemToPtr(CMTItem value)
+{
+    void * p = NULL;
+
+    if (value.len == sizeof(void*)) {
+        memcpy(&p, value.data, value.len);
+    }
+
+    return p;
+}
+
+CMTStatus CMT_ReferenceControlConnection(PCMT_CONTROL control)
+{    CMT_LOCK(control->mutex);
+    control->refCount++;
+    CMT_UNLOCK(control->mutex);
+    return CMTSuccess;
+}
+
+void
+CMT_LockConnection(PCMT_CONTROL control)
+{
+    CMT_LOCK(control->mutex);
+}
+
+void
+CMT_UnlockConnection(PCMT_CONTROL control)
+{
+    CMT_UNLOCK(control->mutex);
+}

mozilla/security/psm/lib/client/cmtutils.h

@@ -0,0 +1,77 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __CMTUTILS_H__
+#define __CMTUTILS_H__
+
+#include "cmtcmn.h"
+
+#define New(type) (type*)malloc(sizeof(type))
+#define NewArray(type, size) (type*)malloc(sizeof(type)*(size))
+
+PCMT_EVENT CMT_GetEventHandler(PCMT_CONTROL control, CMUint32 type,
+                               CMUint32 resourceID);
+
+CMUint32 cmt_Strlen(char *str);
+char *cmt_PackString(char *buf, char *str);
+char *cmt_UnpackString(char *buf, char **str);
+
+CMUint32 cmt_Bloblen(CMTItem* len);
+char *cmt_PackBlob(char *buf, CMTItem * blob);
+char *cmt_UnpackBlob(char *buf, CMTItem **blob);
+
+CMTStatus CMT_SendMessage(PCMT_CONTROL control, CMTItem* message);
+CMTStatus CMT_TransmitMessage(PCMT_CONTROL control, CMTItem * message);
+CMTStatus CMT_ReceiveMessage(PCMT_CONTROL control, CMTItem * response);
+CMTStatus CMT_ReadMessageDispatchEvents(PCMT_CONTROL control, 
+					CMTItem* message);
+CMUint32 CMT_ReadThisMany(PCMT_CONTROL control, CMTSocket sock, 
+			  void * buffer, CMUint32 thisMany);
+CMUint32 CMT_WriteThisMany(PCMT_CONTROL control, CMTSocket sock, 
+			   void * buffer, CMUint32 thisMany);
+CMTItem* CMT_ConstructMessage(CMUint32 type, CMUint32 length);
+void CMT_FreeMessage(CMTItem * p);
+CMTStatus CMT_AddDataConnection(PCMT_CONTROL control, CMTSocket sock, CMUint32 connectionID);
+CMTStatus CMT_GetDataConnectionID(PCMT_CONTROL control, CMTSocket sock, CMUint32 * connectionID);
+CMTStatus CMT_GetDataSocket(PCMT_CONTROL control, CMUint32 connectionID, CMTSocket * sock);
+CMTStatus CMT_CloseDataConnection(PCMT_CONTROL control, CMUint32 connectionID);
+CMTStatus CMT_SetPrivate(PCMT_CONTROL control, CMUint32 connectionID,
+			 CMTPrivate *cmtpriv);
+CMTPrivate *CMT_GetPrivate(PCMT_CONTROL control, CMUint32 connectionID);
+void CMT_ServicePasswordRequest(PCMT_CONTROL cm_control, CMTItem * requestData);
+void CMT_ProcessEvent(PCMT_CONTROL cm_control);
+void CMT_DispatchEvent(PCMT_CONTROL cm_control, CMTItem * eventData);
+CMTItem CMT_CopyPtrToItem(void* p);
+void * CMT_CopyItemToPtr(CMTItem value);
+
+#endif /* __CMTUTILS_H__ */
+

mozilla/security/psm/lib/client/config.mk

@@ -0,0 +1,44 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+PROGRAM        =
+

mozilla/security/psm/lib/client/makefile.win

@@ -0,0 +1,130 @@
+#// 
+#// The contents of this file are subject to the Mozilla Public
+#// License Version 1.1 (the "License"); you may not use this file
+#// except in compliance with the License. You may obtain a copy of
+#// the License at http://www.mozilla.org/MPL/
+#// 
+#// Software distributed under the License is distributed on an "AS
+#// IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+#// implied. See the License for the specific language governing
+#// rights and limitations under the License.
+#// 
+#// The Original Code is the Netscape security libraries.
+#// 
+#// The Initial Developer of the Original Code is Netscape
+#// Communications Corporation.  Portions created by Netscape are 
+#// Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+#// Rights Reserved.
+#// 
+#// Contributor(s):
+#// 
+#// Alternatively, the contents of this file may be used under the
+#// terms of the GNU General Public License Version 2 or later (the
+#// "GPL"), in which case the provisions of the GPL are applicable 
+#// instead of those above.  If you wish to allow use of your 
+#// version of this file only under the terms of the GPL and not to
+#// allow others to use your version of this file under the MPL,
+#// indicate your decision by deleting the provisions above and
+#// replace them with the notice and other provisions required by
+#// the GPL.  If you do not delete the provisions above, a recipient
+#// may use your version of this file under either the MPL or the
+#// GPL.
+#// 
+IGNORE_MANIFEST=1
+#//------------------------------------------------------------------------
+#//
+#// Makefile to build the ssl library
+#//
+#//------------------------------------------------------------------------
+
+!if "$(MOZ_BITS)" == "16"
+!ifndef MOZ_DEBUG
+OPTIMIZER=-Os -UDEBUG -DNDEBUG
+!endif
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Specify the depth of the current directory relative to the
+#// root of NS
+#//
+#//------------------------------------------------------------------------
+DEPTH= ..\..\..\..
+
+!ifndef MAKE_OBJ_TYPE
+MAKE_OBJ_TYPE=EXE
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Make Variables here: (ie. PDFFILE, MAPFILE, ...)
+#//
+#//------------------------------------------------------------------------
+LIBNAME=cmt
+PDBFILE=$(LIBNAME).pdb
+
+LINCS = -I$(PUBLIC)\security \
+	-I$(PUBLIC)\nspr \
+        -I$(DEPTH)\include \
+	-I..\include
+
+!ifndef OS_CONFIG
+OS_CONFIG = WIN$(MOZ_BITS)
+!endif
+
+LCFLAGS = -DEXPORT_VERSION -DLIB_BUILD
+
+#//------------------------------------------------------------------------
+#// 
+#// Define the files necessary to build the target (ie. OBJS)
+#//
+#//------------------------------------------------------------------------
+OBJS=                         \
+    .\$(OBJDIR)\cmtinit.obj  \
+    .\$(OBJDIR)\cmtssl.obj   \
+    .\$(OBJDIR)\cmtutils.obj  \
+    .\$(OBJDIR)\cmtpkcs7.obj \
+    .\$(OBJDIR)\cmthash.obj \
+    .\$(OBJDIR)\cmtcert.obj \
+    .\$(OBJDIR)\cmtres.obj \
+    .\$(OBJDIR)\cmtjs.obj \
+    .\$(OBJDIR)\cmtevent.obj \
+    .\$(OBJDIR)\cmtpasswd.obj \
+    .\$(OBJDIR)\cmtadvisor.obj \
+    .\$(OBJDIR)\cmtrng.obj \
+	.\$(OBJDIR)\cmtsdr.obj \
+    $(NULL)
+
+EXPORTS = \
+    .\cmtcmn.h \
+    .\cmtclist.h \
+    $(NULL)
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Targets here (ie. PROGRAM, LIBRARY, DLL, ...)
+#// (these must be defined before the common makefiles are included)
+#//
+#//------------------------------------------------------------------------
+LIBRARY=.\$(OBJDIR)\$(LIBNAME).lib
+
+#//------------------------------------------------------------------------
+#//
+#// install headers
+#//
+#//------------------------------------------------------------------------
+INSTALL_DIR=$(PUBLIC)\security
+INSTALL_FILE_LIST=cmtcmn.h cmtjs.h cmtclist.h
+
+#//------------------------------------------------------------------------
+#//
+#// Include the common makefile rules
+#//
+#//------------------------------------------------------------------------
+include <$(DEPTH)/config/rules.mak>
+
+install:: $(LIBRARY)
+    $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib
+
+export:: INSTALL_FILES
+

mozilla/security/psm/lib/client/manifest.mn

@@ -0,0 +1,64 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+CORE_DEPTH = ../../..
+DEPTH = ../../..
+
+EXPORTS = \
+	cmtcmn.h \
+	cmtjs.h  \
+	cmtclist.h \
+	$(NULL)
+
+MODULE = security
+
+CSRCS = cmtinit.c  \
+	cmtssl.c   \
+	cmtutils.c \
+	cmtcert.c  \
+	cmthash.c  \
+	cmtpkcs7.c \
+	cmtres.c   \
+	cmtjs.c    \
+	cmtevent.c \
+        cmtpasswd.c \
+	cmtadvisor.c \
+	cmtrng.c \
+	cmtsdr.c \
+	$(NULL)
+
+REQUIRES = nspr security
+
+LIBRARY_NAME = cmt
+
+INCLUDES += -I$(CORE_DEPTH)/include

mozilla/security/psm/lib/client/sample/Makefile

@@ -0,0 +1,128 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+ifneq ($(OS_ARCH), WINNT)
+ifeq ($(OS_ARCH), Linux)
+# On linux, we link with libstdc++
+CPLUSPLUSRUNTIME = -L /usr/lib -lstdc++ -lm
+else
+# libC, presumably, is what we must link with elsewhere
+CPLUSPLUSRUNTIME = -lC -lm
+endif
+endif
+
+ifeq ($(OS_ARCH), SunOS)
+ifeq ($(OS_RELEASE), 5.5.1)
+OS_LIBS += -ldl -lsocket -lnsl -lthread -lposix4
+endif
+ifeq ($(OS_RELEASE), 5.6)
+OS_LIBS += -ldl -lsocket -lnsl -lthread -lposix4
+endif
+endif
+
+ifeq ($(OS_ARCH), Linux)
+ifdef USE_PTHREADS
+# Replace OS_LIBS, because the order of libpthread, libdl, and libc are
+# very important. Otherwise you get horrible crashes.
+OS_LIBS = -lpthread -ldl -lc
+endif
+endif
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+ifeq ($(OS_ARCH), WINNT)
+LDFLAGS += /NODEFAULTLIB:library
+endif
+
+EXTRA_LIBS = \
+	$(DIST)/lib/$(LIB_PREFIX)cmt.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)protocol.$(LIB_SUFFIX) \
+	$(NULL)
+
+ifeq ($(OS_ARCH), WINNT)
+EXTRA_LIBS += 	wsock32.lib \
+		winmm.lib \
+		$(NULL)
+endif
+
+link:
+	if test -f $(PROGRAM); then	\
+		echo "rm $(PROGRAM)";	\
+		rm $(PROGRAM);		\
+	fi;				\
+	gmake				\
+
+build_sample:
+ifneq ($(OS_ARCH),WINNT)
+	cd $(CORE_DEPTH)/coreconf; gmake
+endif
+	cd $(CORE_DEPTH)/security; gmake import; gmake export
+	cd ../../protocol; gmake
+	cd ..; gmake
+	gmake
+

mozilla/security/psm/lib/client/sample/appsock.c

@@ -0,0 +1,250 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "appsock.h"
+
+#ifdef XP_UNIX
+#include <netinet/tcp.h>
+#include <errno.h>
+#endif
+
+CMT_SocketFuncs socketFuncs = {
+    APP_GetSocket,
+    APP_Connect,
+    APP_VerifyUnixSocket,
+    APP_Send,
+    APP_Select,
+    APP_Receive,
+    APP_Shutdown,
+    APP_Close
+};
+
+CMTSocket APP_GetSocket(int unixSock)
+{
+    APPSocket *sock;
+    int on = 1;
+
+#ifndef XP_UNIX
+    if (unixSock) {
+        return NULL;
+    }
+#endif
+
+    sock = malloc(sizeof(APPSocket));
+    if (sock == NULL) {
+        return NULL;
+    }
+    if (unixSock) {
+        sock->sock = socket(AF_UNIX, SOCK_STREAM, 0);
+    } else {
+        sock->sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    }
+    if (sock->sock < 0) {
+        free(sock);
+        return NULL;
+    }
+    if (!unixSock && 
+        setsockopt(sock->sock, IPPROTO_TCP, TCP_NODELAY, (const char*)&on,
+                   sizeof(on))) {
+        free(sock);
+        return NULL;
+    }
+
+    sock->isUnix = unixSock;
+#ifdef XP_UNIX
+    memset (&sock->servAddr, 0, sizeof(struct sockaddr_un));
+#endif
+    return (CMTSocket)sock;
+}
+
+CMTStatus APP_Connect(CMTSocket sock, short port, char *path)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+    struct sockaddr_in iServAddr;
+    const struct sockaddr *servAddr;
+    size_t addrLen;
+    int error;
+
+    if (cmSock->isUnix){
+#ifndef XP_UNIX
+        return CMTFailure;
+#else
+        cmSock->servAddr.sun_family = AF_UNIX;
+	memcpy(&cmSock->servAddr.sun_path, path, strlen(path)+1);
+        servAddr = (const struct sockaddr*)&cmSock->servAddr;
+        addrLen = sizeof(cmSock->servAddr);
+#endif
+    } else {
+        iServAddr.sin_family = AF_INET;
+        iServAddr.sin_port = htons(port);
+        iServAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+        servAddr = (const struct sockaddr*)&iServAddr;
+        addrLen = sizeof(struct sockaddr_in);
+    }
+    while (connect(cmSock->sock, servAddr, addrLen) != 0) {
+#ifdef WIN32
+        error = WSAGetLastError();
+        if (error == WSAEISCONN) {
+            break;
+        }
+        if ((error != WSAEINPROGRESS) && (error != WSAEWOULDBLOCK) && 
+            (error!= WSAEINVAL)) {
+            goto loser;
+        }
+#else
+        error = errno;
+        if (error == EISCONN) {
+            break;
+        }
+        if (error != EINPROGRESS) {
+            goto loser;
+        }
+#endif
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus APP_VerifyUnixSocket(CMTSocket sock)
+{
+#ifndef XP_UNIX
+    return CMTFailure;
+#else
+    APPSocket *cmSock = (APPSocket*)sock;
+    int rv;
+    struct stat statbuf;
+
+    if (!cmSock->isUnix) {
+        return CMTFailure;
+    }
+    rv = stat(cmSock->servAddr.sun_path, &statbuf);
+    if (rv < 0) {
+        goto loser;
+    }
+    if (statbuf.st_uid != geteuid()) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    close(cmSock->sock);
+    free(cmSock);
+    return CMTFailure;
+#endif
+}
+
+size_t APP_Send(CMTSocket sock, void *buffer, size_t length)
+{
+    APPSocket *cmSock = (APPSocket*) sock;
+
+    return send(cmSock->sock, buffer, length, 0);
+}
+
+CMTSocket APP_Select(CMTSocket *socks, int numsocks, int poll)
+{
+    APPSocket **sockArr = (APPSocket**)socks;
+    SOCKET nsocks = 0;
+    int i, rv;
+    struct timeval timeout;
+    fd_set readfds;
+
+#ifdef WIN32
+win_startover:
+#endif
+    FD_ZERO(&readfds);
+    for (i=0; i<numsocks; i++) {
+        FD_SET(sockArr[i]->sock, &readfds);
+        if (sockArr[i]->sock > nsocks) {
+            nsocks = sockArr[i]->sock;
+        }
+    }
+    if (poll) {
+        timeout.tv_sec = 0;
+        timeout.tv_usec = 0;
+    }
+    rv = select(nsocks+1, &readfds, NULL, NULL, (poll) ? &timeout : NULL);
+
+#ifdef WIN32
+    /* XXX Win95/98 Bug (Q177346)
+     *     select() with no timeout might return even if there is no data
+     *     pending or no error has occurred.  To get around this problem,
+     *     we loop if these erroneous conditions happen.
+     */
+    if (poll == 0 && rv == 0) {
+        goto win_startover;
+    }
+#endif
+
+    /* Figure out which socket was selected */
+    if (rv == -1 || rv == 0) {
+        goto loser;
+    }
+    for (i=0; i<numsocks; i++) {
+        if (FD_ISSET(sockArr[i]->sock, &readfds)) {
+            return (CMTSocket)sockArr[i];
+        }
+    }
+ loser:
+    return NULL;
+}
+
+size_t APP_Receive(CMTSocket sock, void *buffer, size_t bufSize)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+
+    return recv(cmSock->sock, buffer, bufSize, 0);
+}
+
+CMTStatus APP_Shutdown(CMTSocket sock)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+    int rv;
+
+    rv = shutdown(cmSock->sock, 1);
+    return (rv == 0) ? CMTSuccess : CMTFailure;
+}
+
+CMTStatus APP_Close(CMTSocket sock)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+    int rv;
+
+#ifdef XP_UNIX
+    rv = close(cmSock->sock);
+#else
+    rv = closesocket(cmSock->sock);
+#endif
+    free(cmSock);
+    return (rv == 0) ? CMTSuccess : CMTFailure;
+}

mozilla/security/psm/lib/client/sample/appsock.h

@@ -0,0 +1,69 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef _APPSOCK_H_
+#define _APPSOCK_H_
+#include "cmtcmn.h"
+
+#ifdef XP_UNIX
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+
+typedef int SOCKET;
+#endif
+
+typedef struct APPSocketStr {
+    SOCKET sock;
+    int    isUnix;
+#ifdef XP_UNIX
+    struct sockaddr_un servAddr;
+#endif 
+} APPSocket; 
+
+extern CMT_SocketFuncs socketFuncs;
+
+CMTStatus APP_Close(CMTSocket sock);
+CMTStatus APP_Shutdown(CMTSocket sock);
+size_t APP_Receive(CMTSocket sock, void *buffer, size_t bufSize);
+CMTSocket APP_Select(CMTSocket *socks, int numsocks, int poll);
+size_t APP_Send(CMTSocket sock, void *buffer, size_t length);
+CMTStatus APP_VerifyUnixSocket(CMTSocket sock);
+CMTStatus APP_Connect(CMTSocket sock, short port, char *path);
+CMTSocket APP_GetSocket(int unixSock);
+
+
+#endif /* _APPSOCK_H_ */

mozilla/security/psm/lib/client/sample/config.mk

@@ -0,0 +1,44 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(PROGRAM)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+LIBRARY        =
+

mozilla/security/psm/lib/client/sample/manifest.mn

@@ -0,0 +1,52 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+CORE_DEPTH = ../../../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE	= cmtsample
+
+EXPORTS = \
+	$(NULL)
+
+CSRCS = \
+	sample.c \
+	appsock.c \
+	$(NULL)
+INCLUDES += -I../../protocol -I..
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = security
+
+PROGRAM  = cmtsample
+

mozilla/security/psm/lib/client/sample/sample.c

@@ -0,0 +1,351 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "cmtjs.h"
+#include "appsock.h"
+#include <stdarg.h>
+#include <string.h>
+
+#ifdef XP_UNIX
+#include <netdb.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#endif
+
+#ifdef WIN32
+#include <direct.h>
+#endif
+
+/*
+ * This is a simple program that tries to detect if the psm server is loaded.
+ * If the server is not loaded, it will start it.  The program will then 
+ * connect to the server and fetch an HTML page from an SSL server.
+ *
+ * NOTE: This sample program does not implement a mutex for the libraries.
+ * If implementing a threaded application, then pass in a mutex structure
+ * so that connections to the psm server happen in a thread safe manner.
+ */
+
+#define NUM_CONNECT_TRIES 10
+#define READ_BUFFER_SIZE  1024
+void
+usage(void)
+{
+    printf("Usage:\n"
+           "\tcmtsample <secure site>\n\n"
+           "This program will then echo the retrieved HTML to the screen\n");
+}
+
+void
+errorMessage(int err,char *msg, ...)
+{
+    va_list args;
+    
+    va_start(args, msg);
+    fprintf (stderr, "cmtSample%s: ", (err) ? " error" : "");
+    vfprintf (stderr, msg, args);
+    fprintf (stderr, "\n");
+    va_end(args);
+    if (err) {
+        exit (err);
+    }
+}
+
+#ifdef XP_UNIX
+#define FILE_PATH_SEPARATOR '/'
+#elif defined (WIN32)
+#define FILE_PATH_SEPARATOR '\\'
+#else
+#error Tell me what the file path separator is.
+#endif
+
+PCMT_CONTROL
+connect_to_psm(void)
+{
+    PCMT_CONTROL control=NULL;
+    char path[256], *tmp;
+
+#ifdef XP_UNIX
+    if (getcwd(path,256) == NULL) {
+      return NULL;
+    }
+#elif defined(WIN32)
+    if (_getcwd(path,256) == NULL) {
+      return NULL;
+    }
+#else
+#error Teach me how to get the current working directory.
+#endif
+    tmp = &path[strlen(path)];
+    sprintf(tmp,"%c%s", FILE_PATH_SEPARATOR, "psm");
+    return CMT_EstablishControlConnection(path, &socketFuncs, NULL);
+}
+
+#define HTTPS_STRING "https://"
+
+char*
+extract_host_from_url(char *url)
+{
+    char *start, *end, *retString=NULL;
+
+    while(isspace(*url)) {
+        url++;
+    }
+    url = strdup(url);
+    start = strstr(url, HTTPS_STRING);
+    if (start == NULL) {
+        return NULL;
+    }
+    start += strlen(HTTPS_STRING);
+    /*
+     * Figure out the end of the host name.
+     */
+    end = strchr(start, ':');
+    if (end != NULL) {
+        *end = '\0';
+    } else {
+        end = strchr(start, '/');
+        if (end != NULL) {
+            *end = '\0';
+        } else {
+            end = strchr(start, ' ');
+            if (end != NULL) {
+                *end = '\0';
+            }
+        }
+    }
+    retString = strdup(start);
+    return retString;
+}
+
+CMUint32
+get_port_from_url(char *url)
+{
+    char *colon, *port;
+
+    url = strdup(url);
+    colon = strrchr(url, ':');
+    if (colon == NULL ||
+        !isdigit(colon[1])) {
+        /* Return the default SSL port. */
+        free(url);
+        return 443;
+    }
+    colon++;
+    port = colon;
+    while(isdigit(*colon))
+        colon++;
+    colon[1] = '\0';
+    free(url);
+    return (CMUint32)atol(port);
+}
+
+char*
+extract_get_target(char *url)
+{
+    char *slash;
+
+    slash = strstr(url, "//");
+    slash += 2;
+    slash = strchr(slash, '/');
+    if (slash != NULL)
+        return strdup (slash);
+    else 
+        return strdup ("/");
+}
+
+/*
+ * We'll use this function for prompting for a password.
+ */
+char*
+passwordCallback(void *arg, char *prompt, void *cotext, int isPaswd)
+{
+    char input[256];
+    
+    printf(prompt);
+    fgets(input, 256, stdin);
+
+    return strdup(input);
+}
+
+void
+freeCallback(char *userInput)
+{
+  free (userInput);
+}
+
+#define NUM_PREFS 2
+
+int 
+main(int argc, char **argv)
+{
+  PCMT_CONTROL control;
+    CMTSocket sock, selSock;
+    char *hostname;
+    struct hostent *host;
+    char *ipAddress;
+    char buffer[READ_BUFFER_SIZE];
+    size_t bytesRead;
+    struct sockaddr_in destAddr;
+    char *getString;
+    char requestString[256];
+    char *profile;
+    CMTSetPrefElement prefs[NUM_PREFS];
+    char profileDir[256];
+
+#ifdef WIN32
+    WORD WSAVersion = 0x0101;
+    WSADATA WSAData;
+
+    WSAStartup (WSAVersion, &WSAData);
+#endif
+
+    if (argc < 2) {
+        usage();
+        return 1;
+    }
+    errorMessage (0,"cmtsample v1.0");
+    errorMessage (0,"Will try connecting to site %s", argv[1]);
+    if (strstr(argv[1], "https://") == NULL) {
+        errorMessage(2,"%s is not a secure site", argv[1]);
+    }
+    control = connect_to_psm();
+    if (control == NULL) {
+        errorMessage(3, "Could not connect to the psm server");
+    }
+    /* 
+     * Now we have to send the hello message.
+     */
+
+#ifdef WIN32
+    profile = strdup("default");
+    sprintf(profileDir,"%s", "c:\\default");
+#elif defined (XP_UNIX)
+    if (argc > 2) {
+        sprintf(profileDir,"%s", argv[2]);
+    } else {
+        profile = getenv("LOGNAME");
+        sprintf(profileDir, "%s/.netscape", getenv("HOME"));
+    }
+#else
+#error Teach me how to fill in the user profile.
+#endif
+    errorMessage(0,"Using directory <%s> for dbs.\n", profileDir);
+    if (CMT_Hello(control, PROTOCOL_VERSION,
+		  profile, profileDir) != CMTSuccess)
+    {
+        errorMessage(10, "Failed to send the Hello Message.");
+    }
+    CMT_SetPromptCallback(control, passwordCallback, NULL);
+    CMT_SetAppFreeCallback(control, freeCallback);
+    /*
+     * Now pass along some preferences to psm.  We'll pass hard coded
+     * ones here, but apps should figure out a way to manage their user's
+     * preferences.
+     */
+    prefs[0].key   = "security.enable_ssl2";
+    prefs[0].value = "true";
+    prefs[0].type  = CMT_PREF_BOOL;
+    prefs[1].key   = "security.enable_ssl3";
+    prefs[1].value = "true";
+    prefs[1].type  = CMT_PREF_BOOL;
+    CMT_PassAllPrefs(control, NUM_PREFS, prefs);
+    hostname = extract_host_from_url(argv[1]);
+    host = gethostbyname(hostname);
+    if (host == NULL) {
+        errorMessage(11, "gethostbyname for %s failed", hostname);
+    }
+    if (host->h_length != 4) {
+        errorMessage(4, "Site %s uses IV v6 socket.  Not supported by psm.");
+    }
+    
+    /* Create the socket we will use to get the decrypted data back from
+     * the psm server.
+     */
+    sock = APP_GetSocket(0);
+    if (sock == NULL) {
+        errorMessage(5, "Could not create new socket for communication with "
+                        "the psm server.");
+    }
+    memcpy(&(destAddr.sin_addr.s_addr), host->h_addr, host->h_length);
+    ipAddress = inet_ntoa(destAddr.sin_addr);
+    errorMessage(0, "Mapped %s to the following IP address: %s", argv[1],
+                 ipAddress);
+
+    if (CMT_OpenSSLConnection(control, sock, SSM_REQUEST_SSL_DATA_SSL,
+                              get_port_from_url(argv[1]), ipAddress, 
+                              hostname, CM_FALSE, NULL) != CMTSuccess) {
+        errorMessage(6, "Could not open SSL connection to %s.", argv[1]);
+    }
+
+    getString = extract_get_target(argv[1]);
+    sprintf(requestString, 
+            "GET %s HTTP/1.0\r\n"
+            "\r\n", getString, hostname);
+    APP_Send(sock, requestString, strlen(requestString));
+    /*
+     * Now all we have to do is sit here and fetch the data from the
+     * socket.
+     */
+    errorMessage (0, "About to print out the fetched page.");
+    while ((selSock=APP_Select(&sock, 1, 0)) != NULL) {
+        if (selSock == sock) {
+            bytesRead = APP_Receive(sock, buffer, READ_BUFFER_SIZE-1);
+            if (bytesRead == -1 || bytesRead == 0) {
+                break;
+            }
+            buffer[bytesRead] = '\0';
+            fprintf(stderr, buffer);
+        }
+    }
+    fprintf(stderr,"\n");
+    if (bytesRead == -1) {
+        errorMessage(7, "Error receiving decrypted data from psm.");
+    }
+    errorMessage(0, "Successfully read the entire page.");
+    if (CMT_DestroyDataConnection(control, sock) != CMTSuccess) {
+        errorMessage(8, "Error destroygin the SSL data connection "
+                     "with the psm server.");
+    }
+    if (CMT_CloseControlConnection(control) != CMTSuccess) {
+        errorMessage(9, "Error closing the control connection.");
+    }
+    return 0;
+}
+
+
+
+

mozilla/security/psm/lib/client/test.c

@@ -0,0 +1,99 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmt.h"
+
+CMTStatus myCallback(CMTControl * control, CMTItem * event, void * arg);
+
+int main(int argc, char ** argv)
+{
+  CMTItem * msg, * event = NULL;
+  CMTStatus status;
+  int socket, datasocket;
+  int sent;
+  CMTControl * connect;
+  char * buffer = "some weird text that I feel like passing to server";
+  
+  connect = CMT_ControlConnect(myCallback, event);
+  
+  msg = CMT_ConstructMessage(10);
+
+  msg->type = (int)CMTClientMessage;
+  sprintf((char *)msg->data, "first msg!");
+
+  status = CMT_SendMessage(connect, msg, event);
+  if (status != SECSuccess)
+    perror("CMT_SendMessage");
+  
+  CMT_FreeEvent(event);
+  event = NULL;
+
+  sprintf((char *)msg->data, "second msg");
+  status = CMT_SendMessage(connect, msg, event);
+  if (status != SECSuccess)
+    perror("CMT_SendMessage");
+
+  datasocket = CMT_DataConnect(connect, NULL);
+  if (datasocket < 0) 
+    perror("CMT_DataConnect");
+  
+  sent = write(datasocket, (void *)buffer, strlen(buffer));
+  sent = write(datasocket, (void *)buffer, strlen(buffer));
+
+  close(datasocket);
+  
+  msg->type = (int)CMTClientMessage;
+  sprintf((char *)msg->data, "third msg!");
+  status = CMT_SendMessage(connect, msg, event);
+  if (status != SECSuccess)
+    perror("CMT_SendMessage"); 
+  
+  status = CMT_CloseControlConnection(connect);
+  if (status != SECSuccess)
+    perror("CMT_CloseControl");
+  
+  CMT_FreeMessage(msg);
+  CMT_FreeEvent(event);
+}
+
+CMTStatus myCallback(CMTControl * control, CMTItem * event, void * arg)
+{
+  if (event) 
+    printf("Event received is : type %d, data %s\n", event->type, event->data);
+  else printf("No event!\n");
+  if (arg) 
+    printf("Arg is %s\n", (char *)arg);
+  else printf("No arg!\n");
+
+
+  return SECSuccess;
+}

mozilla/security/psm/lib/macbuild/PSMPrefix.h

@@ -0,0 +1,3 @@
+
+
+#include "MacPrefix.h"

mozilla/security/psm/lib/macbuild/PSMPrefix_debug.h

@@ -0,0 +1,2 @@
+
+#include "MacPrefix_debug.h"

mozilla/security/psm/lib/makefile.win

@@ -0,0 +1,27 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..
+include <$(DEPTH)/config/config.mak>
+
+DIRS = client protocol
+
+include <$(DEPTH)\config\rules.mak>

mozilla/security/psm/lib/manifest.mn

@@ -0,0 +1,43 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+#
+
+CORE_DEPTH = ../..
+DEPTH      = ../..
+
+DIRS = protocol client
+
+#
+# these dirs are not built at the moment
+#
+#NOBUILD_DIRS = jar

mozilla/security/psm/lib/nlslayer/Makefile.in

@@ -0,0 +1,56 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+LIBRARY_NAME = nlslayer
+MODULE = security
+
+EXPORTS = \
+	nlslayer.h \
+	$(NULL)
+
+CPPSRCS  = nlslayer.cpp \
+	 $(NULL)
+
+override NO_SHARED_LIB=1
+override NO_STATIC_LIB=
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/security/psm/lib/nlslayer/macbuild/nlslayerPrefix.h

@@ -0,0 +1,3 @@
+
+
+#include "MacPrefix.h"

mozilla/security/psm/lib/nlslayer/macbuild/nlslayerPrefix_debug.h

@@ -0,0 +1,2 @@
+
+#include "MacPrefix_debug.h"

mozilla/security/psm/lib/nlslayer/makefile.win

@@ -0,0 +1,45 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..\..
+
+include <$(DEPTH)\config\config.mak>
+
+LIBRARY_NAME=nlslayer
+
+CPPSRCS =				\
+	nlslayer.cpp		\
+	$(NULL)
+
+CPP_OBJS =					\
+	.\$(OBJDIR)\nlslayer.obj		\
+	$(NULL)
+
+MODULE=security
+
+LIBRARY_NAME = nlslayer
+LIBRARY=.\$(OBJDIR)\$(DLLNAME).dll
+
+include <$(DEPTH)\config\rules.mak>
+
+install:: $(LIBRARY)
+        $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib
+clobber::

mozilla/security/psm/lib/nlslayer/nlslayer.cpp

@@ -0,0 +1,323 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#include "nspr.h"
+#include "nscore.h"
+#include "nsString.h"
+#include "nsIServiceManager.h"
+#include "nsIStringBundle.h"
+#include "nsIDateTimeFormat.h"
+#include "nsDateTimeFormatCID.h"
+#include "nsICharsetConverterManager.h"
+#include "nsILocalFile.h"
+#include "nsIDirectoryService.h"
+#include "nsDirectoryServiceDefs.h"
+
+extern "C" {
+#include "nlslayer.h"
+}
+
+static NS_DEFINE_IID(kStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
+static NS_DEFINE_IID(kIStringBundleServiceIID, NS_ISTRINGBUNDLESERVICE_IID);
+static NS_DEFINE_CID(kDateTimeCID, NS_DATETIMEFORMAT_CID);
+static NS_DEFINE_CID(kCharsetConverterManagerCID, NS_ICHARSETCONVERTERMANAGER_CID);
+
+static nsIUnicodeEncoder *encoderASCII = nsnull;
+
+#define TEXT_BUNDLE	    "resource:/psmdata/ui/psm_text.properties"
+#define UI_BUNDLE		"resource:/psmdata/ui/psm_ui.properties"
+#define BIN_BUNDLE		"resource:/psmdata/ui/psm_bin.properties"
+#define DOC_BUNDLE		"resource:/psmdata/ui/psm_doc.properties"
+
+extern "C" {
+static nsIStringBundle* nlsCreateBundle(char* bundleURL);
+static char* nlsGetUTF8StringFromBundle(nsIStringBundle *bundle, const char *name);
+static nsIStringBundle * bundles[4] = {NULL, NULL, NULL, NULL};
+}
+
+
+extern "C" PRBool nlsInit()
+{
+	nsICharsetConverterManager *ccm = nsnull;
+	nsAutoString charsetUTF8 = NS_ConvertASCIItoUCS2("UTF-8");
+	nsAutoString charsetASCII = NS_ConvertASCIItoUCS2("ISO-8859-1");
+	PRBool ret = PR_FALSE;
+	nsresult res;
+
+#if !defined(XP_MAC)
+	res = NS_InitXPCOM(NULL, NULL);
+	NS_ASSERTION( NS_SUCCEEDED(res), "NS_InitXPCOM failed" );
+#endif
+
+	// Create the bundles
+	bundles[0] = nlsCreateBundle(TEXT_BUNDLE);
+	bundles[1] = nlsCreateBundle(UI_BUNDLE);
+	bundles[2] = nlsCreateBundle(BIN_BUNDLE);
+	bundles[3] = nlsCreateBundle(DOC_BUNDLE);
+
+	// Create a unicode encoder and decoder
+	res = nsServiceManager::GetService(kCharsetConverterManagerCID,
+										NS_GET_IID(nsICharsetConverterManager),
+										(nsISupports**)&ccm);
+
+	if (NS_FAILED(res) || (nsnull == ccm)) {
+		goto loser;
+	}
+
+	res = ccm->GetUnicodeEncoder(&charsetASCII, &encoderASCII);
+	if (NS_FAILED(res) || (nsnull == encoderASCII)) {
+		goto loser;
+	}
+
+	ret = PR_TRUE;
+	goto done;
+loser:
+	NS_IF_RELEASE(bundles[0]);
+	NS_IF_RELEASE(bundles[1]);
+	NS_IF_RELEASE(bundles[2]);
+	NS_IF_RELEASE(bundles[3]);
+	NS_IF_RELEASE(encoderASCII);
+done:
+	return ret;
+}
+
+extern "C" nsIStringBundle* nlsCreateBundle(char* bundleURL)
+{
+	nsresult ret;
+	nsIStringBundleService *service = nsnull;
+	nsIStringBundle* bundle = nsnull;
+	nsILocale *locale = nsnull;
+
+	// Get the string bundle service
+	ret = nsServiceManager::GetService(kStringBundleServiceCID,
+										kIStringBundleServiceIID,
+										(nsISupports**)&service);
+	if (NS_FAILED(ret)) {
+		return NULL;
+	}
+
+	// Create the bundle
+	ret = service->CreateBundle(bundleURL, locale, &bundle);
+	if (NS_FAILED(ret)) {
+		return NULL;
+	}
+
+	NS_IF_RELEASE(service);
+
+	return bundle;
+}
+
+extern "C" char* nlsGetUTF8StringFromBundle(nsIStringBundle *bundle, const char *name)
+{
+	nsresult ret;
+
+	nsString key = NS_ConvertASCIItoUCS2(name);
+	nsString value;
+	PRUnichar * p = NULL;
+	ret = bundle->GetStringFromName(key.GetUnicode(), &p);
+	if (NS_FAILED(ret)) {
+		return NULL;
+	}
+	value = p;
+
+	// XXX This is a hack to get cr and lf chars in string. 
+	// See bug# 21418
+	value.ReplaceSubstring(NS_ConvertASCIItoUCS2("<psm:cr>"), NS_ConvertASCIItoUCS2("\r"));
+	value.ReplaceSubstring(NS_ConvertASCIItoUCS2("<psm:lf>"), NS_ConvertASCIItoUCS2("\n"));
+	return value.ToNewUTF8String();
+}
+
+extern "C" char* nlsGetUTF8String(const char *name)
+{
+	int i;
+	char *value = NULL;
+
+	for (i=0;i<4;i++) {
+		value = nlsGetUTF8StringFromBundle(bundles[i], name);
+		if (value) {
+			break;
+		}
+	}
+	return value;
+}
+
+extern "C" void * nlsNewDateFormat()
+{
+	nsIComponentManager *comMgr;
+	nsIDateTimeFormat *dateTimeFormat = nsnull;
+	nsresult rv;
+
+	rv = NS_GetGlobalComponentManager(&comMgr);
+	if (NS_FAILED(rv)) {
+		return NULL;
+	}
+	rv = comMgr->CreateInstance(kDateTimeCID, nsnull, NS_GET_IID(nsIDateTimeFormat), (void**)&dateTimeFormat);
+	if (NS_FAILED(rv)) {
+		return NULL;
+	}
+	return dateTimeFormat;
+}
+
+extern "C" void nlsFreeDateFormat(void * p)
+{
+	nsIDateTimeFormat *dateTimeFormat = (nsIDateTimeFormat*)p;
+
+	NS_IF_RELEASE(dateTimeFormat);
+}
+
+extern "C" char * nslPRTimeToUTF8String(void* p, PRInt64 t)
+{
+	nsIDateTimeFormat *dateTimeFormat = (nsIDateTimeFormat*)p;
+	nsString dateTime;
+	nsresult rv;
+
+	rv = dateTimeFormat->FormatPRTime(nsnull, kDateFormatShort, kTimeFormatNoSeconds, PRTime(t), dateTime);
+	if (NS_FAILED(rv)) {
+		return nsnull;
+	}
+
+	return dateTime.ToNewUTF8String();
+}
+
+extern "C" PRBool nlsUnicodeToUTF8(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen)
+{
+	char *utf8;
+	PRBool ret = PR_TRUE;
+	
+	utf8 = NS_ConvertUCS2toUTF8((PRUnichar*)inBuf, inBufBytes/2);
+	*outBufLen = PL_strlen(utf8);
+	if (*outBufLen+1 > maxOutBufLen) {
+		ret = PR_FALSE;
+		goto loser;
+	}
+	memcpy(outBuf, utf8, *outBufLen+1);
+	
+loser:
+	return ret;
+}
+
+extern "C" PRBool nlsUTF8ToUnicode(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen)
+{
+	PRBool ret = PR_TRUE;
+	nsAutoString autoString = NS_ConvertUTF8toUCS2((const char*)inBuf);
+	const PRUnichar *buffer;
+	PRUint32 bufLen;
+	unsigned int newLen;
+	
+	buffer = autoString.GetUnicode();
+	bufLen = autoString.Length();
+	newLen = (bufLen+1)*2;
+	if (newLen > maxOutBufLen) {
+		ret = PR_FALSE;
+		goto loser;
+	}
+	memcpy(outBuf, (char*)buffer, newLen);
+	*outBufLen = newLen;
+loser:
+	return ret;
+}
+
+extern "C" PRBool nlsUnicodeToASCII(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen)
+{
+	PRBool ret = PR_FALSE;
+	nsIUnicodeEncoder *enc = encoderASCII;
+	PRInt32 dstLength;
+	nsresult res;
+
+	res = enc->GetMaxLength((const PRUnichar *)inBuf, inBufBytes, &dstLength);
+	if (NS_FAILED(res) || (dstLength > maxOutBufLen)) {
+		goto loser;
+	}
+
+	res = enc->Convert((const PRUnichar *)inBuf, (PRInt32*)&inBufBytes, (char*)outBuf, &dstLength);
+	if (NS_FAILED(res)) {
+		goto loser;
+	}
+
+	outBuf[dstLength] = '\0';
+	*outBufLen = dstLength;
+	ret = PR_TRUE;
+loser:
+	return ret;
+}
+
+extern "C" PRBool nlsASCIIToUnicode(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen)
+{
+	nsAutoString autoString = NS_ConvertASCIItoUCS2((const char*)inBuf);
+	PRUint32 bufLen;
+	const PRUnichar *buffer;
+	PRBool ret = PR_TRUE;
+	unsigned int newLen;
+	
+	bufLen = autoString.Length();
+	buffer = autoString.GetUnicode();
+	newLen = (bufLen+1)*2;
+	if (newLen > maxOutBufLen) {
+		ret = PR_FALSE;
+		goto loser;
+	}
+	memcpy(outBuf, buffer, newLen);
+	*outBufLen = newLen;
+loser:
+	return ret;
+}
+
+extern "C" char *xpcomGetProcessDir(void)
+{
+    nsresult rv;
+    char *retVal = NULL;
+    
+    nsCOMPtr<nsILocalFile> mozFile;
+
+	NS_WITH_SERVICE(nsIProperties, directoryService, NS_DIRECTORY_SERVICE_CONTRACTID, &rv);									
+    if (NS_FAILED(rv)) {
+        return NULL;
+    }    
+    										
+     directoryService->Get( NS_XPCOM_CURRENT_PROCESS_DIR,
+                            NS_GET_IID(nsIFile), 
+                            getter_AddRefs(mozFile));
+    if (mozFile) {
+        mozFile->GetPath(&retVal);
+    }
+    return retVal;
+}
+

mozilla/security/psm/lib/nlslayer/nlslayer.h

@@ -0,0 +1,58 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#ifndef _NLSLAYER_H_
+#define _NLSLAYER_H_
+
+PRBool nlsInit();
+char* nlsGetUTF8String(const char *name);
+void * nlsNewDateFormat();
+void nlsFreeDateFormat(void * p);
+char * nslPRTimeToUTF8String(void* p, PRInt64 t);
+PRBool nlsUnicodeToUTF8(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen);
+PRBool nlsUTF8ToUnicode(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen);
+PRBool nlsUnicodeToASCII(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen);
+PRBool nlsASCIIToUnicode(unsigned char * inBuf, unsigned int inBufBytes,
+							unsigned char * outBuf, unsigned int maxOutBufLen,
+							unsigned int * outBufLen);							
+char *xpcomGetProcessDir(void);
+
+
+#endif /* _NLSLAYER_H_ */
+

mozilla/security/psm/lib/protocol/MANIFEST

@@ -0,0 +1,3 @@
+obscure.h
+rsrcids.h
+ssmdefs.h

mozilla/security/psm/lib/protocol/Makefile

@@ -0,0 +1,74 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include config.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+

mozilla/security/psm/lib/protocol/Makefile.in

@@ -0,0 +1,70 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+LIBRARY_NAME = protocol
+MODULE = security
+
+EXPORTS = \
+	protocol.h \
+	protocolf.h \
+	protocolport.h \
+	protocolnspr20.h \
+	protocolshr.h \
+	ssmdefs.h \
+	rsrcids.h \
+	messages.h \
+	newproto.h \
+	$(NULL)
+
+
+CSRCS  = newproto.c \
+	 templates.c \
+	 protocolshr.c \
+	 $(NULL)
+
+ifeq ($(OS_ARCH),OS2)
+# we don't want the shared lib, but we want to force the creation of a static lib.
+override NO_SHARED_LIB=1
+override NO_STATIC_LIB=
+endif
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/security/psm/lib/protocol/config.mk

@@ -0,0 +1,44 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+PROGRAM        =
+

mozilla/security/psm/lib/protocol/makefile.win

@@ -0,0 +1,128 @@
+#// 
+#// The contents of this file are subject to the Mozilla Public
+#// License Version 1.1 (the "License"); you may not use this file
+#// except in compliance with the License. You may obtain a copy of
+#// the License at http://www.mozilla.org/MPL/
+#// 
+#// Software distributed under the License is distributed on an "AS
+#// IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+#// implied. See the License for the specific language governing
+#// rights and limitations under the License.
+#// 
+#// The Original Code is the Netscape security libraries.
+#// 
+#// The Initial Developer of the Original Code is Netscape
+#// Communications Corporation.  Portions created by Netscape are 
+#// Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+#// Rights Reserved.
+#// 
+#// Contributor(s):
+#// 
+#// Alternatively, the contents of this file may be used under the
+#// terms of the GNU General Public License Version 2 or later (the
+#// "GPL"), in which case the provisions of the GPL are applicable 
+#// instead of those above.  If you wish to allow use of your 
+#// version of this file only under the terms of the GPL and not to
+#// allow others to use your version of this file under the MPL,
+#// indicate your decision by deleting the provisions above and
+#// replace them with the notice and other provisions required by
+#// the GPL.  If you do not delete the provisions above, a recipient
+#// may use your version of this file under either the MPL or the
+#// GPL.
+#// 
+IGNORE_MANIFEST=1
+#//------------------------------------------------------------------------
+#//
+#// Makefile to build the ssl library
+#//
+#//------------------------------------------------------------------------
+
+!if "$(MOZ_BITS)" == "16"
+!ifndef MOZ_DEBUG
+OPTIMIZER=-Os -UDEBUG -DNDEBUG
+!endif
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Specify the depth of the current directory relative to the
+#// root of NS
+#//
+#//------------------------------------------------------------------------
+DEPTH= ..\..\..\..
+
+!ifndef MAKE_OBJ_TYPE
+MAKE_OBJ_TYPE=EXE
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Make Variables here: (ie. PDFFILE, MAPFILE, ...)
+#//
+#//------------------------------------------------------------------------
+LIBNAME=protocol
+PDBFILE=$(LIBNAME).pdb
+
+LINCS = -I$(PUBLIC)\security \
+	-I$(PUBLIC)\nspr \
+        -I$(DEPTH)\include \
+	-I..\include
+
+!ifndef OS_CONFIG
+OS_CONFIG = WIN$(MOZ_BITS)
+!endif
+
+LCFLAGS = -DEXPORT_VERSION -DLIB_BUILD
+
+#//------------------------------------------------------------------------
+#// 
+#// Define the files necessary to build the target (ie. OBJS)
+#//
+#//------------------------------------------------------------------------
+OBJS=                         \
+    .\$(OBJDIR)\newproto.obj  \
+    .\$(OBJDIR)\templates.obj \
+    .\$(OBJDIR)\protocolshr.obj \
+    $(NULL)
+
+EXPORTS = \
+    .\ssmdefs.h \
+    $(NULL)
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Targets here (ie. PROGRAM, LIBRARY, DLL, ...)
+#// (these must be defined before the common makefiles are included)
+#//
+#//------------------------------------------------------------------------
+LIBRARY=.\$(OBJDIR)\$(LIBNAME).lib
+
+#//------------------------------------------------------------------------
+#//
+#// install headers
+#//
+#//------------------------------------------------------------------------
+INSTALL_DIR=$(PUBLIC)\security
+INSTALL_FILE_LIST= protocol.h \
+   protocolf.h \
+   protocolport.h \
+   protocolnspr20.h \
+   protocolshr.h \
+   ssmdefs.h \
+   rsrcids.h \
+   messages.h \
+   newproto.h \
+   $(NULL)
+
+#//------------------------------------------------------------------------
+#//
+#// Include the common makefile rules
+#//
+#//------------------------------------------------------------------------
+include <$(DEPTH)/config/rules.mak>
+
+install:: $(LIBRARY)
+    $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib
+
+export:: INSTALL_FILES
+

mozilla/security/psm/lib/protocol/manifest.mn

@@ -0,0 +1,65 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+CORE_DEPTH = ../../..
+
+EXPORTS = \
+	protocol.h \
+	protocolf.h \
+	protocolport.h \
+	protocolnspr20.h \
+	protocolshr.h \
+	ssmdefs.h \
+	rsrcids.h \
+	messages.h \
+	newproto.h \
+	$(NULL)
+
+MODULE = security
+CSRCS  = newproto.c \
+	 protocolshr.c \
+	 templates.c \
+	 $(NULL)
+
+ifeq ($(subst /,_,$(shell uname -s)),OS2)
+	CSRCS += os2_rand.c
+endif
+
+#	mac_rand.c
+#	unix_rand.c
+#	win_rand.c
+#	prelib.c
+
+REQUIRES = security dbm nspr
+
+LIBRARY_NAME = protocol

mozilla/security/psm/lib/protocol/messages.h

@@ -0,0 +1,620 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __MESSAGES_H__
+#define __MESSAGES_H__
+
+#include "newproto.h"
+
+typedef struct SingleNumMessage {
+  CMInt32 value;
+} SingleNumMessage;
+
+extern CMTMessageTemplate SingleNumMessageTemplate[];
+
+typedef struct SingleStringMessage {
+  char *string;
+} SingleStringMessage;
+
+extern CMTMessageTemplate SingleStringMessageTemplate[];
+
+typedef struct SingleItemMessage {
+  CMTItem item;
+} SingleItemMessage;
+
+extern CMTMessageTemplate SingleItemMessageTemplate[];
+
+typedef struct HelloRequest {
+  CMInt32 version;
+  CMInt32 policy;
+  CMBool doesUI;
+  char *profile;
+  char* profileDir;
+} HelloRequest;
+
+extern CMTMessageTemplate HelloRequestTemplate[];
+
+typedef struct HelloReply {
+  CMInt32 result;
+  CMInt32 sessionID;
+  CMInt32 version;
+  CMInt32 httpPort;
+  CMInt32 policy;
+  CMTItem nonce;
+  char *stringVersion;
+} HelloReply;
+
+extern CMTMessageTemplate HelloReplyTemplate[];
+
+typedef struct SSLDataConnectionRequest {
+  CMInt32 flags;
+  CMInt32 port;
+  char *hostIP;
+  char *hostName;
+  CMBool forceHandshake;
+  CMTItem clientContext;
+} SSLDataConnectionRequest;
+
+extern CMTMessageTemplate SSLDataConnectionRequestTemplate[];
+
+typedef struct TLSDataConnectionRequest {
+    CMInt32 port;
+    char* hostIP;
+    char* hostName;
+} TLSDataConnectionRequest;
+
+extern CMTMessageTemplate TLSDataConnectionRequestTemplate[];
+
+typedef struct TLSStepUpRequest {
+    CMUint32 connID;
+    CMTItem clientContext;
+} TLSStepUpRequest;
+
+extern CMTMessageTemplate TLSStepUpRequestTemplate[];
+
+typedef struct ProxyStepUpRequest {
+    CMUint32 connID;
+    CMTItem clientContext;
+    char* url;
+} ProxyStepUpRequest;
+
+extern CMTMessageTemplate ProxyStepUpRequestTemplate[];
+
+typedef struct PKCS7DataConnectionRequest {
+    CMUint32 resID;
+    CMTItem clientContext;
+} PKCS7DataConnectionRequest;
+
+extern CMTMessageTemplate PKCS7DataConnectionRequestTemplate[];
+
+typedef struct DataConnectionReply {
+  CMInt32 result;
+  CMInt32 connID;
+  CMInt32 port;
+} DataConnectionReply;
+
+extern CMTMessageTemplate DataConnectionReplyTemplate[];
+
+typedef struct UIEvent {
+  CMInt32 resourceID;
+  CMInt32 width;
+  CMInt32 height;
+  CMBool isModal;
+  char *url;
+  CMTItem clientContext;
+} UIEvent;
+
+extern CMTMessageTemplate UIEventTemplate[];
+extern CMTMessageTemplate OldUIEventTemplate[];
+
+typedef struct TaskCompletedEvent {
+  CMInt32 resourceID;
+  CMInt32 numTasks;
+  CMInt32 result;
+} TaskCompletedEvent;
+
+extern CMTMessageTemplate TaskCompletedEventTemplate[];
+
+typedef struct VerifyDetachedSigRequest {
+  CMInt32 pkcs7ContentID;
+  CMInt32 certUsage;
+  CMInt32 hashAlgID;
+  CMBool keepCert;
+  CMTItem hash;
+} VerifyDetachedSigRequest;
+
+extern CMTMessageTemplate VerifyDetachedSigRequestTemplate[];
+
+typedef struct CreateSignedRequest {
+  CMInt32 scertRID;
+  CMInt32 ecertRID;
+  CMInt32 dig_alg;
+  CMTItem digest;
+} CreateSignedRequest;
+
+extern CMTMessageTemplate CreateSignedRequestTemplate[];
+
+typedef struct CreateContentInfoReply {
+  CMInt32 ciRID;
+  CMInt32 result;
+  CMInt32 errorCode;
+} CreateContentInfoReply;
+
+extern CMTMessageTemplate CreateContentInfoReplyTemplate[];
+
+typedef struct CreateEncryptedRequest {
+  CMInt32 scertRID;
+  CMInt32 nrcerts;
+  CMInt32 *rcertRIDs;
+} CreateEncryptedRequest;
+
+extern CMTMessageTemplate CreateEncryptedRequestTemplate[];
+
+typedef struct CreateResourceRequest {
+  CMInt32 type;
+  CMTItem params;
+} CreateResourceRequest;
+
+extern CMTMessageTemplate CreateResourceRequestTemplate[];
+
+typedef struct CreateResourceReply {
+  CMInt32 result;
+  CMInt32 resID;
+} CreateResourceReply;
+
+extern CMTMessageTemplate CreateResourceReplyTemplate[];
+
+typedef struct GetAttribRequest {
+  CMInt32 resID;
+  CMInt32 fieldID;
+} GetAttribRequest;
+
+extern CMTMessageTemplate GetAttribRequestTemplate[];
+
+typedef struct GetAttribReply {
+  CMInt32 result;
+  SSMAttributeValue value;
+} GetAttribReply;
+
+extern CMTMessageTemplate GetAttribReplyTemplate[];
+
+typedef struct SetAttribRequest {
+  CMInt32 resID;
+  CMInt32 fieldID;
+  SSMAttributeValue value;
+} SetAttribRequest;
+
+extern CMTMessageTemplate SetAttribRequestTemplate[];
+
+typedef struct PickleResourceReply {
+    CMInt32 result;
+    CMTItem blob;
+} PickleResourceReply;
+
+extern CMTMessageTemplate PickleResourceReplyTemplate[];
+
+typedef struct UnpickleResourceRequest {
+  CMInt32 resourceType;
+  CMTItem resourceData;
+} UnpickleResourceRequest;
+
+extern CMTMessageTemplate UnpickleResourceRequestTemplate[];
+
+typedef struct UnpickleResourceReply {
+    CMInt32 result;
+    CMInt32 resID;
+} UnpickleResourceReply;
+
+extern CMTMessageTemplate UnpickleResourceReplyTemplate[];
+
+typedef struct PickleSecurityStatusReply {
+    CMInt32 result;
+    CMInt32 securityLevel;
+    CMTItem blob;
+} PickleSecurityStatusReply;
+
+extern CMTMessageTemplate PickleSecurityStatusReplyTemplate[];
+
+typedef struct DupResourceReply {
+    CMInt32 result;
+    CMUint32 resID;
+} DupResourceReply;
+
+extern CMTMessageTemplate DupResourceReplyTemplate[];
+
+typedef struct DestroyResourceRequest {
+  CMInt32 resID;
+  CMInt32 resType;
+} DestroyResourceRequest;
+
+extern CMTMessageTemplate DestroyResourceRequestTemplate[];
+
+typedef struct VerifyCertRequest {
+  CMInt32 resID;
+  CMInt32 certUsage;
+} VerifyCertRequest;
+
+extern CMTMessageTemplate VerifyCertRequestTemplate[];
+
+typedef struct AddTempCertToDBRequest {
+  CMInt32 resID;
+  char *nickname;
+  CMInt32 sslFlags;
+  CMInt32 emailFlags;
+  CMInt32 objSignFlags;
+} AddTempCertToDBRequest;
+
+extern CMTMessageTemplate AddTempCertToDBRequestTemplate[];
+
+typedef struct MatchUserCertRequest {
+  CMInt32 certType;
+  CMInt32 numCANames;
+  char **caNames;
+} MatchUserCertRequest;
+
+extern CMTMessageTemplate MatchUserCertRequestTemplate[];
+
+typedef struct MatchUserCertReply {
+  CMInt32 numCerts;
+  CMInt32 *certs;
+} MatchUserCertReply;
+
+extern CMTMessageTemplate MatchUserCertReplyTemplate[];
+
+typedef struct EncodeCRMFReqRequest {
+    CMInt32 numRequests;
+    CMInt32 * reqIDs;
+} EncodeCRMFReqRequest;
+
+extern CMTMessageTemplate EncodeCRMFReqRequestTemplate[];
+
+typedef struct CMMFCertResponseRequest {
+    char *nickname;
+    char *base64Der;
+    CMBool doBackup;
+    CMTItem clientContext;
+} CMMFCertResponseRequest;
+
+extern CMTMessageTemplate CMMFCertResponseRequestTemplate[];
+
+typedef struct PasswordRequest {
+    CMInt32 tokenKey;
+    char *prompt;
+    CMTItem clientContext;
+} PasswordRequest;
+
+extern CMTMessageTemplate PasswordRequestTemplate[];
+
+typedef struct PasswordReply {
+    CMInt32 result;
+    CMInt32 tokenID;
+    char * passwd;
+} PasswordReply;
+
+extern CMTMessageTemplate PasswordReplyTemplate[];
+
+typedef struct KeyPairGenRequest {
+    CMInt32 keyGenCtxtID;
+    CMInt32 genMechanism;
+    CMInt32 keySize;
+    CMTItem params;
+} KeyPairGenRequest;
+
+extern CMTMessageTemplate KeyPairGenRequestTemplate[];
+
+typedef struct DecodeAndCreateTempCertRequest {
+    CMInt32 type;
+    CMTItem cert;
+} DecodeAndCreateTempCertRequest;
+
+extern CMTMessageTemplate DecodeAndCreateTempCertRequestTemplate[];
+
+typedef struct GenKeyOldStyleRequest {
+    char *choiceString;
+    char *challenge;
+    char *typeString;
+    char *pqgString;
+} GenKeyOldStyleRequest;
+
+extern CMTMessageTemplate GenKeyOldStyleRequestTemplate[];
+
+typedef struct GenKeyOldStyleTokenRequest {
+    CMInt32 rid;
+    CMInt32 numtokens;
+    char ** tokenNames;
+} GenKeyOldStyleTokenRequest;
+
+extern CMTMessageTemplate GenKeyOldStyleTokenRequestTemplate[];
+
+typedef struct GenKeyOldStyleTokenReply {
+    CMInt32 rid;
+    CMBool cancel;
+    char * tokenName;
+} GenKeyOldStyleTokenReply;
+
+extern CMTMessageTemplate GenKeyOldStyleTokenReplyTemplate[];
+
+typedef struct GenKeyOldStylePasswordRequest {
+    CMInt32 rid;
+    char * tokenName;
+    CMBool internal;
+    CMInt32 minpwdlen;
+    CMInt32 maxpwdlen;
+} GenKeyOldStylePasswordRequest;
+
+extern CMTMessageTemplate GenKeyOldStylePasswordRequestTemplate[];
+
+typedef struct GenKeyOldStylePasswordReply {
+    CMInt32 rid;
+    CMBool cancel;
+    char * password;
+} GenKeyOldStylePasswordReply;
+
+extern CMTMessageTemplate GenKeyOldStylePasswordReplyTemplate[];
+
+typedef struct GetKeyChoiceListRequest {
+    char *type;
+    char *pqgString;
+} GetKeyChoiceListRequest;
+
+extern CMTMessageTemplate GetKeyChoiceListRequestTemplate[];
+
+typedef struct GetKeyChoiceListReply {
+    CMInt32 nchoices;
+    char **choices;
+} GetKeyChoiceListReply;
+
+extern CMTMessageTemplate GetKeyChoiceListReplyTemplate[];
+
+typedef struct AddNewSecurityModuleRequest {
+    char *moduleName;
+    char *libraryPath;
+    CMInt32 pubMechFlags;
+    CMInt32 pubCipherFlags;
+} AddNewSecurityModuleRequest;
+
+extern CMTMessageTemplate AddNewSecurityModuleRequestTemplate[];
+
+typedef struct FilePathRequest {
+    CMInt32 resID;
+    char *prompt;
+    CMBool getExistingFile;
+    char *fileRegEx;
+} FilePathRequest;
+
+extern CMTMessageTemplate FilePathRequestTemplate[];
+
+typedef struct FilePathReply {
+    CMInt32 resID;
+    char *filePath;
+} FilePathReply;
+
+extern CMTMessageTemplate FilePathReplyTemplate[];
+
+typedef struct PasswordPromptReply {
+    CMInt32 resID;
+    char *promptReply;
+} PasswordPromptReply;
+
+extern CMTMessageTemplate PasswordPromptReplyTemplate[];
+
+typedef struct SignTextRequest {
+    CMInt32 resID;
+    char *stringToSign;
+    char *hostName;
+    char *caOption;
+    CMInt32 numCAs;
+    char** caNames;
+} SignTextRequest;
+
+extern CMTMessageTemplate SignTextRequestTemplate[];
+
+typedef struct GetLocalizedTextReply {
+    CMInt32 whichString;
+    char *localizedString;
+} GetLocalizedTextReply;
+
+extern CMTMessageTemplate GetLocalizedTextReplyTemplate[];
+
+typedef struct ImportCertReply {
+    CMInt32 result;
+    CMInt32 resID;
+} ImportCertReply;
+
+extern CMTMessageTemplate ImportCertReplyTemplate[];
+
+typedef struct PromptRequest {
+    CMInt32 resID;
+    char *prompt;
+    CMTItem clientContext;
+} PromptRequest;
+
+extern CMTMessageTemplate PromptRequestTemplate[];
+
+typedef struct PromptReply {
+    CMInt32 resID;
+    CMBool cancel;
+    char *promptReply;
+} PromptReply;
+
+extern CMTMessageTemplate PromptReplyTemplate[];
+
+typedef struct RedirectCompareReqeust {
+    CMTItem socketStatus1Data;
+    CMTItem socketStatus2Data;
+} RedirectCompareRequest;
+
+extern CMTMessageTemplate RedirectCompareRequestTemplate[];
+
+typedef struct DecodeAndAddCRLRequest {
+    CMTItem  derCrl;
+    CMUint32 type;
+    char *url;
+} DecodeAndAddCRLRequest;
+
+extern CMTMessageTemplate DecodeAndAddCRLRequestTemplate[];
+
+typedef struct SecurityAdvisorRequest {
+    CMInt32 infoContext;
+    CMInt32 resID;
+    char * hostname;
+	char * senderAddr;
+    CMUint32 encryptedP7CInfo;
+    CMUint32 signedP7CInfo;
+    CMInt32 decodeError;
+    CMInt32 verifyError;
+	CMBool encryptthis;
+	CMBool signthis;
+	CMInt32 numRecipients;
+	char ** recipients;
+} SecurityAdvisorRequest;
+
+extern CMTMessageTemplate SecurityAdvisorRequestTemplate[];
+
+/* "SecurityConfig" javascript related message templates */
+typedef struct SCAddTempCertToPermDBRequest {
+    CMTItem certKey;
+    char* trustStr;
+    char* nickname;
+} SCAddTempCertToPermDBRequest;
+
+extern CMTMessageTemplate SCAddTempCertToPermDBRequestTemplate[];
+
+typedef struct SCDeletePermCertsRequest {
+    CMTItem certKey;
+    CMBool deleteAll;
+} SCDeletePermCertsRequest;
+
+extern CMTMessageTemplate SCDeletePermCertsRequestTemplate[];
+
+typedef struct TimeMessage {
+    CMInt32 year;
+    CMInt32 month;
+    CMInt32 day;
+    CMInt32 hour;
+    CMInt32 minute;
+    CMInt32 second;
+} TimeMessage;
+
+extern CMTMessageTemplate TimeMessageTemplate[];
+
+typedef struct CertEnumElement {
+    char* name;
+    CMTItem certKey;
+} CertEnumElement;
+
+typedef struct SCCertIndexEnumReply {
+      int length;
+      CertEnumElement* list;
+} SCCertIndexEnumReply;
+
+extern CMTMessageTemplate SCCertIndexEnumReplyTemplate[];
+
+/* Test message */
+typedef struct TestListElement {
+	char * name;
+	char * value;
+} TestListElement;
+
+typedef struct TestList {
+	char *listName;
+	int numElements;
+	TestListElement *elements;
+} TestList;
+
+extern CMTMessageTemplate TestListTemplate[];
+
+/* Preference-related structs */
+typedef struct SetPrefElement {
+    char* key;
+    char* value;
+    CMInt32 type;
+} SetPrefElement;
+
+typedef struct SetPrefListMessage {
+    int length;
+    SetPrefElement* list;
+} SetPrefListMessage;
+
+extern CMTMessageTemplate SetPrefListMessageTemplate[];
+
+typedef struct GetPrefElement {
+    char* key;
+    CMInt32 type;
+} GetPrefElement;
+
+typedef struct GetPrefListRequest {
+    int length;
+    GetPrefElement* list;
+} GetPrefListRequest;
+
+extern CMTMessageTemplate GetPrefListRequestTemplate[];
+
+typedef struct GetCertExtension {
+    CMUint32 resID;
+    CMUint32 extension;
+} GetCertExtension;
+
+extern CMTMessageTemplate GetCertExtensionTemplate[];
+
+typedef struct HTMLCertInfoRequest {
+    CMUint32 certID;
+    CMUint32 showImages;
+    CMUint32 showIssuer;
+} HTMLCertInfoRequest;
+
+extern CMTMessageTemplate HTMLCertInfoRequestTemplate[];
+
+typedef struct EncryptRequestMessage
+{
+  CMTItem keyid;  /* May have length 0 for default */
+  CMTItem data;
+  CMTItem ctx;  /* serialized void* ptr */
+} EncryptRequestMessage;
+
+extern CMTMessageTemplate EncryptRequestTemplate[];
+
+typedef struct SingleItemMessage EncryptReplyMessage;
+#define EncryptReplyTemplate SingleItemMessageTemplate
+
+typedef struct DecryptRequestMessage
+{
+  CMTItem data;
+  CMTItem ctx;  /* serialized void* ptr */
+} DecryptRequestMessage;
+extern CMTMessageTemplate DecryptRequestTemplate[];
+
+typedef struct SingleItemMessage DecryptReplyMessage;
+#define DecryptReplyTemplate SingleItemMessageTemplate
+
+#endif /* __MESSAGES_H__ */

mozilla/security/psm/lib/protocol/newproto.c

@@ -0,0 +1,629 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include <string.h>
+#include <assert.h>
+#ifdef WIN32
+#include <winsock.h>
+#endif
+#ifdef XP_MAC
+#include "macsocket.h"
+#endif
+#ifdef XP_UNIX
+#include "sys/types.h"
+#include "netinet/in.h" /* for ntohl & htonl */
+#endif
+#ifdef XP_OS2_EMX
+#include <sys/param.h>
+#endif
+#ifdef XP_OS2_VACPP
+#include <utils.h>
+#endif
+#ifdef XP_BEOS
+#include "ByteOrder.h"
+#endif
+
+#include "newproto.h"
+
+char SSMVersionString[] = "1.4";
+
+CMT_Alloc_fn cmt_alloc = malloc;
+CMT_Free_fn cmt_free = free;
+
+#define ASSERT(x) assert(x)
+
+#define CM_ntohl ntohl
+#define CM_htonl htonl
+
+char* SSM_GetVersionString(void)
+{
+    char *newString;
+    int strLen;
+
+    strLen = strlen(SSMVersionString);
+    newString = (char*)malloc(sizeof(char)*(strLen+1));
+    if (newString) {
+        memcpy(newString,SSMVersionString, strlen(SSMVersionString));
+        newString[strLen]='\0';
+    }
+    return newString;
+}
+
+
+/*************************************************************
+ *
+ * CMT_Init
+ *
+ *
+ ************************************************************/
+void
+CMT_Init(CMT_Alloc_fn allocfn, CMT_Free_fn freefn)
+{
+    cmt_alloc = allocfn;
+    cmt_free = freefn;
+}
+
+static CMTStatus
+decode_int(unsigned char **curptr, void *dest, CMInt32 *remaining)
+{
+    CMInt32 datalen = sizeof(CMInt32);
+
+    if (*remaining < datalen)
+        return CMTFailure;
+    *(CMInt32 *)dest = ntohl(**(CMInt32 **)curptr);
+    *remaining -= datalen;
+    *curptr += datalen;
+    return CMTSuccess;
+}
+
+static CMTStatus
+decode_string(unsigned char **curptr, CMInt32 *len,
+              unsigned char **data, CMInt32 *remaining)
+{
+    CMTStatus rv;
+    CMInt32 datalen;
+
+    rv = decode_int(curptr, len, remaining);
+    if (rv != CMTSuccess)
+        return CMTFailure;
+
+    /* NULL string */
+    if (*len == 0) {
+        *data = NULL;
+        goto done;
+    }
+
+    datalen = (*len + 3) & ~3;
+    if (*remaining < datalen)
+        return CMTFailure;
+
+    *data = (unsigned char *) cmt_alloc(*len + 1);
+    if (*data == NULL)
+        return CMTFailure;
+
+    memcpy(*data, *curptr, *len);
+    (*data)[*len] = 0;
+    *remaining -= datalen;
+    *curptr += datalen;
+done:
+    return CMTSuccess;
+}
+
+/*************************************************************
+ * CMT_DecodeMessage
+ *
+ * Decode msg into dest as specified by tmpl.
+ *
+ ************************************************************/
+CMTStatus
+CMT_DecodeMessage(CMTMessageTemplate *tmpl, void *dest, CMTItem *msg)
+{
+    unsigned char *curptr, *destptr, *list;
+	void ** ptr;
+    CMInt32 remaining, len, choiceID = 0, listSize, listCount = 0;
+    CMBool inChoice = CM_FALSE, foundChoice = CM_FALSE, inList = CM_FALSE;
+    CMInt32 listItemSize = 0;
+    CMTStatus rv = CMTSuccess;
+	CMTMessageTemplate *startOfList, *p;
+	CMBool inStructList = CM_FALSE;
+
+    curptr = msg->data;
+    remaining = msg->len;
+
+    while(tmpl->type != CMT_DT_END) {
+        /* XXX Maybe this should be a more formal state machine? */
+        if (inChoice) {
+            if (tmpl->type == CMT_DT_END_CHOICE) {
+                if (!foundChoice)
+                    goto loser;
+                inChoice = CM_FALSE;
+                foundChoice = CM_FALSE;
+                tmpl++;
+                continue;
+            }
+            if (choiceID != tmpl->choiceID) {
+                tmpl++;
+                continue;  /* Not this option */
+            } else {
+                foundChoice = CM_TRUE;
+            }
+        }
+        if (inList) {
+            destptr = &list[listCount * listItemSize];
+            listCount++;
+        } else {
+			if (inStructList) {
+				destptr = tmpl->offset + list;
+			} else {
+				destptr = tmpl->offset + (unsigned char *)dest;
+			}
+        }
+        switch (tmpl->type) {
+          case CMT_DT_RID:
+          case CMT_DT_INT:
+          case CMT_DT_BOOL:
+            rv = decode_int(&curptr, destptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_STRING:
+            rv = decode_string(&curptr, &len, (unsigned char **)destptr,
+                               &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_ITEM:
+            rv = decode_string(&curptr, (long *) &((CMTItem *)destptr)->len,
+                               &((CMTItem *)destptr)->data, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_LIST:
+            /* XXX This is too complicated */
+            rv = decode_int(&curptr, destptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            listSize = *(CMInt32 *)destptr;
+            tmpl++;
+            if (tmpl->type == CMT_DT_STRING) {
+                listItemSize = sizeof(unsigned char *);
+            } else if (tmpl->type == CMT_DT_ITEM) {
+                listItemSize = sizeof(CMTItem);
+            } else {
+                listItemSize = sizeof(CMInt32);
+            }
+            if (listSize == 0) {
+                list = NULL;
+            } else {
+                list = (unsigned char *) cmt_alloc(listSize * listItemSize);
+            }
+            *(void **)(tmpl->offset + (unsigned char *)dest) = list;
+            inList = CM_TRUE;
+            listCount = 0;
+            break;
+          case CMT_DT_STRUCT_LIST:
+            /* XXX This is too complicated */
+            rv = decode_int(&curptr, destptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            listSize = *(CMInt32 *)destptr;
+            tmpl++;
+			if (tmpl->type != CMT_DT_STRUCT_PTR) {
+				goto loser;
+			}
+			ptr = (void**)(tmpl->offset + (unsigned char *)dest);
+			startOfList = tmpl;
+			p = tmpl;
+			listItemSize = 0;
+			while (p->type != CMT_DT_END_STRUCT_LIST) {
+				if (p->type == CMT_DT_STRING) {
+					listItemSize += sizeof(unsigned char *);
+				} else if (p->type == CMT_DT_ITEM) {
+					listItemSize += sizeof(CMTItem);
+				} else if (p->type == CMT_DT_INT) {
+	                listItemSize += sizeof(CMInt32);
+		        }
+				p++;
+			}
+            if (listSize == 0) {
+                list = NULL;
+            } else {
+                list = (unsigned char *) cmt_alloc(listSize * listItemSize);
+            }
+            *ptr = list;
+            inStructList = CM_TRUE;
+            listCount = 0;
+            break;
+		  case CMT_DT_END_STRUCT_LIST:
+			listCount++;
+			if (listCount == listSize) {
+				inStructList = CM_FALSE;
+			} else {
+				list += listItemSize;
+				tmpl = startOfList;
+			}
+			break;
+          case CMT_DT_CHOICE:
+            rv = decode_int(&curptr, destptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            choiceID = *(CMInt32 *)destptr;
+            inChoice = CM_TRUE;
+            foundChoice = CM_FALSE;
+            break;
+          case CMT_DT_END_CHOICE: /* Loop should exit before we see these. */
+          case CMT_DT_END:
+          default:
+            ASSERT(0);
+            break;
+        }
+        if (inList) {
+            if (listCount == listSize) {
+                inList = CM_FALSE;
+                tmpl++;
+            }
+        } else {
+            tmpl++;
+        }
+    }
+loser:
+    /* Free the data buffer */
+    if (msg->data) {
+        cmt_free(msg->data);
+        msg->data = NULL;
+    }
+    return rv;
+}
+
+static CMTStatus
+calc_msg_len(CMTMessageTemplate *tmpl, void *src, CMInt32 *len_out)
+{
+    CMInt32 len = 0, choiceID = 0, listSize, listItemSize, listCount;
+    unsigned char *srcptr, *list;
+    CMBool inChoice = CM_FALSE, inList = CM_FALSE, foundChoice = CM_FALSE;
+	CMTMessageTemplate *startOfList, *p;
+	CMBool inStructList = CM_FALSE;
+
+    while(tmpl->type != CMT_DT_END) {
+        if (inChoice) {
+            if (tmpl->type == CMT_DT_END_CHOICE) {
+                if (!foundChoice)
+                    goto loser;
+                inChoice = CM_FALSE;
+                foundChoice = CM_FALSE;
+                tmpl++;
+                continue;
+            }
+            if (choiceID != tmpl->choiceID) {
+                tmpl++;
+                continue;  /* Not this option */
+            } else {
+                foundChoice = CM_TRUE;
+            }
+        }
+        if (inList) {
+            srcptr = &list[listCount * listItemSize];
+            listCount++;
+        } else if (inStructList) {
+			srcptr = tmpl->offset + list;
+		} else {
+            srcptr = tmpl->offset + (unsigned char *)src;
+        }
+        switch(tmpl->type) {
+          case CMT_DT_RID:
+          case CMT_DT_INT:
+          case CMT_DT_BOOL:
+            len += sizeof(CMInt32);
+            break;
+          case CMT_DT_STRING:
+            len += sizeof(CMInt32);
+            /* Non NULL string */
+            if (*(char**)srcptr) {
+                len += (strlen(*(char**)srcptr) + 4) & ~3;
+            }
+            break;
+          case CMT_DT_ITEM:
+            len += sizeof(CMInt32);
+            len += (((CMTItem *)srcptr)->len + 3) & ~3;
+            break;
+          case CMT_DT_LIST:
+            len += sizeof(CMInt32);
+            listSize = *(CMInt32 *)srcptr;
+            tmpl++;
+            if (tmpl->type == CMT_DT_STRING) {
+                listItemSize = sizeof(unsigned char *);
+            } else if (tmpl->type == CMT_DT_ITEM) {
+                listItemSize = sizeof(CMTItem);
+            } else {
+                listItemSize = sizeof(CMInt32);
+            }
+            list = *(unsigned char **)(tmpl->offset + (unsigned char *)src);
+            listCount = 0;
+            inList = CM_TRUE;
+            break;
+		  case CMT_DT_STRUCT_LIST:
+			len += sizeof(CMInt32);
+			listSize = *(CMInt32 *)srcptr;
+			tmpl++;
+			if (tmpl->type != CMT_DT_STRUCT_PTR) {
+				goto loser;
+			}
+			list = *(unsigned char**)(tmpl->offset + (unsigned char*)src);
+			startOfList = tmpl;
+			p = tmpl;
+			listItemSize = 0;
+			while (p->type != CMT_DT_END_STRUCT_LIST) {
+				if (p->type == CMT_DT_STRING) {
+					listItemSize += sizeof(unsigned char *);
+				} else if (p->type == CMT_DT_ITEM) {
+					listItemSize += sizeof(CMTItem);
+				} else if (p->type == CMT_DT_INT) {
+					listItemSize += sizeof(CMInt32);
+				}
+				p++;
+			}
+			listCount = 0;
+			inStructList = CM_TRUE;
+			break;
+		  case CMT_DT_END_STRUCT_LIST:
+			listCount++;
+			if (listCount == listSize) {
+				inStructList = CM_FALSE;
+			} else {
+				list += listItemSize;
+				tmpl = startOfList;
+			}
+			break;
+          case CMT_DT_CHOICE:
+            len += sizeof(CMInt32);
+            choiceID = *(CMInt32 *)srcptr;
+            inChoice = CM_TRUE;
+            foundChoice = CM_FALSE;
+            break;
+          case CMT_DT_END_CHOICE: /* Loop should exit before we see these. */
+          case CMT_DT_END:
+          default:
+            ASSERT(0);
+            break;
+        }
+        if (inList) {
+            if (listCount == listSize) {
+                inList = CM_FALSE;
+                tmpl++;
+            }
+        } else {
+            tmpl++;
+        }
+    }
+    *len_out = len;
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+static CMTStatus
+encode_int(unsigned char **curptr, void *src, CMInt32 *remaining)
+{
+    CMInt32 datalen = sizeof(CMInt32);
+
+    if (*remaining < datalen)
+        return CMTFailure;
+    **(CMInt32 **)curptr = CM_htonl(*(CMInt32 *)src);
+    *remaining -= datalen;
+    *curptr += datalen;
+    return CMTSuccess;
+}
+
+static CMTStatus
+encode_string(unsigned char **curptr, CMInt32 len,
+              unsigned char *data, CMInt32 *remaining)
+{
+    CMTStatus rv;
+    CMInt32 datalen;
+
+    rv = encode_int(curptr, &len, remaining);
+    if (rv != CMTSuccess)
+        return CMTFailure;
+
+    /* NULL string */
+    if (len == 0) {
+        goto done;
+    }
+
+    datalen = (len + 3) & ~3;
+    if (*remaining < datalen)
+        return CMTFailure;
+
+    memcpy(*curptr, data, len);
+    *remaining -= datalen;
+    *curptr += datalen;
+done:
+    return CMTSuccess;
+}
+
+/*************************************************************
+ * CMT_EncodeMessage
+ *
+ * Encode src into msg as specified by tmpl.
+ *
+ ************************************************************/
+CMTStatus
+CMT_EncodeMessage(CMTMessageTemplate *tmpl, CMTItem *msg, void *src)
+{
+    CMInt32 choiceID = 0, listSize, listItemSize, listCount, remaining;
+    unsigned char *srcptr, *curptr, *list;
+    CMBool inChoice = CM_FALSE, inList = CM_FALSE, foundChoice = CM_FALSE;
+    CMTStatus rv = CMTSuccess;
+	CMTMessageTemplate *startOfList, *p;
+	CMBool inStructList = CM_FALSE;
+
+    rv = calc_msg_len(tmpl, src, (long *) &msg->len);
+    if (rv != CMTSuccess)
+        goto loser;
+    curptr = msg->data = (unsigned char *) cmt_alloc(msg->len);
+    if(msg->data == NULL)
+        goto loser;
+    remaining = msg->len;
+
+    while(tmpl->type != CMT_DT_END) {
+        if (inChoice) {
+            if (tmpl->type == CMT_DT_END_CHOICE) {
+                if (!foundChoice)
+                    goto loser;
+                inChoice = CM_FALSE;
+                foundChoice = CM_FALSE;
+                tmpl++;
+                continue;
+            }
+            if (choiceID != tmpl->choiceID) {
+                tmpl++;
+                continue;  /* Not this option */
+            } else {
+                foundChoice = CM_TRUE;
+            }
+        }
+        if (inList) {
+            srcptr = &list[listCount * listItemSize];
+            listCount++;
+        } else {
+			if (inStructList) {
+				srcptr = tmpl->offset + list;
+			} else {
+				srcptr = tmpl->offset + (unsigned char *)src;
+			}
+        }
+        switch(tmpl->type) {
+          case CMT_DT_RID:
+          case CMT_DT_INT:
+          case CMT_DT_BOOL:
+            rv = encode_int(&curptr, srcptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_STRING:
+             if (*(char**)srcptr) {
+                 /* Non NULL string */
+                 rv = encode_string(&curptr, (long) strlen(*(char**)srcptr), 
+                 	                *(unsigned char**)srcptr, &remaining);
+             } else {
+                 /* NULL string */
+                 rv = encode_string(&curptr, 0L, *(unsigned char**)srcptr, &remaining);
+             }
+             if (rv != CMTSuccess)
+                goto loser;
+             break;
+          case CMT_DT_ITEM:
+            rv = encode_string(&curptr, ((CMTItem *)srcptr)->len,
+                               ((CMTItem *)srcptr)->data, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_LIST:
+            rv = encode_int(&curptr, srcptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            listSize = *(CMInt32 *)srcptr;
+            tmpl++;
+            if (tmpl->type == CMT_DT_STRING) {
+                listItemSize = sizeof(unsigned char *);
+            } else if (tmpl->type == CMT_DT_ITEM) {
+                listItemSize = sizeof(CMTItem);
+            } else {
+                listItemSize = sizeof(CMInt32);
+            }
+            list = *(unsigned char **)(tmpl->offset + (unsigned char *)src);
+            listCount = 0;
+            inList = CM_TRUE;
+            break;
+		  case CMT_DT_STRUCT_LIST:
+            rv = encode_int(&curptr, srcptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            listSize = *(CMInt32 *)srcptr;
+			tmpl++;
+			if (tmpl->type != CMT_DT_STRUCT_PTR) {
+				goto loser;
+			}
+			list = *(unsigned char**)(tmpl->offset + (unsigned char*)src);
+			startOfList = tmpl;
+			p = tmpl;
+			listItemSize = 0;
+			while (p->type != CMT_DT_END_STRUCT_LIST) {
+				if (p->type == CMT_DT_STRING) {
+					listItemSize += sizeof(unsigned char *);
+				} else if (p->type == CMT_DT_ITEM) {
+					listItemSize += sizeof(CMTItem);
+				} else if (p->type == CMT_DT_INT) {
+					listItemSize += sizeof(CMInt32);
+				}
+				p++;
+			}
+			listCount = 0;
+			inStructList = CM_TRUE;
+			break;
+		  case CMT_DT_END_STRUCT_LIST:
+			listCount++;
+			if (listCount == listSize) {
+				inStructList = CM_FALSE;
+			} else {
+				list += listItemSize;
+				tmpl = startOfList;
+			}
+			break;
+          case CMT_DT_CHOICE:
+            rv = encode_int(&curptr, srcptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            choiceID = *(CMInt32 *)srcptr;
+            inChoice = CM_TRUE;
+            foundChoice = CM_FALSE;
+            break;
+          case CMT_DT_END_CHOICE: /* Loop should exit before we see these. */
+          case CMT_DT_END:
+          default:
+            ASSERT(0);
+            break;
+        }
+        if (inList) {
+            if (listCount == listSize) {
+                inList = CM_FALSE;
+                tmpl++;
+            }
+        } else {
+            tmpl++;
+        }
+    }
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}

mozilla/security/psm/lib/protocol/newproto.h

@@ -0,0 +1,102 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __NEWPROTO_H__
+#define __NEWPROTO_H__
+
+#include <stdlib.h>
+#include "ssmdefs.h"
+
+typedef enum CMTDataType {
+    CMT_DT_END,
+    CMT_DT_RID,
+    CMT_DT_INT,
+    CMT_DT_BOOL,
+    CMT_DT_STRING,
+    CMT_DT_ITEM,
+    CMT_DT_LIST,
+    CMT_DT_CHOICE,
+    CMT_DT_END_CHOICE,
+	CMT_DT_STRUCT_LIST,
+	CMT_DT_END_STRUCT_LIST,
+	CMT_DT_STRUCT_PTR
+} CMTDataType;
+
+typedef struct CMTMessageTemplate {
+    CMTDataType type;
+    CMUint32 offset;
+    CMInt32 validator;
+    CMInt32 choiceID;
+} CMTMessageTemplate;
+
+typedef struct CMTMessageHeader {
+    CMInt32 type;
+    CMInt32 len;
+} CMTMessageHeader;
+
+typedef void *(* CMT_Alloc_fn) (size_t size);
+typedef void (* CMT_Free_fn)(void * ptr);
+
+extern CMT_Alloc_fn cmt_alloc;
+extern CMT_Free_fn cmt_free;
+
+/*************************************************************
+ *
+ * CMT_Init
+ *
+ *
+ ************************************************************/
+void
+CMT_Init(CMT_Alloc_fn allocfn, CMT_Free_fn freefn);
+
+/*************************************************************
+ * CMT_DecodeMessage
+ *
+ * Decode msg into dest as specified by tmpl.
+ *
+ ************************************************************/
+CMTStatus
+CMT_DecodeMessage(CMTMessageTemplate *tmpl, void *dest, CMTItem *msg);
+
+
+/*************************************************************
+ * CMT_EncodeMessage
+ *
+ * Encode src into msg as specified by tmpl.
+ *
+ ************************************************************/
+CMTStatus
+CMT_EncodeMessage(CMTMessageTemplate *tmpl, CMTItem *msg, void *src);
+
+
+#endif /* __NEWPROTO_H__ */

mozilla/security/psm/lib/protocol/obsample.c

@@ -0,0 +1,187 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/* SAMPLE CODE
+** Illustrates use of SSMObscure object methods.
+**
+** Author:  Nelson Bolyard	June 1999
+*/
+
+#include <stdio.h>
+#include "obscure.h"
+
+
+/* On error, returns -1.
+** On success, returns non-negative number of unobscured bytes in buf
+int
+RecvInitObscureData(int fd, SSMObscureObject * obj, void * buf, int bufSize )
+{
+    SSMObscureBool done = 0;
+
+    do {
+	int cc;
+	int rv;
+	cc = read(fd, buf, bufSize);
+	if (cc <= 0)
+	    return -1;
+	rv = SSMObscure_RecvInit(obj, buf, cc, &done);
+    } while (!done);
+    return rv;
+}
+
+
+/* returns -1 on error, 0 on success. */
+int
+SendInitObscureData(int fd, SSMObscureObject * obj)
+{
+    unsigned char * initBuf = NULL;
+    int             rv      = -1;
+
+    do {
+	int bufLen;
+	int len;
+	int cc;
+
+	bufLen = SSMObscure_SendInit(obj, NULL);
+	if (bufLen <= 0)
+	    break;
+
+	initBuf = malloc(bufLen);
+	if (!initBuf)
+	    break;
+
+	len = SSMObscure_SendInit(obj, initBuf);
+	if (len != bufLen)
+	    break;
+
+	cc = write(fd, initBuf, len);
+
+	/* Note, this code assumes a blocking socket, 
+	** and hence doesn't deal with short writes.
+	*/
+	if (cc < len) 
+	    break;
+
+    	rv = 0;
+
+    } while (0);
+
+    if (initBuf) {
+	free(initBuf);
+    	initBuf = NULL;
+    }
+    return rv;
+}
+
+/* This is like write, but it obscures the data first. */
+/* This code assumes a blocking socket, and so it doesn't handle short 
+** writes.
+*/
+int 
+obscuredWrite(SSMObscureObject * obj, int fd, void * buf, int len)
+{
+    int rv;
+    int cc;
+
+    cc = SSMObscure_Send(obj, buf, len);
+    if (cc <= 0)
+    	return cc;
+    rv = write(fd, buf, cc);
+    ASSERT(rv == cc || rv < 0);
+    return rv;
+}
+
+/* This is like read, but it unobscures the data after reading it. */
+int 
+obscuredRead(SSMObscureObject * obj, int fd, void * buf, int len)
+{
+    int rv;
+    int cc;
+
+    do {
+	cc = read(fd, buf, len);
+	if (cc <= 0)
+	    return cc;
+	rv = SSMObscure_Recv(obj, buf, len);
+    } while (rv == 0);
+    return rv;
+}
+
+SSMObscureObject * sobj;
+unsigned char buf[8192];
+
+/* Call this with fd for socket that has just been accepted.
+** returns -1 on error, 
+** On success, returns non-negative number of bytes received in buf. 
+*/
+int
+InitClientObscureObject(int fd) 
+{
+    int rv;
+
+    sobj = SSMObscure_Create(0);
+    if (!sobj)
+    	return -1;
+
+    rv = SendInitObscureData(fd, sobj);
+    if (rv < 0)
+    	return rv;
+
+    rv = RecvInitObscureData(fd, sobj, buf, sizeof buf);
+    return rv;
+}
+
+/* Call this with fd for socket that has just been connected.
+** returns -1 on error, 
+** On success, returns non-negative number of bytes received in buf. 
+*/
+int
+InitServerObscureObject(int fd)
+{
+    int cc;
+
+    sobj = SSMObscure_Create(1);
+    if (!sobj)
+    	return -1;
+
+    cc = RecvInitObscureData(fd, sobj, buf, sizeof buf);
+    if (cc < 0) 
+    	return cc;
+
+
+    rv = SendInitObscureData(fd, sobj);
+    if (rv < 0)
+    	return rv;
+
+    return cc;
+}
+

mozilla/security/psm/lib/protocol/obscure.c

@@ -0,0 +1,136 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include <stdlib.h>
+#include "obspriv.h"
+#include "newproto.h"
+
+
+/* 
+** Create a new Obscuring object 
+*/
+SSMObscureObject * 
+SSMObscure_Create(SSMObscureBool IsServer)
+{
+    SSMObscureObject * obj;
+    void *             priv;
+
+    obj = (SSMObscureObject *) cmt_alloc(sizeof *obj);
+    if (!obj)
+    	return obj;
+    /* This needs to be a little more elegant */
+    priv = SSMObscure_InitPrivate(obj, IsServer);
+    if (!priv) {
+    	cmt_free(obj);
+	return NULL;
+    }
+    obj->privData = priv;
+    return obj;
+}
+
+
+/* Prepare initial buffer with initial message to send to other side to 
+** establish cryptographic * synchronization.
+**
+** If buf is NULL, function returns the size of the buffer that 
+** the caller needs to allocate for sending the initial message.
+** 
+** If buf is non-null, function returns the number of bytes of data filled 
+** into buf, the amount that the caller should then send to the other side.
+**
+*/
+int 
+SSMObscure_SendInit( SSMObscureObject * obj, void * buf)
+{
+    int rv;
+    rv = obj->sendInit(obj->privData, buf);
+    return rv;
+}
+
+/* 
+** Obscure "len" bytes in "buf" before sending it. 
+*/
+int 
+SSMObscure_Send(	SSMObscureObject * obj, 
+			void *             buf, 
+			unsigned int       len)
+{
+    int rv;
+    rv = obj->send(obj->privData, buf, len);
+    return rv;
+}
+
+/* 
+** UnObscure "len" bytes in "buf" after receiving it. 
+** This function may absorb some or all of the received bytes, leaving 
+** fewer bytes (possibly none) in the buffer for the application to use 
+** than were in the buffer when the function was called.
+** Function returns the number of bytes of unobscured data remaining in
+** buf.  Zero means all data was used internally and no data remains 
+** for application use. Negative number means error occurred.
+*/
+int 
+SSMObscure_Recv(	SSMObscureObject * obj, 
+			void *             buf, 
+			unsigned int       len)
+{
+    int rv;
+    rv = obj->recv(obj->privData, buf, len);
+    return rv;
+}
+
+/* like _Recv, but returns a flag telling when all initialization info has
+** been received.
+*/
+int 
+SSMObscure_RecvInit(	SSMObscureObject * obj, 
+			void *             buf, 
+			unsigned int       len,
+			SSMObscureBool   * done)
+{
+    int rv;
+    rv = obj->recvInit(obj->privData, buf, len, done);
+    return rv;
+}
+
+/* 
+** Destroy the Obscure Object 
+*/
+int 
+SSMObscure_Destroy(SSMObscureObject * obj)
+{
+    int rv;
+    rv = obj->destroy(obj->privData);
+    cmt_free(obj);
+    return rv;
+}
+

mozilla/security/psm/lib/protocol/obscure.h

@@ -0,0 +1,98 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __obscure_h__
+#define __obscure_h__ 1
+#ifdef __cplusplus
+extern "C" {
+#endif
+typedef unsigned char SSMObscureBool;
+
+typedef struct SSMObscureObjectStr 	SSMObscureObject;
+
+/* 
+** Create a new Obscuring object 
+*/
+extern SSMObscureObject * SSMObscure_Create(SSMObscureBool IsServer);
+
+
+/* Prepare initial buffer with initial message to send to other side to 
+** establish cryptographic * synchronization.
+**
+** If buf is NULL, function returns the size of the buffer that 
+** the caller needs to allocate for sending the initial message.
+** 
+** If buf is non-null, function returns the number of bytes of data filled 
+** into buf, the amount that the caller should then send to the other side.
+**
+*/
+extern int SSMObscure_SendInit( SSMObscureObject * obj,
+				void *             buf);
+
+/* 
+** Obscure "len" bytes in "buf" before sending it. 
+*/
+extern int SSMObscure_Send(	SSMObscureObject * obj, 
+                            	void *             buf, 
+				unsigned int       len);
+
+/* 
+** UnObscure "len" bytes in "buf" after receiving it. 
+** This function may absorb some or all of the received bytes, leaving 
+** fewer bytes (possibly none) in the buffer for the application to use 
+** than were in the buffer when the function was called.
+** Function returns the number of bytes of unobscured data remaining in
+** buf.  Zero means all data was used internally and no data remains 
+** for application use. Negative number means error occurred.
+*/
+extern int SSMObscure_Recv(	SSMObscureObject * obj, 
+                                void *             buf, 
+				unsigned int       len);
+
+/* like _Recv, but returns a flag telling when all initialization info has
+** been received.
+*/
+extern int SSMObscure_RecvInit(	SSMObscureObject * obj, 
+                                void *             buf, 
+				unsigned int       len,
+				SSMObscureBool   * done);
+
+/* 
+** Destroy the Obscure Object 
+*/
+extern int SSMObscure_Destroy(SSMObscureObject * obj);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __obscure_h__ */

mozilla/security/psm/lib/protocol/obspriv.c

@@ -0,0 +1,115 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "obspriv.h"
+#include "newproto.h"
+#include <string.h>
+#include <assert.h>
+#include <time.h>
+
+/* 
+   Originally this code was used to obscure the control messages
+   traveling between processes. With the relaxation of export rules,
+   this whole step is no longer necessary, and is included for
+   informational purposes only. (We need to finish removing the 
+   obscuring code.)
+*/
+struct obscureNOPStr {
+    SSMObscureObject * obj;
+};
+
+typedef struct obscureNOPStr obscureV1;
+
+static int 
+ssmObscure_Destroy(void * privData)
+{
+    obscureV1 * priv = (obscureV1 *)privData;
+
+    memset(priv, 0, sizeof *priv);
+    cmt_free(priv);
+    return 0;
+}
+
+static int
+ssmObscure_Send(void * privData, void * buf, unsigned int len)
+{
+    /* obscureV1 *  priv 		= (obscureV1 *)privData;*/
+
+    /* NOP */
+    return len;
+}
+
+static int    
+ssmObscure_Recv(void * privData, void * buf, unsigned int len)
+{
+    /*obscureV1 *  priv 		= (obscureV1 *)privData;*/
+
+    /* NOP */
+    return len;
+}
+
+static int    
+ssmObscure_SendInit(void * privData, void * buf)
+{
+    /*obscureV1 *      priv = (obscureV1 *)privData;*/
+
+    return 0;
+}
+
+static int    
+ssmObscure_RecvInit(void * privData, void * buf, unsigned int len,
+                    SSMObscureBool * pDone)
+{
+    return 0;
+}
+
+static void *
+ssmObscure_InitPrivate(SSMObscureObject * obj, SSMObscureBool IsServer)
+{
+    obscureV1 *   priv 		= (obscureV1 *) cmt_alloc(sizeof (obscureV1));
+
+    if (!priv)
+    	return NULL;
+
+    priv->obj        = obj;
+
+    obj->privData  = (void *)priv;
+    obj->destroy  = ssmObscure_Destroy;
+    obj->send     = ssmObscure_Send;
+    obj->recv     = ssmObscure_Recv;
+    obj->sendInit = ssmObscure_SendInit;
+    obj->recvInit = ssmObscure_RecvInit;
+    
+    return priv;
+}
+
+obsInitFn SSMObscure_InitPrivate = ssmObscure_InitPrivate;

mozilla/security/psm/lib/protocol/obspriv.h

@@ -0,0 +1,63 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "obscure.h"
+
+typedef void * (* obsInitFn)    (SSMObscureObject * instance, 
+                                 SSMObscureBool     IsServer);
+typedef int    (* obsDestroyFn) (void * priv);
+typedef int    (* obsSendFn)    (void * priv, void * buf, unsigned int len);
+typedef int    (* obsRecvFn)    (void * priv, void * buf, unsigned int len);
+typedef int    (* obsSendInitFn)(void * priv, void * buf);
+typedef int    (* obsRecvInitFn)(void * priv, void * buf, unsigned int len,
+                                 SSMObscureBool * done);
+
+struct SSMObscureObjectStr {
+    void *	  privData;
+    obsDestroyFn  destroy;
+    obsSendFn     send;
+    obsRecvFn     recv;
+    obsSendInitFn sendInit;
+    obsRecvInitFn recvInit;
+};
+
+
+/* This is common to the beginning of all versions of the obscuring protocol */
+struct SSMInitMsgHdrStr {
+    short	version;
+    short	length;
+};
+
+typedef struct SSMInitMsgHdrStr SSMInitMsgHdr;
+
+extern obsInitFn SSMObscure_InitPrivate;
+

mozilla/security/psm/lib/protocol/protocol.h

@@ -0,0 +1,141 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  protocol.h - Definitions of various items to support the PSM protocol.
+ */
+
+#ifndef __PROTOCOL_H__
+#define __PROTOCOL_H__
+
+
+#include "rsrcids.h"
+
+#define SSMPRStatus SSMStatus
+#define SSMPR_SUCCESS SSM_SUCCESS
+#define SSMPR_FAILURE SSM_FAILURE
+
+#define SSMPR_INVALID_ARGUMENT_ERROR PR_INVALID_ARGUMENT_ERROR
+#define SSMPR_OUT_OF_MEMORY_ERROR    PR_OUT_OF_MEMORY_ERROR
+
+#define SSMPRInt32 PRInt32
+#define SSMPRUint32 PRUint32
+
+#define SSMPR_ntohl  PR_ntohl
+#define SSMPR_htonl  PR_htonl
+#define SSMPORT_Free   PORT_Free
+#define SSMPORT_ZAlloc PORT_ZAlloc
+
+#define SSMPR_SetError PR_SetError
+#define SSMPR_GetError PR_GetError
+#define SSMPORT_SetError PORT_SetError
+#define SSMPORT_GetError PORT_GetError
+
+/* 
+   Current version of PSM protocol. 
+   Increment this value when the protocol changes. 
+*/
+
+#define SSMSTRING_PADDED_LENGTH(x) ((((x)+3)/4)*4)
+#define SSMPORT_ZNEW(type) (type*)SSMPORT_ZAlloc(sizeof(type))
+#define SSMPORT_ZNewArray(type,size) (type*)SSMPORT_ZAlloc(sizeof(type)*(size))
+/* Various message structs */
+
+struct _SSMHelloRequest {
+  CMUint32          m_version; /* Protocol version supported by client */
+  struct _SSMString m_profileName; /* Name of user profile (where to find 
+				 certs etc) */
+};
+
+struct _SSMHelloReply {
+  CMInt32           m_result; /* Error, if any, which occurred 
+				 (0 == success) */
+  CMUint32          m_version; /* Protocol version supported by PSM */
+  struct _SSMString m_nonce; /* Session nonce -- must be written to data channels */
+};
+
+struct _SSMRequestSSLDataConnection
+{
+  CMUint32          m_flags; /* Flags to indicate to SSM what to do with
+				the connection */
+  CMUint32          m_port; /* Port number to connect to */
+  struct _SSMString m_hostIP; /* IP address of final target machine (not proxy) */
+  /* struct _SSMString m_hostName; Host name of target machine (for server auth) -- not accessed directly */
+};
+
+struct _SSMReplySSLDataConnection {
+  CMInt32 m_result; /* Error, if any, which occurred (0 == success) */
+  CMUint32 m_connectionID; /* Connection ID of newly opened channel */
+  CMUint32 m_port; /* Port number to which to connect on PSM */
+};
+
+
+struct _SSMRequestSecurityStatus {
+  CMUint32 m_connectionID; /* ID of connection of which to stat */
+};
+
+struct _SSMReplySecurityStatus {
+  CMInt32 m_result; /* Error, if any, which occurred (0 == success) */
+  CMUint32 m_keySize; /* Key size */
+  CMUint32 m_secretKeySize; /* Secret key size */
+  struct _SSMString m_cipherName; /* Name of cipher in use */
+  /* SSMString m_certificate; -- DER encoded cert
+     We do not access this as a field, we have to skip over m_cipherName */
+};
+
+/* 
+   Use this macro to jump over strings.
+   For example, if you wanted to access m_certificate above, 
+   use a line like the following:
+
+   char *ptr = &(reply->m_cipherName) + SSM_SIZEOF_STRING(reply->m_cipherName);
+*/
+#define SSM_SIZEOF_STRING(str) (SSMSTRING_PADDED_LENGTH(PR_ntohl((str).m_length)) + sizeof(CMUint32))
+
+
+typedef struct _SSMHelloRequest SSMHelloRequest;
+typedef struct _SSMHelloReply SSMHelloReply;
+typedef struct _SSMRequestSSLDataConnection SSMRequestSSLDataConnection;
+typedef struct _SSMReplySSLDataConnection SSMReplySSLDataConnection;
+typedef struct _SSMRequestSecurityStatus SSMRequestSecurityStatus;
+typedef struct _SSMReplySecurityStatus SSMReplySecurityStatus;
+
+/* 
+   Functions to convert between an SSMString and a C string.
+   Return values are allocated using PR_Malloc (which means that
+   SSMPR_Free must be used to free up the memory after use). 
+*/
+CMTStatus SSM_StringToSSMString(SSMString ** ssmString, int len, char * string);
+CMTStatus SSM_SSMStringToString(char ** string,int *len, SSMString * ssmString);
+
+
+#endif /* __PROTOCOL_H__ */

mozilla/security/psm/lib/protocol/protocolf.h

@@ -0,0 +1,359 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __PROTOCOLF_H__
+#define __PROTOCOLF_H__
+/*************************************************************************
+ * For each type of message, parse and pack function is provided. 
+ *
+ * Parse functions accept a ptr to the "blob" of data received from the 
+ * network and fill in fields of the message, numbers in host-order, strings
+ * as C-style NULL-terminated strings. Return SSMPRStatus. 
+ *
+ * Pack functions take all the info to construct a message and fill in a 
+ * ptr to the "blob" of data to be sent. Return length of the data blob, or 
+ * a zero in case of an error
+ *
+ * All functions set NSPR errors when necessary.
+ ************************************************************************/
+#include "protocol.h"
+#include "cert.h"
+
+SSMPRStatus SSM_ParseHelloRequest(void * helloRequest, 
+				  SSMPRUint32 * version, 
+				  PRBool * doesUI,
+				  PRInt32 * policyType,
+				  SSMPRUint32 * profileLen,
+				  char ** profile);
+SSMPRInt32 SSM_PackHelloReply(void ** helloReply, SSMPRInt32 result, 
+			      SSMPRUint32 sessionID, SSMPRUint32 version, 
+			      SSMPRUint32 httpPort, SSMPRUint32 nonceLen, 
+			      char * nonce, SSMPolicyType policy);
+
+/* Parse data connections requests */
+SSMPRStatus SSM_ParseSSLDataConnectionRequest(void *sslRequest, 
+					      SSMPRUint32 * flags, 
+					      SSMPRUint32 * port,
+					      SSMPRUint32 * hostIPLen,
+					      char ** hostIP, 
+					      SSMPRUint32 * hostNameLen,
+					      char ** hostName);
+SSMPRStatus SSM_ParseHashStreamRequest(void * hashStreamRequest,
+                                       SSMPRUint32 * type);
+SSMPRStatus SSM_ParseP7EncodeConnectionRequest(void *request,
+					       SSMPRUint32 *ciRID);
+/* Messages to initiate PKCS7 data connection */
+/* PKCS7DecodeRequest message has no data */ 
+
+/* Single data connection reply */
+SSMPRInt32 SSM_PackDataConnectionReply(void ** sslReply, 
+				       SSMPRInt32 result, 
+				       SSMPRUint32 connID, 
+				       SSMPRUint32 port);
+
+SSMPRStatus SSM_ParseSSLSocketStatusRequest(void * statusRequest, 
+					    SSMPRUint32 * connID);
+SSMPRInt32 SSM_PackSSLSocketStatusReply(void ** statusReply, 
+					SSMPRInt32 result, 
+					SSMPRUint32 resourceID);
+
+/* 
+ * UI event is an asynchroneous message sent from PSM server to the client
+ * NOTE: (context) is the actual context pointer, it is NOT a ptr-to-ptr.
+ * The value of (context) is copied into the packet.
+ */
+SSMPRInt32 SSM_PackUIEvent(void ** eventRequest, SSMPRUint32 resourceID, 
+			   SSMPRUint32 width, SSMPRUint32 height,
+			   SSMPRUint32 urlLen, char * url);
+
+SSMPRInt32 SSM_PackTaskCompletedEvent(void **event, SSMPRUint32 resourceID,
+                                     SSMPRUint32 numTasks, SSMPRUint32 result);
+
+/* Verify raw signature */
+
+SSMPRStatus SSM_ParseVerifyRawSigRequest(void * verifyRawSigRequest, 
+					 SSMPRUint32 * algorithmID,
+					 SSMPRUint32 * paramsLen, 
+					 unsigned char ** params,
+					 SSMPRUint32 * pubKeyLen,
+					 unsigned char ** pubKey,
+					 SSMPRUint32 * hashLen,
+					 unsigned char ** hash,
+					 SSMPRUint32 * signatureLen,
+					 unsigned char ** signature);
+SSMPRInt32 SSM_PackVerifyRawSigReply(void ** verifyRawSigReply, 
+				     SSMPRInt32 result);
+
+/* Verify detached signature */
+SSMPRStatus SSM_ParseVerifyDetachedSigRequest(void * request, 
+											  SSMPRInt32 * pkcs7ContentID,
+											  SSMPRInt32 * certUsage,
+											  SSMPRInt32 * hashAlgID,
+											  SSMPRUint32 * keepCert,
+											  SSMPRUint32 * digestLen,
+											  unsigned char ** hash);
+
+SSMPRInt32 SSM_PackVerifyDetachedSigReply(void ** verifyDetachedSigReply, 
+										  SSMPRInt32 result);
+
+/* PKCS#7 functions */
+SSMPRStatus SSM_ParseCreateSignedRequest(void *request,
+                                         SSMPRInt32 *scertRID,
+                                         SSMPRInt32 *ecertRID,
+                                         SSMPRUint32 *dig_alg,
+                                         SECItem **digest);
+
+SSMPRInt32 SSM_PackCreateSignedReply(void **reply, SSMPRInt32 ciRID,
+                                     SSMPRUint32 result);
+
+SSMPRStatus SSM_ParseCreateEncryptedRequest(void *request,
+					    SSMPRInt32 *scertRID,
+                                            SSMPRInt32 *nrcerts,
+					    SSMPRInt32 **rcertRIDs);
+
+SSMPRInt32 SSM_PackCreateEncryptedReply(void **reply, SSMPRInt32 ciRID,
+					SSMPRUint32 result);
+
+/* Resource functions */
+SSMPRStatus SSM_ParseCreateResourceRequest(void *request,
+                                           SSMPRUint32 *type,
+                                           unsigned char **params,
+                                           SSMPRUint32 *paramLen);
+
+SSMPRStatus SSM_PackCreateResourceReply(void **reply, SSMPRStatus rv,
+                                        SSMPRUint32 resID);
+
+SSMPRStatus SSM_ParseGetAttribRequest(void * getAttribRequest, 
+				      SSMPRUint32 * resourceID, 
+				      SSMPRUint32 * fieldID);
+
+void SSM_DestroyAttrValue(SSMAttributeValue *value, PRBool freeit);
+
+SSMPRInt32 SSM_PackGetAttribReply(void **getAttribReply,
+				  SSMPRInt32 result,
+				  SSMAttributeValue *value);
+SSMPRStatus SSM_ParseSetAttribRequest(SECItem *msg,
+				      SSMPRInt32 *resourceID,
+				      SSMPRInt32 *fieldID,
+				      SSMAttributeValue *value);
+/* Currently, there is no need for a pack version.  There is nothing to send
+ * back except for the notice that the operation was successful.
+ */
+				  
+				       
+				       
+/* Pickle and unpickle resources. */
+SSMPRStatus SSM_ParsePickleResourceRequest(void * pickleResourceRequest, 
+					  SSMPRUint32 * resourceID);
+SSMPRInt32 SSM_PackPickleResourceReply(void ** pickleResourceReply, 
+				       SSMPRInt32 result,
+				       SSMPRUint32 resourceLen,
+				       void * resource);
+SSMPRStatus SSM_ParseUnpickleResourceRequest(void * unpickleResourceRequest,
+					     SSMPRUint32 blobSize,
+					     SSMPRUint32 * resourceType,
+					     SSMPRUint32 * resourceLen,
+					     void ** resource);
+SSMPRInt32 SSM_PackUnpickleResourceReply(void ** unpickleResourceReply, 
+					   SSMPRInt32 result, 
+					   SSMPRUint32 resourceID);
+
+/* Destroy resource */
+SSMPRStatus SSM_ParseDestroyResourceRequest(void * destroyResourceRequest, 
+					    SSMPRUint32 * resourceID, 
+					    SSMPRUint32 * resourceType);
+SSMPRInt32 SSM_PackDestroyResourceReply(void ** destroyResourceReply, 
+                                        SSMPRInt32 result);
+
+/* Duplicate resource */
+SSMPRStatus SSM_ParseDuplicateResourceRequest(void * request, 
+					      SSMPRUint32 * resourceID);
+SSMPRInt32 SSM_PackDuplicateResourceReply(void ** reply, SSMPRInt32 result,
+					  SSMPRUint32 resID);
+
+/* Cert actions */
+typedef struct MatchUserCertRequestData {
+    PRUint32 certType;
+    PRInt32 numCANames;
+    char ** caNames;
+} MatchUserCertRequestData;
+
+typedef struct SSMCertList {
+    PRCList certs;
+    PRInt32 count;
+} SSMCertList;
+
+typedef struct SSMCertListElement {
+    PRCList links;
+    PRUint32 certResID;
+} SSMCertListElement;
+
+#define SSM_CERT_LIST_ELEMENT_PTR(_q) (SSMCertListElement*)(_q);
+
+SSMPRStatus SSM_ParseVerifyCertRequest(void * verifyCertRequest, 
+				       SSMPRUint32 * resourceID, 
+				       SSMPRInt32 * certUsage);
+SSMPRInt32 SSM_PackVerifyCertReply(void ** verifyCertReply, 
+			           SSMPRInt32 result);
+
+SSMPRStatus SSM_ParseImportCertRequest(void * importCertRequest, 
+				       SSMPRUint32 * blobLen, 
+				       void ** certBlob);
+SSMPRInt32 SSM_PackImportCertReply(void ** importCertReply, SSMPRInt32 result, 
+				   SSMPRUint32 resourceID);
+PRStatus SSM_ParseFindCertByNicknameRequest(void *request, char ** nickname);
+PRInt32 SSM_PackFindCertByNicknameReply(void ** reply, PRUint32 resourceID);
+PRStatus SSM_ParseFindCertByKeyRequest(void *request, SECItem ** key);
+PRInt32 SSM_PackFindCertByKeyReply(void ** reply, PRUint32 resourceID);
+PRStatus SSM_ParseFindCertByEmailAddrRequest(void *request, char ** emailAddr);
+PRInt32 SSM_PackFindCertByEmailAddrReply(void ** reply, PRUint32 resourceID);
+PRStatus SSM_ParseAddTempCertToDBRequest(void *request, PRUint32 *resourceID, char ** nickname, PRInt32 *ssl, PRInt32 *email, PRInt32 *objectSigning);
+PRInt32 SSM_PackAddTempCertToDBReply(void ** reply);
+PRStatus SSM_ParseMatchUserCertRequest(void *request, MatchUserCertRequestData** data);
+PRInt32 SSM_PackMatchUserCertReply(void **reply, SSMCertList * certList);
+
+SSMPRInt32 SSM_PackErrorMessage(void ** errorReply, SSMPRInt32 result);
+
+
+/* PKCS11 actions */
+SSMPRStatus SSM_ParseKeyPairGenRequest(void *keyPairGenRequest, 
+				       SSMPRInt32 requestLen,
+				       SSMPRUint32 *keyPairCtxtID,
+				       SSMPRUint32 *genMechanism,
+				       SSMPRUint32 *keySize,
+				       unsigned char **params, 
+				       SSMPRUint32 *paramLen);
+
+SSMPRInt32 SSM_PackKeyPairGenResponse(void ** keyPairGenResponse, 
+				      SSMPRUint32 keyPairId);
+
+PRStatus
+SSM_ParseFinishKeyGenRequest(void    *finishKeyGenRequest,
+                             PRInt32  requestLen,
+                             PRInt32 *keyGenContext);
+
+/* CMMF/CRMF Actions */
+SSMPRStatus SSM_ParseCreateCRMFReqRequest(void        *crmfReqRequest,
+					  SSMPRInt32   requestLen,
+					  SSMPRUint32 *keyPairId);
+
+SSMPRInt32 SSM_PackCreateCRMFReqReply(void        **crmfReqReply,
+				      SSMPRUint32   crmfReqId);
+
+SSMPRStatus SSM_ParseEncodeCRMFReqRequest(void         *encodeReq,
+					  SSMPRInt32    requestLen,
+					  SSMPRUint32 **crmfReqId,
+					  SSMPRInt32   *numRequests);
+
+SSMPRInt32 SSM_PackEncodeCRMFReqReply(void        **encodeReply,
+				      char         *crmfDER,
+				      SSMPRUint32   derLen);
+
+SSMPRStatus SSM_ParseCMMFCertResponse(void        *encodedRes,
+				      SSMPRInt32   encodeLen,
+				      char       **nickname,
+				      char       **base64Der,
+				      PRBool      *doBackup);
+
+PRStatus SSM_ParsePOPChallengeRequest(void     *challenge,
+				      PRInt32   len,
+				      char    **responseString);
+PRInt32 SSM_PackPOPChallengeResponse(void   **response,
+				     char    *responseString,
+				     PRInt32  responseStringLen);
+
+PRInt32 SSM_PackPasswdRequest(void ** passwdRequest, PRInt32 tokenID,
+                              char * prompt, PRInt32 promptLen);
+PRStatus SSM_ParsePasswordReply(void * passwdReply, PRInt32 * result, 
+                                PRInt32 * tokenID,
+                                char ** passwd, PRInt32 * passwdLen);
+
+/* Sign Text Actions */
+typedef struct {
+    char *stringToSign;
+    char *hostName;
+    char *caOption;
+    PRInt32 numCAs;
+    char **caNames;
+} signTextRequestData;
+
+PRStatus SSM_ParseSignTextRequest(void* signTextRequest, PRInt32 len, PRUint32* resID, signTextRequestData ** data);
+
+PRStatus SSM_ParseGetLocalizedTextRequest(void               *data,
+                                          SSMLocalizedString *whichString);  
+
+PRInt32 SSM_PackGetLocalizedTextResponse(void               **data,
+					 SSMLocalizedString   whichString,
+					 char                *retString);
+
+PRStatus SSM_ParseAddNewSecurityModuleRequest(void          *data, 
+					      char         **moduleName,
+					      char         **libraryPath, 
+					      unsigned long *pubMechFlags,
+					      unsigned long *pubCipherFlags);
+
+PRInt32 SSM_PackAddNewModuleResponse(void **data, PRInt32 rv);
+
+PRStatus SSM_ParseDeleteSecurityModuleRequest(void *data, char **moduleName);
+
+PRInt32 SSM_PackDeleteModuleResponse(void **data, PRInt32 moduleType);
+
+PRInt32 SSM_PackFilePathRequest(void **data, PRInt32 resID, char *prompt,
+				PRBool shouldFileExist, char *fileSuffix);
+
+PRStatus SSM_ParseFilePathReply(void *message, char **filePath,
+				PRInt32 *rid);
+
+PRInt32 SSM_PackPromptRequestEvent(void **data, PRInt32 resID, char *prompt);
+PRStatus SSM_ParsePasswordPromptReply(void *data, PRInt32 *resID, 
+				      char **reply);
+
+/* messages for importing certs *the traditional way* */
+PRInt32 SSM_PackDecodeCertReply(void ** data, PRInt32 certID);
+PRStatus SSM_ParseDecodeCertRequest(void * data, PRInt32 * len, 
+					char ** buffer);
+PRStatus SSM_ParseGetKeyChoiceListRequest(void * data, PRUint32 dataLen, 
+					  char ** type, PRUint32 *typeLen, 
+					  char ** pqgString, PRUint32 *pqgLen);
+PRInt32 SSM_PackGetKeyChoiceListReply(void **data, char ** list);
+
+PRStatus SSM_ParseGenKeyOldStyleRequest(void * data, PRUint32 datalen, 
+					char ** choiceString, 
+					char ** challenge, 
+					char ** typeString, 
+					char ** pqgString);
+PRInt32 SSM_PackGenKeyOldStyleReply(void ** data, char * keydata);
+
+PRStatus SSM_ParseDecodeAndCreateTempCertRequest(void * data, 
+			char ** certbuf, PRUint32 * certlen, int * certClass);
+
+#endif /*PROTOCOLF_H_*/

mozilla/security/psm/lib/protocol/protocolnspr20.h

@@ -0,0 +1,74 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*****************************************************************************
+ *
+ *
+ *
+ *****************************************************************************
+ */
+
+#ifndef NULL
+#define NULL 0x00000000
+#endif
+
+#define SSMPR_BYTES_PER_INT  4
+#define SSMPR_BYTES_PER_LONG  4
+
+/******************************************************************
+ *  No NSPR - define all the SSMPR values and functions here   
+ ******************************************************************
+ */
+
+#define SSMPRStatus PRStatus
+#define SSMPR_SUCCESS PR_SUCCESS
+#define SSMPR_FAILURE PR_FAILURE
+
+#define SSMPR_INVALID_ARGUMENT_ERROR PR_INVALID_ARGUMENT_ERROR
+#define SSMPR_OUT_OF_MEMORY_ERROR    PR_OUT_OF_MEMORY_ERROR
+
+#define SSMPRInt32 PRInt32
+#define SSMPRUint32 PRUint32
+
+#define SSMPR_ntohl  PR_ntohl
+#define SSMPR_htonl  PR_htonl
+#define SSMPORT_Free   PORT_Free
+#define SSMPORT_ZAlloc PORT_ZAlloc
+
+#define SSMPR_SetError PR_SetError
+#define SSMPR_GetError PR_GetError
+#define SSMPORT_SetError PORT_SetError
+#define SSMPORT_GetError PORT_GetError
+
+
+
+

mozilla/security/psm/lib/protocol/protocolport.c

@@ -0,0 +1,49 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*************************************************************************
+ *
+ * PSM portable run-time. (Used when NSPR20 is not available.)
+ *
+ *************************************************************************
+ */
+
+SSMPRInt32 ssmprErrno;
+
+void SSMPORT_SetError(SSMPRInt32 errorcode) 
+{ ssmprErrno = errorcode; }  
+
+
+SSMPRInt32 SSMPORT_GetError(void)
+{ return ssmprErrno; }
+
+

mozilla/security/psm/lib/protocol/protocolport.h

@@ -0,0 +1,93 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*****************************************************************************
+ *
+ *
+ *
+ *****************************************************************************
+ */
+
+#ifndef NULL
+#define NULL 0x00000000
+#endif
+
+#define SSMPR_BYTES_PER_INT  4
+#define SSMPR_BYTES_PER_LONG  4
+
+/******************************************************************
+ *  No NSPR - define all the SSMPR values and functions here   
+ ******************************************************************
+ */
+
+typedef enum { SSMPR_SUCCESS = 0,  SSMPR_FAILURE = -1 } SSMPRStatus;
+enum { 
+  SSMPR_INVALID_ARGUMENT_ERROR = -6000,
+  SSMPR_OUT_OF_MEMORY_ERROR =  -5987
+};
+
+#if SSMPR_BYTES_PER_INT == 4
+typedef unsigned int SSMPRUint32;
+typedef int SSMPRInt32; 
+#elif SSMPR_BYTES_PER_LONG == 4
+typedef unsigned long SSMPRUint32;
+typedef long SSMPRInt32;
+#else
+#error No suitable type for SSMPRInt32/SSMPRUint32
+#endif
+
+/*******************************************************************
+ * Use libc functions instead 
+ *******************************************************************
+ */
+#include <sys/types.h>
+#ifdef WIN32
+#include <winsock.h>
+#else
+#include <netinet/in.h>
+#endif
+#define SSMPR_ntohl  ntohl
+#define SSMPR_htonl  htonl
+
+#include <stdlib.h>
+#define SSMPORT_Free   free
+#define SSMPR_sprint   printf
+#define SSMPORT_ZAlloc malloc
+
+extern SSMPRInt32 ssmprErrno;
+#define SSMPR_SetError(x, y) SSMPORT_SetError(x)
+#define SSMPR_GetError SSMPORT_GetError
+void SSMPORT_SetError(SSMPRInt32 errorcode);
+
+
+
+

mozilla/security/psm/lib/protocol/protocolshr.c

@@ -0,0 +1,169 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "string.h"
+#include "protocol.h"
+#include "protocolshr.h"
+#include "messages.h"
+
+/* Forward ref */
+static void encrypt(CMTItem *data);
+static void decrypt(CMTItem *data);
+
+const char *kPrefix = "Encrypted";
+
+/* encryption request */
+CMTStatus
+CMT_DoEncryptionRequest(CMTItem *message)
+{
+  CMTStatus rv = CMTSuccess;
+  EncryptRequestMessage request;
+  EncryptReplyMessage reply;
+  CMUint32 pLen = strlen(kPrefix);
+
+  /* Initialize */
+  request.keyid.data = 0;
+  request.data.data = 0;
+  reply.item.data = 0;
+
+  /* Decode incoming message */
+  rv = CMT_DecodeMessage(EncryptRequestTemplate, &request, message);
+  if (rv != CMTSuccess) goto loser;  /* Protocol error */
+
+  /* Free incoming message */
+  free(message->data);
+  message->data = NULL;
+
+  /* "Encrypt" by prefixing the data */
+  reply.item.len = request.data.len + pLen;
+  reply.item.data = calloc(reply.item.len, 1);
+  if (!reply.item.data) {
+	rv = CMTFailure;
+	goto loser;
+  }
+
+  if (pLen) memcpy(reply.item.data, kPrefix, pLen);
+  encrypt(&request.data);
+  memcpy(&reply.item.data[pLen], request.data.data, request.data.len);
+  
+  /* Generate response */
+  message->type = SSM_SDR_ENCRYPT_REPLY;
+  rv = CMT_EncodeMessage(EncryptReplyTemplate, message, &reply);
+  if (rv != CMTSuccess) goto loser;  /* Unknown error */
+
+loser:
+  if (request.keyid.data) free(request.keyid.data);
+  if (request.data.data) free(request.data.data);
+  if (request.ctx.data) free(request.ctx.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv;
+}
+
+/* decryption request */
+CMTStatus
+CMT_DoDecryptionRequest(CMTItem *message)
+{
+  CMTStatus rv = CMTSuccess;
+  DecryptRequestMessage request;
+  DecryptReplyMessage reply;
+  CMUint32 pLen = strlen(kPrefix);
+
+  /* Initialize */
+  request.data.data = 0;
+  request.ctx.data = 0;
+  reply.item.data = 0;
+
+  /* Decode the message */
+  rv = CMT_DecodeMessage(DecryptRequestTemplate, &request, message);
+  if (rv != CMTSuccess) goto loser;
+
+  /* Free incoming message */
+  free(message->data);
+  message->data = NULL;
+
+  /* "Decrypt" the message by removing the key */
+  if (pLen && memcmp(request.data.data, kPrefix, pLen) != 0) {
+    rv = CMTFailure;  /* Invalid format */
+    goto loser;
+  }
+
+  reply.item.len = request.data.len - pLen;
+  reply.item.data = calloc(reply.item.len, 1);
+  if (!reply.item.data) { rv = CMTFailure;  goto loser; }
+
+  memcpy(reply.item.data, &request.data.data[pLen], reply.item.len);
+  decrypt(&reply.item);
+
+  /* Create reply message */
+  message->type = SSM_SDR_DECRYPT_REPLY;
+  rv = CMT_EncodeMessage(DecryptReplyTemplate, message, &reply);
+  if (rv != CMTSuccess) goto loser;
+
+loser:
+  if (request.data.data) free(request.data.data);
+  if (request.ctx.data) free(request.ctx.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv;
+}
+
+/* "encrypt" */
+static unsigned char mask[64] = {
+ 0x73, 0x46, 0x1a, 0x05, 0x24, 0x65, 0x43, 0xb4, 0x24, 0xee, 0x79, 0xc1, 0xcc,
+ 0x49, 0xc7, 0x27, 0x11, 0x91, 0x2e, 0x8f, 0xaa, 0xf7, 0x62, 0x75, 0x41, 0x7e,
+ 0xb2, 0x42, 0xde, 0x1b, 0x42, 0x7b, 0x1f, 0x33, 0x49, 0xca, 0xd1, 0x6a, 0x85,
+ 0x05, 0x6c, 0xf9, 0x0e, 0x3e, 0x72, 0x02, 0xf2, 0xd8, 0x9d, 0xa1, 0xb8, 0x6e,
+ 0x03, 0x18, 0x3e, 0x82, 0x86, 0x34, 0x1a, 0x61, 0xd9, 0x65, 0xb6, 0x7f
+};
+
+static void
+encrypt(CMTItem *data)
+{
+  unsigned int i, j;
+
+  j = 0;
+  for(i = 0;i < data->len;i++)
+  {
+    data->data[i] ^= mask[j];
+
+    if (++j >= 64) j = 0;
+  }
+}
+
+static void
+decrypt(CMTItem *data)
+{
+  encrypt(data);
+}
+
+

mozilla/security/psm/lib/protocol/protocolshr.h

@@ -0,0 +1,48 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  protocolshr.h - Definitions of shared routines for both client and server
+    These are mostly for testing.
+ */
+
+#ifndef __PROTOCOLSHR_H__
+#define __PROTOCOLSHR_H__
+
+CMTStatus
+CMT_DoEncryptionRequest(CMTItem *message);
+
+CMTStatus
+CMT_DoDecryptionRequest(CMTItem *meessage);
+
+
+#endif /* __PROTOCOLSHR_H__ */

mozilla/security/psm/lib/protocol/protocoltest.c

@@ -0,0 +1,207 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "protocolf.h"
+#include <stdio.h>
+  
+ 
+int main() 
+{
+  void * blob, * recvd;
+  int blobSize;
+  SSMPRUint32 version, flags, port, connID, keySize, secretKeySize;
+  SSMPRUint32 sessionID, httpPort;
+  SSMPRInt32 result;
+  char *profile, * nonce, * hostIP, * hostName, * cipher, * CA;
+  SSMPRStatus rv;
+  
+  
+  /*
+   * Test functions to pack and parse HelloRequest message 
+   */
+  version = 3;
+  profile = (char *)SSMPORT_ZAlloc(strlen("profile"));
+  sprintf(profile, "profile");
+  printf("HelloRequest, packing version #%d, profile %s\n", 
+	 version, profile);
+  blobSize = SSM_PackHelloRequest(&blob, version, profile);
+  if (!blobSize)
+    printf("Error in PackHelloRequest: %d\n", SSMPR_GetError());
+  SSMPORT_Free(profile);
+  version = 0;
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseHelloRequest(recvd, &version, &profile);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseHelloRequest: %d\n", SSMPR_GetError());
+  printf("HelloRequest, parsing version #%d, profile %s\n", 
+	 version, profile);
+
+
+  /* 
+   * Test functions to parse and pack HelloReply message
+   */
+  version = 5;
+  result = 2;
+  sessionID = 34567;
+  httpPort = 87654;
+  nonce = (char *)SSMPORT_ZAlloc(strlen("some secret nonce"));
+  sprintf(nonce, "some secret nonce");
+  printf("HelloReply, packing result %d, sessionID %d, version #%d, httpPort %d,\n nonce %s\n", 
+	 result, sessionID, version, httpPort, nonce);
+  blobSize = SSM_PackHelloReply(&blob, result, sessionID, version, httpPort, 
+				nonce);
+  if (!blobSize) 
+    printf("Error in PackHelloReply: %d\n", SSMPR_GetError());
+  memset(nonce, 0, strlen(nonce));
+  SSMPORT_Free(nonce);
+  version = result = sessionID = httpPort = 0;
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseHelloReply(recvd, &result, &sessionID, &version, &httpPort, 
+			   &nonce);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseHelloReply: %d\n", SSMPR_GetError());
+  printf("HelloReply, parsing result %d, sessionID %d, version #%d, httpPort %d, \n nonce %s\n", 
+	 result, sessionID, version, httpPort, nonce);
+  
+  /*
+   * Test functions to parse and pack SSLDataConnectionRequest message
+   */
+  flags = 0x00044000;
+  port = 34567;
+  hostIP = (char *)SSMPORT_ZAlloc(strlen("somehostIP"));
+  sprintf(hostIP, "somehostIP");
+  hostName = (char *)SSMPORT_ZAlloc(strlen("somehostName"));
+  sprintf(hostName, "somehostName");
+  printf("SSLDataConnRequest, packing flags %x, port %d, hostIP %s, hostName %s\n", 
+	 flags, port, hostIP, hostName);
+  blobSize = SSM_PackSSLDataConnectionRequest(&blob, flags, port, hostIP, 
+					  hostName);
+  if (!blobSize) 
+    printf("Error in PackSSLDataConnectionRequest: %d\n", SSMPR_GetError());
+  SSMPORT_Free(hostIP);
+  SSMPORT_Free(hostName);
+  flags = port = 0;
+  
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);  
+  
+  rv = SSM_ParseSSLDataConnectionRequest(recvd, &flags, &port, &hostIP, 
+					 &hostName);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseSSLDataConnectionRequest: %d\n", SSMPR_GetError());
+  printf(
+"SSLDataConnRequest, parsing flags %x, port %d, hostIP %s, hostName %s\n", 
+	 flags, port, hostIP, hostName);
+  SSMPORT_Free(hostIP);
+  SSMPORT_Free(hostName);
+  
+  
+  /*
+   * Test functions to parse and pack SSLDataConnectionReply message 
+   */
+  result = 2;
+  connID = 713259;
+  port = 57402;
+  printf("SSLDataConnReply, packing result %d, connectionID %d, port %d\n",
+	 result, connID, port);
+  blobSize = SSM_PackSSLDataConnectionReply(&blob, result, connID, port);
+  if (!blobSize) 
+    printf("Error in PackSSLDataConnReply: %d\n", SSMPR_GetError());
+  result = connID = port = 0;
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseSSLDataConnectionReply(recvd, &result, &connID, &port);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseSSLDataConnectionReply: %d\n", SSMPR_GetError());
+  printf("SSLDataConnReply, parsing result %d, connectionID %d, port %d\n", 
+	 result, connID, port);
+  
+  
+  /* 
+   * Test functions to parse and pack SecurityStatusRequest message
+   */
+  connID = 45375;
+  printf("SecurityStatusRequest, packing connection ID %d\n", connID);
+  blobSize = SSM_PackSecurityStatusRequest(&blob, connID);
+  if (!blobSize)  
+    printf("Error in PackSecurityStatusRequest: %d\n", SSMPR_GetError());
+  connID = 0;
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseSecurityStatusRequest(recvd, &connID);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseSecurityStatusRequest: %d\n", SSMPR_GetError());
+  printf("SecurityStatusRequest, parsing connection ID %d\n", connID);
+  
+
+  /* 
+   * Test functions to parse and pack SecurityStatusReply message 
+   */
+  result = 2;
+  keySize = 256;
+  secretKeySize = 511;
+  cipher = (char *)SSMPORT_ZAlloc(strlen("My Cipher"));
+  sprintf(cipher, "My Cipher");
+  CA = (char *)SSMPORT_ZAlloc(strlen("My CA issuer"));
+  sprintf(CA, "My CA issuer");
+  printf("SecurityStatusReply, packing result %d, keysize %d, secretKeySize %d, cipher %s, CA %s\n", result, keySize, secretKeySize, cipher, CA);
+  blobSize = SSM_PackSecurityStatusReply(&blob, result, keySize, secretKeySize, cipher, CA);
+  if (!blobSize) 
+    printf("Error in PackSecurityStatusReply: %d\n", SSMPR_GetError());
+  result = keySize = secretKeySize = 0;
+  SSMPORT_Free(cipher);
+  SSMPORT_Free(CA);
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseSecurityStatusReply(recvd, &result, &keySize, &secretKeySize, 
+				    &cipher, &CA);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseSecurityStatusReply: %d\n", SSMPR_GetError());
+  printf("SecurityStatusReply, parsing result %d, keysize %d, secretKeySize %d, cipher %s, CA %s\n", result, keySize, secretKeySize, cipher, CA);
+}     
+
+
+

mozilla/security/psm/lib/protocol/protocolutil.c

@@ -0,0 +1,130 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "protocol.h"
+#include "prmem.h"
+#include "prnetdb.h"
+#include <string.h>
+
+#ifndef NSPR20
+#include "protocolport.c"
+#endif
+
+CMStatus SSM_SSMStringToString(char ** string,
+			       int *len, 
+			       SSMString * ssmString) 
+{
+  char * str = NULL;
+  int realLen;
+  PRStatus rv =PR_SUCCESS;
+
+  if (!ssmString || !string ) { 
+    rv = PR_INVALID_ARGUMENT_ERROR;
+    goto loser;
+  }
+
+  /* in case we fail */
+  *string = NULL;
+  if (len) *len = 0;
+
+  /* Convert from net byte order */
+  realLen = SSMPR_ntohl(ssmString->m_length);
+
+  str = (char *)PR_CALLOC(realLen+1); /* add 1 byte for end 0 */
+  if (!str) {
+    rv = PR_OUT_OF_MEMORY_ERROR;
+    goto loser;
+  }
+  
+  memcpy(str, (char *) &(ssmString->m_data), realLen);
+  /* str[realLen]=0; */
+
+  if (len) *len = realLen;
+  *string = str;
+  return rv;
+  
+loser:
+  if (str) 
+    PR_Free(str);
+  if (string && *string) {
+    PR_Free(*string);
+    *string = NULL;
+  }
+  if (rv == PR_SUCCESS) 
+    rv = PR_FAILURE;
+  return rv;
+}
+
+
+CMStatus SSM_StringToSSMString(SSMString ** ssmString, int length, 
+				  char * string)
+{
+  SSMPRUint32 len;
+  SSMString *result = NULL;
+  PRStatus rv = PR_SUCCESS;
+  
+  if (!string || !ssmString) {
+    rv = PR_INVALID_ARGUMENT_ERROR;
+    goto loser;
+  }
+
+  *ssmString = NULL; /* in case we fail */
+
+  if (length) len = length; 
+  else len = strlen(string);
+  if (len <= 0) {
+    rv = PR_INVALID_ARGUMENT_ERROR;
+    goto loser;
+  }
+  result = (SSMString *) PR_CALLOC(sizeof(PRUint32) + 
+				   SSMSTRING_PADDED_LENGTH(len));
+  if (!result) {
+    rv = PR_OUT_OF_MEMORY_ERROR;
+    goto loser;
+  }
+
+  result->m_length = SSMPR_htonl(len);
+  memcpy((char *) (&(result->m_data)), string, len);
+
+  *ssmString = result;
+  goto done;
+  
+loser:
+  if (result)
+    PR_Free(result);
+  *ssmString = NULL;
+  if (rv == PR_SUCCESS)
+    rv = PR_FAILURE;
+done:
+  return rv;
+}
+

mozilla/security/psm/lib/protocol/rsrcids.h

@@ -0,0 +1,171 @@
+/* -*- mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __SSM_RSRCIDS_H__
+#define __SSM_RSRCIDS_H__
+
+#include "ssmdefs.h"
+
+/*
+ * IMPORTANT:
+ *
+ * To preserve backward compatibility as much as possible, always add new 
+ * values to either one of the enumeration tables at the end of the table.
+ */
+
+typedef enum 
+{
+    SSM_RESTYPE_NULL = 0L,
+    SSM_RESTYPE_RESOURCE,
+    SSM_RESTYPE_CONNECTION,
+    SSM_RESTYPE_CONTROL_CONNECTION,
+    SSM_RESTYPE_DATA_CONNECTION,
+    SSM_RESTYPE_SSL_DATA_CONNECTION,
+    SSM_RESTYPE_PKCS7_DECODE_CONNECTION,
+    SSM_RESTYPE_PKCS7_ENCODE_CONNECTION,
+    SSM_RESTYPE_HASH_CONNECTION,
+    
+    SSM_RESTYPE_CERTIFICATE,
+    SSM_RESTYPE_SSL_SOCKET_STATUS,
+    SSM_RESTYPE_PKCS7_CONTENT_INFO,
+    SSM_RESTYPE_KEY_PAIR,
+    SSM_RESTYPE_CRMF_REQUEST,
+    SSM_RESTYPE_KEYGEN_CONTEXT,
+    SSM_RESTYPE_SECADVISOR_CONTEXT,
+    SSM_RESTYPE_SIGNTEXT,
+    SSM_RESTYPE_PKCS12_CONTEXT,
+
+    SSM_RESTYPE_SDR_CONTEXT,  /* Internal - Not used by client protocol */
+
+    SSM_RESTYPE_MAX
+} SSMResourceType;
+
+/* Attribute/resource types */
+
+/* Attribute IDs */
+typedef enum
+{
+    SSM_FID_NULL = (CMUint32) 0, /* placeholder */
+
+    /* Connection attributes */
+    SSM_FID_CONN_ALIVE,
+    SSM_FID_CONN_PARENT,
+
+    /* Data connection attributes */
+    SSM_FID_CONN_DATA_PENDING,
+
+    /* SSL data connection attributes */
+    SSM_FID_SSLDATA_SOCKET_STATUS,
+    SSM_FID_SSLDATA_ERROR_VALUE,
+
+    /* PKCS7 decode connection attributes */
+    SSM_FID_P7CONN_CONTENT_INFO,
+    SSM_FID_P7CONN_RETURN_VALUE,
+    SSM_FID_P7CONN_ERROR_VALUE,
+
+    /* Hash connection attributes */
+    SSM_FID_HASHCONN_RESULT,
+
+    /* Certificate attributes */
+    SSM_FID_CERT_SUBJECT_NAME,
+    SSM_FID_CERT_ISSUER_NAME,
+    SSM_FID_CERT_SERIAL_NUMBER,
+    SSM_FID_CERT_EXP_DATE,
+    SSM_FID_CERT_FINGERPRINT,
+    SSM_FID_CERT_COMMON_NAME,
+    SSM_FID_CERT_NICKNAME,
+    SSM_FID_CERT_ORG_NAME,
+    SSM_FID_CERT_HTML_CERT,
+    SSM_FID_CERT_PICKLE_CERT,
+    SSM_FID_CERT_CERTKEY,
+    SSM_FID_CERT_FIND_CERT_ISSUER,
+    SSM_FID_CERT_EMAIL_ADDRESS,
+    SSM_FID_CERT_ISPERM,
+
+    /* SSL socket status attributes */
+    SSM_FID_SSS_KEYSIZE,
+    SSM_FID_SSS_SECRET_KEYSIZE,
+    SSM_FID_SSS_CERT_ID,
+    SSM_FID_SSS_CIPHER_NAME,
+    SSM_FID_SSS_SECURITY_LEVEL,
+    SSM_FID_SSS_HTML_STATUS,
+
+    /* PKCS7 content info attributes */
+    SSM_FID_P7CINFO_IS_SIGNED,
+    SSM_FID_P7CINFO_IS_ENCRYPTED,
+    SSM_FID_P7CINFO_SIGNER_CERT,
+
+    /* CRMF ID's */
+    SSM_FID_CRMFREQ_REGTOKEN,
+    SSM_FID_CRMFREQ_AUTHENTICATOR,
+    SSM_FID_CRMFREQ_EXTENSIONS,
+    SSM_FID_CRMFREQ_KEY_TYPE,
+    SSM_FID_CRMFREQ_DN,
+
+    /* Security advisor context */
+    SSM_FID_SECADVISOR_URL,
+    SSM_FID_SECADVISOR_WIDTH,
+    SSM_FID_SECADVISOR_HEIGHT,
+
+    /* Sign Text */
+    SSM_FID_SIGNTEXT_RESULT,
+
+    /* Key Gen ID's */
+    SSM_FID_KEYGEN_ESCROW_AUTHORITY,
+
+    /* Key Pair ID's */
+    SSM_FID_KEYPAIR_KEY_GEN_TYPE,
+
+    /* Session Attributes */
+    SSM_FID_DEFAULT_EMAIL_RECIPIENT_CERT,
+    SSM_FID_DEFAULT_EMAIL_SIGNER_CERT,
+
+    /* Client Context Attribute */
+    SSM_FID_CLIENT_CONTEXT,
+
+	/* Resource Error */
+	SSM_FID_RESOURCE_ERROR,
+
+    SSM_FID_KEYGEN_SLOT_NAME,
+    SSM_FID_DISABLE_ESCROW_WARN,
+    SSM_FID_KEYGEN_TOKEN_NAME,
+
+    SSM_FID_SSLDATA_DISCARD_SOCKET_STATUS,
+    SSM_FID_CHOOSE_TOKEN_URL,
+    SSM_FID_INIT_DB_URL,
+    SSM_FID_SSS_CA_NAME,
+
+    SSM_FID_MAX /* placeholder */
+} SSMAttributeID;
+
+#endif

mozilla/security/psm/lib/protocol/ssmdefs.h

@@ -0,0 +1,331 @@
+/* -*- mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __SSMDEFS_H__
+#define __SSMDEFS_H__
+
+/* Basic type definitions for both client and server. */
+typedef long CMInt32;
+typedef unsigned long CMUint32;
+typedef long SSMResourceID;
+
+typedef int SSMStatus;
+
+#define PSM_PORT                        11111
+#define PSM_DATA_PORT                   11113 /* needs to be removed */
+ 
+typedef enum _CMTStatus {
+  CMTFailure = -1,
+  CMTSuccess = 0
+} CMTStatus;
+
+typedef enum {
+   CM_FALSE = 0,
+   CM_TRUE = 1
+} CMBool;
+ 
+typedef struct CMTItemStr {
+  CMUint32 type;
+  unsigned char *data;
+  unsigned int len;
+} CMTItem;
+
+/* A length-encoded string. */
+struct _SSMString {
+  CMUint32 m_length;
+  char m_data;
+};
+typedef struct _SSMString SSMString;
+
+#define SSM_PROTOCOL_VERSION 0x00000051
+
+#define SSM_INVALID_RESOURCE 0x00000000
+#define SSM_GLOBAL_RESOURCE  0x00000001
+#define SSM_SESSION_RESOURCE 0x00000002
+
+/* Message category flags */
+#define SSM_REQUEST_MESSAGE     0x10000000
+#define SSM_REPLY_OK_MESSAGE    0x20000000
+#define SSM_REPLY_ERR_MESSAGE   0x30000000
+#define SSM_EVENT_MESSAGE       0x40000000
+
+/* Message types */
+#define SSM_DATA_CONNECTION   0x00001000
+#define SSM_OBJECT_SIGNING    0x00002000
+#define SSM_RESOURCE_ACTION   0x00003000
+#define SSM_CERT_ACTION       0x00004000
+#define SSM_PKCS11_ACTION     0x00005000
+#define SSM_CRMF_ACTION       0x00006000
+#define SSM_FORMSIGN_ACTION   0x00007000
+#define SSM_LOCALIZED_TEXT    0x00008000
+#define SSM_HELLO_MESSAGE     0x00009000
+#define SSM_SECURITY_ADVISOR  0x0000a000
+#define SSM_SEC_CFG_ACTION    0x0000b000
+#define SSM_KEYGEN_TAG        0x0000c000
+#define SSM_PREF_ACTION       0x0000d000
+#define SSM_MISC_ACTION       0x0000f000
+
+/* Data connection messages subtypes */ 
+#define SSM_SSL_CONNECTION      0x00000100
+#define SSM_PKCS7DECODE_STREAM  0x00000200
+#define SSM_PKCS7ENCODE_STREAM  0x00000300
+#define SSM_HASH_STREAM         0x00000400
+#define SSM_TLS_CONNECTION      0x00000500
+#define SSM_PROXY_CONNECTION    0x00000600
+
+/* Object signing message subtypes */
+#define SSM_VERIFY_RAW_SIG      0x00000100
+#define SSM_VERIFY_DETACHED_SIG 0x00000200
+#define SSM_CREATE_SIGNED       0x00000300
+#define SSM_CREATE_ENCRYPTED    0x00000400
+
+/* Resource access messages subtypes  */
+#define SSM_CREATE_RESOURCE           0x00000100
+#define SSM_DESTROY_RESOURCE          0x00000200
+#define SSM_GET_ATTRIBUTE             0x00000300
+#define SSM_CONSERVE_RESOURCE         0x00000400
+#define SSM_DUPLICATE_RESOURCE        0x00000500
+#define SSM_SET_ATTRIBUTE             0x00000600
+#define SSM_TLS_STEPUP                0x00000700
+#define SSM_PROXY_STEPUP              0x00000800
+
+/* Further specification for resource access messages */
+#define SSM_SSLSocket_Status    0x00000010
+
+#define SSM_NO_ATTRIBUTE        0x00000000
+#define SSM_NUMERIC_ATTRIBUTE   0x00000010
+#define SSM_STRING_ATTRIBUTE    0x00000020
+#define SSM_RID_ATTRIBUTE       0x00000030
+
+#define SSM_PICKLE_RESOURCE             0x00000010
+#define SSM_UNPICKLE_RESOURCE           0x00000020
+#define SSM_PICKLE_SECURITY_STATUS      0x00000030
+
+/* Certificate access message subtypes */
+#define SSM_IMPORT_CERT         0x00000100
+#define SSM_VERIFY_CERT         0x00000200
+#define SSM_FIND_BY_NICKNAME    0x00000300
+#define SSM_FIND_BY_KEY         0x00000400
+#define SSM_FIND_BY_EMAILADDR   0x00000500
+#define SSM_ADD_TO_DB           0x00000600
+#define SSM_DECODE_CERT         0x00000700
+#define SSM_MATCH_USER_CERT     0x00000800
+#define SSM_DESTROY_CERT        0x00000900
+#define SSM_DECODE_TEMP_CERT    0x00000a00
+#define SSM_REDIRECT_COMPARE    0x00000b00
+#define SSM_DECODE_CRL          0x00000c00
+#define SSM_EXTENSION_VALUE     0x00000d00
+#define SSM_HTML_INFO           0x00000e00
+
+/* message subtypes used for KEYGEN form tag */
+#define SSM_GET_KEY_CHOICE       0x00000100
+#define SSM_KEYGEN_START         0x00000200
+#define SSM_KEYGEN_TOKEN         0x00000300
+#define SSM_KEYGEN_PASSWORD      0x00000400
+#define SSM_KEYGEN_DONE          0x00000500
+
+#define SSM_CREATE_KEY_PAIR    0x00000100
+#define SSM_FINISH_KEY_GEN     0x00000200
+#define SSM_ADD_NEW_MODULE     0x00000300
+#define SSM_DEL_MODULE         0x00000400
+#define SSM_LOGOUT_ALL         0x00000500
+#define SSM_ENABLED_CIPHERS    0x00000600
+
+#define SSM_CREATE_CRMF_REQ    0x00000100
+#define SSM_DER_ENCODE_REQ     0x00000200
+#define SSM_PROCESS_CMMF_RESP  0x00000300
+#define SSM_CHALLENGE          0x00000400
+
+#define SSM_SIGN_TEXT  0x00000100
+
+/* Security Config subtypes */
+#define SSM_ADD_CERT_TO_TEMP_DB     0x00000100
+#define SSM_ADD_TEMP_CERT_TO_DB     0x00000200
+#define SSM_DELETE_PERM_CERTS       0x00000300
+#define SSM_FIND_CERT_KEY           0x00000400
+#define SSM_GET_CERT_PROP_BY_KEY    0x00000500
+#define SSM_CERT_INDEX_ENUM         0x00000600
+
+/* subcategories for SSM_FIND_CERT_KEY and SSM_CERT_INDEX_ENUM */
+#define SSM_FIND_KEY_BY_NICKNAME    0x00000010
+#define SSM_FIND_KEY_BY_EMAIL_ADDR  0x00000020
+#define SSM_FIND_KEY_BY_DN          0x00000030
+
+/* subcategories for SSM_GET_CERT_PROP_BY_KEY */
+#define SSM_SECCFG_GET_NICKNAME      0x00000010
+#define SSM_SECCFG_GET_EMAIL_ADDR    0x00000020
+#define SSM_SECCFG_GET_DN            0x00000030
+#define SSM_SECCFG_GET_TRUST         0x00000040
+#define SSM_SECCFG_CERT_IS_PERM      0x00000050
+#define SSM_SECCFG_GET_NOT_BEFORE    0x00000060
+#define SSM_SECCFG_GET_NOT_AFTER     0x00000070
+#define SSM_SECCFG_GET_SERIAL_NO     0x00000080
+#define SSM_SECCFG_GET_ISSUER        0x00000090
+#define SSM_SECCFG_GET_ISSUER_KEY    0x000000a0
+#define SSM_SECCFG_GET_SUBJECT_NEXT  0x000000b0
+#define SSM_SECCFG_GET_SUBJECT_PREV  0x000000c0
+
+/* Misc requests */
+#define SSM_MISC_GET_RNG_DATA      0x00000100
+#define SSM_MISC_PUT_RNG_DATA      0x00000200
+#define SSM_MISC_SDR_ENCRYPT       0x00000300
+#define SSM_MISC_SDR_DECRYPT       0x00000400
+#define SSM_MISC_UI                0x00000500
+
+/* specific UI requests */
+#define SSM_UI_CHANGE_PASSWORD     0x00000010
+
+#define SSM_SDR_ENCRYPT_REQUEST \
+  (SSM_REQUEST_MESSAGE|SSM_MISC_ACTION|SSM_MISC_SDR_ENCRYPT)
+#define SSM_SDR_ENCRYPT_REPLY \
+  (SSM_REPLY_OK_MESSAGE|SSM_MISC_ACTION|SSM_MISC_SDR_ENCRYPT)
+#define SSM_SDR_DECRYPT_REQUEST \
+  (SSM_REQUEST_MESSAGE|SSM_MISC_ACTION|SSM_MISC_SDR_DECRYPT)
+#define SSM_SDR_DECRYPT_REPLY \
+  (SSM_REPLY_OK_MESSAGE|SSM_MISC_ACTION|SSM_MISC_SDR_DECRYPT)
+
+/* Type masks for message types */
+#define SSM_CATEGORY_MASK   0xF0000000
+#define SSM_TYPE_MASK       0x0000F000
+#define SSM_SUBTYPE_MASK    0x00000F00
+#define SSM_SPECIFIC_MASK   0x000000F0
+
+typedef struct SSMAttributeValue {
+  CMUint32 type;
+  union {
+    SSMResourceID rid;
+    CMTItem string;
+    CMInt32 numeric;
+  } u;
+} SSMAttributeValue;
+
+typedef enum {
+  rsaEnc, rsaDualUse, rsaSign, rsaNonrepudiation, rsaSignNonrepudiation,
+  dhEx, dsaSignNonrepudiation, dsaSign, dsaNonrepudiation, invalidKeyGen
+} SSMKeyGenType;
+
+typedef enum {
+  ssmUnknownPolicy= -1,ssmDomestic=0, ssmExport=1, ssmFrance=2
+} SSMPolicyType;
+
+/* These are the localized strings that PSM can feed back to 
+ * the plug-in.  These will initially be used by the plug-in for 
+ * JavaScript purposes to pop up alert/confirm dialogs that would 
+ * cause nightmares to do if we sent UI events.
+ */
+typedef enum {
+  SSM_STRING_BAD_PK11_LIB_PARAM,
+  SSM_STRING_BAD_PK11_LIB_PATH,
+  SSM_STRING_ADD_MOD_SUCCESS,
+  SSM_STRING_DUP_MOD_FAILURE,
+  SSM_STRING_ADD_MOD_FAILURE,
+  SSM_STRING_BAD_MOD_NAME,
+  SSM_STRING_EXT_MOD_DEL,
+  SSM_STRING_INT_MOD_DEL,
+  SSM_STRING_MOD_DEL_FAIL,
+  SSM_STRING_ADD_MOD_WARN,
+  SSM_STRING_MOD_PROMPT,
+  SSM_STRING_DLL_PROMPT,
+  SSM_STRING_DEL_MOD_WARN,
+  SSM_STRING_INVALID_CRL,
+  SSM_STRING_INVALID_CKL,
+  SSM_STRING_ROOT_CKL_CERT_NOT_FOUND,
+  SSM_STRING_BAD_CRL_SIGNATURE,
+  SSM_STRING_BAD_CKL_SIGNATURE,
+  SSM_STRING_ERR_ADD_CRL,
+  SSM_STRING_ERR_ADD_CKL,
+  SSM_STRING_JAVASCRIPT_DISABLED
+} SSMLocalizedString;
+
+/* Event types */
+#define SSM_UI_EVENT                    0x00001000
+#define SSM_TASK_COMPLETED_EVENT        0x00002000
+#define SSM_FILE_PATH_EVENT             0x00003000
+#define SSM_PROMPT_EVENT                0x00004000
+#define SSM_AUTH_EVENT                  0x00007000
+#define SSM_SAVE_PREF_EVENT             0x00008000
+#define SSM_MISC_EVENT                  0x0000f000
+
+/* Flags used in Create SSL Data request */
+#define SSM_REQUEST_SSL_DATA_SSL         0x00000001
+#define SSM_REQUEST_SSL_DATA_PROXY       0x00000002
+#define SSM_REQUEST_SSL_CONNECTION_MASK  0x00000003
+
+/* Create typedefs for the various #defines */
+typedef CMUint32 SSMMessageCategory;
+typedef CMUint32 SSMMessageType;
+typedef CMUint32 SSMDataConnectionSType;
+typedef CMUint32 SSMObjSignSType;
+typedef CMUint32 SSMResourceAccessSType;
+typedef CMUint32 SSMCreateResource;
+typedef CMUint32 SSMResourceAttrType;
+typedef CMUint32 SSMResourceConsv;
+typedef CMUint32 SSMCertAccessSType;
+typedef CMUint32 SSMKeyGenTagProcessType;
+typedef CMUint32 SSMPKCS11Actions;
+typedef CMUint32 SSMCRMFAction;
+typedef CMUint32 SSMFormSignAction;
+typedef CMUint32 SSMSecCfgAction;
+typedef CMUint32 SSMSecCfgFindByType;
+typedef CMUint32 SSMSecCfgGetCertPropType;
+typedef CMUint32 SSMMiscRequestType;
+typedef CMUint32 SSMMessageMaskType;
+typedef CMUint32 SSMEventType;
+typedef CMUint32 SSMSSLConnectionRequestType;
+
+/*
+ * This string is version that can be used to assemble any
+ * version information by the apllication using the protocol 
+ * library.
+ */
+extern char SSMVersionString[];
+#ifdef __cplusplus
+extern "C" {
+char * SSM_GetVersionString(void);
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+/* What type of client */
+typedef enum
+{
+    SSM_NOINFO,
+    SSM_COMPOSE,
+    SSM_MAIL_MESSAGE,
+    SSM_NEWS_MESSAGE,
+    SSM_SNEWS_MESSAGE,
+    SSM_BROWSER
+} SSMClientType;
+
+#endif /* __SSMDEFS_H__ */

mozilla/security/psm/lib/protocol/templates.c

@@ -0,0 +1,628 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#include "stddef.h"
+#include "messages.h"
+
+CMTMessageTemplate SingleNumMessageTemplate[] =
+{
+  { CMT_DT_INT, offsetof(SingleNumMessage, value) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate SingleStringMessageTemplate[] =
+{
+  { CMT_DT_STRING, offsetof(SingleStringMessage, string) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate SingleItemMessageTemplate[] =
+{
+  { CMT_DT_ITEM, offsetof(SingleItemMessage, item) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate HelloRequestTemplate[] =
+{
+  { CMT_DT_INT, offsetof(HelloRequest, version) },
+  { CMT_DT_INT, offsetof(HelloRequest, policy) },
+  { CMT_DT_BOOL, offsetof(HelloRequest, doesUI) },
+  { CMT_DT_STRING, offsetof(HelloRequest, profile) },
+  { CMT_DT_STRING, offsetof(HelloRequest, profileDir) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate HelloReplyTemplate[] =
+{
+  { CMT_DT_INT, offsetof(HelloReply, result) },
+  { CMT_DT_INT, offsetof(HelloReply, sessionID) },
+  { CMT_DT_INT, offsetof(HelloReply, version) },
+  { CMT_DT_STRING, offsetof(HelloReply, stringVersion) },
+  { CMT_DT_INT, offsetof(HelloReply, httpPort) },
+  { CMT_DT_INT, offsetof(HelloReply, policy) },
+  { CMT_DT_ITEM, offsetof(HelloReply, nonce) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate SSLDataConnectionRequestTemplate[] =
+{
+  { CMT_DT_INT, offsetof(SSLDataConnectionRequest, flags) },
+  { CMT_DT_INT, offsetof(SSLDataConnectionRequest, port) },
+  { CMT_DT_STRING, offsetof(SSLDataConnectionRequest, hostIP) },
+  { CMT_DT_STRING, offsetof(SSLDataConnectionRequest, hostName) },
+  { CMT_DT_BOOL, offsetof(SSLDataConnectionRequest, forceHandshake) },
+  { CMT_DT_ITEM, offsetof(SSLDataConnectionRequest, clientContext) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate TLSDataConnectionRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(TLSDataConnectionRequest, port) },
+    { CMT_DT_STRING, offsetof(TLSDataConnectionRequest, hostIP) },
+    { CMT_DT_STRING, offsetof(TLSDataConnectionRequest, hostName) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate TLSStepUpRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(TLSStepUpRequest, connID) },
+    { CMT_DT_ITEM, offsetof(TLSStepUpRequest, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate ProxyStepUpRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(ProxyStepUpRequest, connID) },
+    { CMT_DT_ITEM, offsetof(ProxyStepUpRequest, clientContext) },
+    { CMT_DT_STRING, offsetof(ProxyStepUpRequest, url) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PKCS7DataConnectionRequestTemplate[] =
+{
+  { CMT_DT_INT, offsetof(PKCS7DataConnectionRequest, resID) },
+  { CMT_DT_ITEM, offsetof(PKCS7DataConnectionRequest, clientContext) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate DataConnectionReplyTemplate[] =
+{
+  { CMT_DT_INT, offsetof(DataConnectionReply, result) },
+  { CMT_DT_INT, offsetof(DataConnectionReply, connID) },
+  { CMT_DT_INT, offsetof(DataConnectionReply, port) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate UIEventTemplate[] =
+{
+    { CMT_DT_INT, offsetof(UIEvent, resourceID) },
+    { CMT_DT_INT, offsetof(UIEvent, width) },
+    { CMT_DT_INT, offsetof(UIEvent, height) },
+    { CMT_DT_BOOL, offsetof(UIEvent, isModal) },
+    { CMT_DT_STRING, offsetof(UIEvent, url) },
+    { CMT_DT_ITEM, offsetof(UIEvent, clientContext) },
+    { CMT_DT_END }
+};
+
+/*
+ * The old UI Event was missing the modal indication.
+ * As a transition aid, we use the old template if the
+ * "modern" version doesn't work.  Model is true in that case
+ */
+CMTMessageTemplate OldUIEventTemplate[] =
+{
+    { CMT_DT_INT, offsetof(UIEvent, resourceID) },
+    { CMT_DT_INT, offsetof(UIEvent, width) },
+    { CMT_DT_INT, offsetof(UIEvent, height) },
+    { CMT_DT_STRING, offsetof(UIEvent, url) },
+    { CMT_DT_ITEM, offsetof(UIEvent, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate TaskCompletedEventTemplate[] =
+{
+    { CMT_DT_INT, offsetof(TaskCompletedEvent, resourceID) },
+    { CMT_DT_INT, offsetof(TaskCompletedEvent, numTasks) },
+    { CMT_DT_INT, offsetof(TaskCompletedEvent, result) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate VerifyDetachedSigRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(VerifyDetachedSigRequest, pkcs7ContentID) },
+    { CMT_DT_INT, offsetof(VerifyDetachedSigRequest, certUsage) },
+    { CMT_DT_INT, offsetof(VerifyDetachedSigRequest, hashAlgID) },
+    { CMT_DT_BOOL, offsetof(VerifyDetachedSigRequest, keepCert) },
+    { CMT_DT_ITEM, offsetof(VerifyDetachedSigRequest, hash) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateSignedRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(CreateSignedRequest, scertRID) },
+    { CMT_DT_INT, offsetof(CreateSignedRequest, ecertRID) },
+    { CMT_DT_INT, offsetof(CreateSignedRequest, dig_alg) },
+    { CMT_DT_ITEM, offsetof(CreateSignedRequest, digest) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateContentInfoReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(CreateContentInfoReply, ciRID) },
+    { CMT_DT_INT, offsetof(CreateContentInfoReply, result) },
+    { CMT_DT_INT, offsetof(CreateContentInfoReply, errorCode) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateEncryptedRequestTemplate[] =
+{
+  { CMT_DT_INT, offsetof(CreateEncryptedRequest, scertRID) },
+  { CMT_DT_LIST, offsetof(CreateEncryptedRequest, nrcerts) },
+  { CMT_DT_INT, offsetof(CreateEncryptedRequest, rcertRIDs) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateResourceRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(CreateResourceRequest, type) },
+    { CMT_DT_ITEM, offsetof(CreateResourceRequest, params) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateResourceReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(CreateResourceReply, result) },
+    { CMT_DT_INT, offsetof(CreateResourceReply, resID) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetAttribRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(GetAttribRequest, resID) },
+    { CMT_DT_INT, offsetof(GetAttribRequest, fieldID) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetAttribReplyTemplate[] =
+{
+  { CMT_DT_INT, offsetof(GetAttribReply, result) },
+  { CMT_DT_CHOICE, offsetof(GetAttribReply, value.type) },
+  { CMT_DT_RID, offsetof(GetAttribReply, value.u.rid), 0, SSM_RID_ATTRIBUTE },
+  { CMT_DT_INT, offsetof(GetAttribReply, value.u.numeric), 0,
+    SSM_NUMERIC_ATTRIBUTE },
+  { CMT_DT_ITEM, offsetof(GetAttribReply, value.u.string), 0,
+    SSM_STRING_ATTRIBUTE},
+  { CMT_DT_END_CHOICE },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate SetAttribRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(SetAttribRequest, resID) },
+    { CMT_DT_INT, offsetof(SetAttribRequest, fieldID) },
+    { CMT_DT_CHOICE, offsetof(SetAttribRequest, value.type) },
+    { CMT_DT_RID, offsetof(SetAttribRequest, value.u.rid), 0, SSM_RID_ATTRIBUTE },
+    { CMT_DT_INT, offsetof(SetAttribRequest, value.u.numeric), 0,
+                            SSM_NUMERIC_ATTRIBUTE },
+    { CMT_DT_ITEM, offsetof(SetAttribRequest, value.u.string), 0,
+                            SSM_STRING_ATTRIBUTE},
+    { CMT_DT_END_CHOICE },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PickleResourceReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PickleResourceReply, result) },
+    { CMT_DT_ITEM, offsetof(PickleResourceReply, blob) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate UnpickleResourceRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(UnpickleResourceRequest, resourceType) },
+    { CMT_DT_ITEM, offsetof(UnpickleResourceRequest, resourceData) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate UnpickleResourceReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(UnpickleResourceReply, result) },
+    { CMT_DT_INT, offsetof(UnpickleResourceReply, resID) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PickleSecurityStatusReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PickleSecurityStatusReply, result) },
+    { CMT_DT_INT, offsetof(PickleSecurityStatusReply, securityLevel) },
+    { CMT_DT_ITEM, offsetof(PickleSecurityStatusReply, blob) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate DupResourceReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(DupResourceReply, result) },
+    { CMT_DT_RID, offsetof(DupResourceReply, resID), 0, SSM_RID_ATTRIBUTE },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate DestroyResourceRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(DestroyResourceRequest, resID) },
+    { CMT_DT_INT, offsetof(DestroyResourceRequest, resType) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate VerifyCertRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(VerifyCertRequest, resID) },
+    { CMT_DT_INT, offsetof(VerifyCertRequest, certUsage) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate AddTempCertToDBRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(AddTempCertToDBRequest, resID) },
+    { CMT_DT_STRING, offsetof(AddTempCertToDBRequest, nickname) },
+    { CMT_DT_INT, offsetof(AddTempCertToDBRequest, sslFlags) },
+    { CMT_DT_INT, offsetof(AddTempCertToDBRequest, emailFlags) },
+    { CMT_DT_INT, offsetof(AddTempCertToDBRequest, objSignFlags) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate MatchUserCertRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(MatchUserCertRequest, certType) },
+    { CMT_DT_LIST, offsetof(MatchUserCertRequest, numCANames) },
+    { CMT_DT_STRING, offsetof(MatchUserCertRequest, caNames) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate MatchUserCertReplyTemplate[] =
+{
+    { CMT_DT_LIST, offsetof(MatchUserCertReply, numCerts) },
+    { CMT_DT_INT, offsetof(MatchUserCertReply, certs) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate EncodeCRMFReqRequestTemplate[] =
+{
+    { CMT_DT_LIST, offsetof(EncodeCRMFReqRequest, numRequests) },
+    { CMT_DT_INT, offsetof(EncodeCRMFReqRequest, reqIDs) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CMMFCertResponseRequestTemplate[] =
+{
+    { CMT_DT_STRING, offsetof(CMMFCertResponseRequest, nickname) },
+    { CMT_DT_STRING, offsetof(CMMFCertResponseRequest, base64Der) },
+    { CMT_DT_INT,    offsetof(CMMFCertResponseRequest, doBackup) },
+    { CMT_DT_ITEM,   offsetof(CMMFCertResponseRequest, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PasswordRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PasswordRequest, tokenKey) },
+    { CMT_DT_STRING, offsetof(PasswordRequest, prompt) },
+    { CMT_DT_ITEM, offsetof(PasswordRequest, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PasswordReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PasswordReply, result) },
+    { CMT_DT_INT, offsetof(PasswordReply, tokenID) },
+    { CMT_DT_STRING, offsetof(PasswordReply, passwd) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate KeyPairGenRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(KeyPairGenRequest, keyGenCtxtID) },
+    { CMT_DT_INT, offsetof(KeyPairGenRequest, genMechanism) },
+    { CMT_DT_INT, offsetof(KeyPairGenRequest, keySize) },
+    { CMT_DT_ITEM, offsetof(KeyPairGenRequest, params) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate DecodeAndCreateTempCertRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(DecodeAndCreateTempCertRequest, type) },
+    { CMT_DT_ITEM, offsetof(DecodeAndCreateTempCertRequest, cert) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStyleRequestTemplate[] =
+{
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleRequest, choiceString) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleRequest, challenge) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleRequest, typeString) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleRequest, pqgString) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStyleTokenRequestTemplate[] = 
+{
+    { CMT_DT_INT,  offsetof(GenKeyOldStyleTokenRequest, rid)       },
+    { CMT_DT_LIST,  offsetof(GenKeyOldStyleTokenRequest, numtokens) },
+    { CMT_DT_STRING,offsetof(GenKeyOldStyleTokenRequest, tokenNames)},
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStyleTokenReplyTemplate[] = 
+{
+    { CMT_DT_INT, offsetof(GenKeyOldStyleTokenReply, rid) },
+    { CMT_DT_BOOL, offsetof(GenKeyOldStyleTokenReply, cancel) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleTokenReply, tokenName) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStylePasswordRequestTemplate[] = 
+{
+    { CMT_DT_INT, offsetof(GenKeyOldStylePasswordRequest, rid) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStylePasswordRequest, tokenName) },
+    { CMT_DT_BOOL, offsetof(GenKeyOldStylePasswordRequest, internal) },
+    { CMT_DT_INT, offsetof(GenKeyOldStylePasswordRequest, minpwdlen) },
+    { CMT_DT_INT, offsetof(GenKeyOldStylePasswordRequest, maxpwdlen) }, 
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStylePasswordReplyTemplate[] = 
+{
+    { CMT_DT_INT, offsetof(GenKeyOldStylePasswordReply, rid) },
+    { CMT_DT_BOOL, offsetof(GenKeyOldStylePasswordReply, cancel) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStylePasswordReply, password) },
+    { CMT_DT_END }
+};
+
+
+CMTMessageTemplate GetKeyChoiceListRequestTemplate[] =
+{
+    { CMT_DT_STRING, offsetof(GetKeyChoiceListRequest, type) },
+    { CMT_DT_STRING, offsetof(GetKeyChoiceListRequest, pqgString) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetKeyChoiceListReplyTemplate[] =
+{
+    { CMT_DT_LIST, offsetof(GetKeyChoiceListReply, nchoices) },
+    { CMT_DT_STRING, offsetof(GetKeyChoiceListReply, choices) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate AddNewSecurityModuleRequestTemplate[] =
+{
+    { CMT_DT_STRING, offsetof(AddNewSecurityModuleRequest, moduleName) },
+    { CMT_DT_STRING, offsetof(AddNewSecurityModuleRequest, libraryPath) },
+    { CMT_DT_INT, offsetof(AddNewSecurityModuleRequest, pubMechFlags) },
+    { CMT_DT_INT, offsetof(AddNewSecurityModuleRequest, pubCipherFlags) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate FilePathRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(FilePathRequest, resID) },
+    { CMT_DT_STRING, offsetof(FilePathRequest, prompt) },
+    { CMT_DT_BOOL, offsetof(FilePathRequest, getExistingFile) },
+    { CMT_DT_STRING, offsetof(FilePathRequest, fileRegEx) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate FilePathReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(FilePathReply, resID) },
+    { CMT_DT_STRING, offsetof(FilePathReply, filePath) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PasswordPromptReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PasswordPromptReply, resID) },
+    { CMT_DT_STRING, offsetof(PasswordPromptReply, promptReply) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SignTextRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(SignTextRequest, resID) },
+    { CMT_DT_STRING, offsetof(SignTextRequest, stringToSign) },
+    { CMT_DT_STRING, offsetof(SignTextRequest, hostName) },
+    { CMT_DT_STRING, offsetof(SignTextRequest, caOption) },
+    { CMT_DT_LIST, offsetof(SignTextRequest, numCAs) },
+    { CMT_DT_STRING, offsetof(SignTextRequest, caNames) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetLocalizedTextReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(GetLocalizedTextReply, whichString) },
+    { CMT_DT_STRING, offsetof(GetLocalizedTextReply, localizedString) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate ImportCertReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(ImportCertReply, result) },
+    { CMT_DT_INT, offsetof(ImportCertReply, resID) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PromptRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PromptRequest, resID) },
+    { CMT_DT_STRING, offsetof(PromptRequest, prompt) },
+    { CMT_DT_ITEM, offsetof(PromptRequest, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PromptReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PromptReply, resID) },
+    { CMT_DT_BOOL, offsetof(PromptReply, cancel) },
+    { CMT_DT_STRING, offsetof(PromptReply, promptReply) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate RedirectCompareRequestTemplate[] =
+{
+    { CMT_DT_ITEM, offsetof(RedirectCompareRequest, socketStatus1Data) },
+    { CMT_DT_ITEM, offsetof(RedirectCompareRequest, socketStatus2Data) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate DecodeAndAddCRLRequestTemplate[] = 
+{
+    { CMT_DT_ITEM,   offsetof(DecodeAndAddCRLRequest, derCrl) },
+    { CMT_DT_INT,    offsetof(DecodeAndAddCRLRequest, type)   },
+    { CMT_DT_STRING, offsetof(DecodeAndAddCRLRequest, url)    },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SecurityAdvisorRequestTemplate[] =
+{
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, infoContext) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, resID) },
+    { CMT_DT_STRING, offsetof(SecurityAdvisorRequest, hostname) },
+    { CMT_DT_STRING, offsetof(SecurityAdvisorRequest, senderAddr) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, encryptedP7CInfo) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, signedP7CInfo) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, decodeError) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, verifyError) },
+    { CMT_DT_BOOL,   offsetof(SecurityAdvisorRequest, encryptthis) },
+    { CMT_DT_BOOL,   offsetof(SecurityAdvisorRequest, signthis) },
+    { CMT_DT_LIST,	offsetof(SecurityAdvisorRequest, numRecipients) },
+    { CMT_DT_STRING, offsetof(SecurityAdvisorRequest, recipients) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SCAddTempCertToPermDBRequestTemplate[] =
+{
+    { CMT_DT_ITEM, offsetof(SCAddTempCertToPermDBRequest, certKey) },
+    { CMT_DT_STRING, offsetof(SCAddTempCertToPermDBRequest, trustStr) },
+    { CMT_DT_STRING, offsetof(SCAddTempCertToPermDBRequest, nickname) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SCDeletePermCertsRequestTemplate[] =
+{
+    { CMT_DT_ITEM, offsetof(SCDeletePermCertsRequest, certKey) },
+    { CMT_DT_BOOL, offsetof(SCDeletePermCertsRequest, deleteAll) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate TimeMessageTemplate[] =
+{
+    { CMT_DT_INT, offsetof(TimeMessage, year) },
+    { CMT_DT_INT, offsetof(TimeMessage, month) },
+    { CMT_DT_INT, offsetof(TimeMessage, day) },
+    { CMT_DT_INT, offsetof(TimeMessage, hour) },
+    { CMT_DT_INT, offsetof(TimeMessage, minute) },
+    { CMT_DT_INT, offsetof(TimeMessage, second) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SCCertIndexEnumReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(SCCertIndexEnumReply, length) },
+    { CMT_DT_STRUCT_PTR, offsetof(SCCertIndexEnumReply, list) },
+    { CMT_DT_STRING, offsetof(CertEnumElement, name) },
+    { CMT_DT_ITEM, offsetof(CertEnumElement, certKey) },
+    { CMT_DT_END_STRUCT_LIST },
+    { CMT_DT_END }
+};
+
+/* Test template */
+
+CMTMessageTemplate TestListTemplate[] = 
+{
+	{ CMT_DT_STRING, offsetof(TestList, listName) },
+	{ CMT_DT_STRUCT_LIST, offsetof(TestList, numElements) },
+	{ CMT_DT_STRUCT_PTR, offsetof(TestList, elements) },
+	{ CMT_DT_STRING, offsetof(TestListElement, name) },
+	{ CMT_DT_STRING, offsetof(TestListElement, value) },
+	{ CMT_DT_END_STRUCT_LIST},
+	{ CMT_DT_END}
+};
+
+CMTMessageTemplate SetPrefListMessageTemplate[] =
+{
+    { CMT_DT_STRUCT_LIST, offsetof(SetPrefListMessage, length) },
+    { CMT_DT_STRUCT_PTR, offsetof(SetPrefListMessage, list) },
+    { CMT_DT_STRING, offsetof(SetPrefElement, key) },
+    { CMT_DT_STRING, offsetof(SetPrefElement, value) },
+    { CMT_DT_INT, offsetof(SetPrefElement, type) },
+    { CMT_DT_END_STRUCT_LIST },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetPrefListRequestTemplate[] =
+{
+    { CMT_DT_STRUCT_LIST, offsetof(GetPrefListRequest, length) },
+    { CMT_DT_STRUCT_PTR, offsetof(GetPrefListRequest, list) },
+    { CMT_DT_STRING, offsetof(GetPrefElement, key) },
+    { CMT_DT_INT, offsetof(GetPrefElement, type) },
+    { CMT_DT_END_STRUCT_LIST },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetCertExtensionTemplate[] =
+{
+    { CMT_DT_INT, offsetof(GetCertExtension, resID) },
+    { CMT_DT_INT, offsetof(GetCertExtension, extension) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate HTMLCertInfoRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(HTMLCertInfoRequest, certID) },
+    { CMT_DT_INT, offsetof(HTMLCertInfoRequest, showImages) },
+    { CMT_DT_INT, offsetof(HTMLCertInfoRequest, showIssuer) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate EncryptRequestTemplate[] =
+{
+  { CMT_DT_ITEM, offsetof(EncryptRequestMessage, keyid) },
+  { CMT_DT_ITEM, offsetof(EncryptRequestMessage, data) },
+  { CMT_DT_ITEM, offsetof(EncryptRequestMessage, ctx) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate DecryptRequestTemplate[] =
+{
+  { CMT_DT_ITEM, offsetof(DecryptRequestMessage, data) },
+  { CMT_DT_ITEM, offsetof(DecryptRequestMessage, ctx) },
+  { CMT_DT_END }
+};

mozilla/security/psm/macbuild/PSM.Prefix

@@ -0,0 +1,4 @@
+/* Optimized prefix */
+#include "MacPrefix.h"
+#include "NSSCommon.h"
+#include "PSMCommon.h"

mozilla/security/psm/macbuild/PSM.exp

@@ -0,0 +1,3 @@
+SSM_CreateAndRegisterThread
+SSM_KillAllThreads
+RunMacPSM

mozilla/security/psm/macbuild/PSMCommon.h

@@ -0,0 +1,2 @@
+/* placeholder until we figure out what defines we need for PSM */
+/* #define HAVE_LONG_LONG */

mozilla/security/psm/macbuild/PSMDebug.Prefix

@@ -0,0 +1,4 @@
+/* Optimized prefix */
+#include "MacPrefix_debug.h"
+#include "NSSCommon.h"
+#include "PSMCommon.h"

mozilla/security/psm/makefile.win

@@ -0,0 +1,98 @@
+#
+# The contents of this file are subject to the Netscape Public License
+# Version 1.1 (the "NPL"); you may not use this file except in
+# compliance with the NPL.  You may obtain a copy of the NPL at
+# http://www.mozilla.org/NPL/
+# 
+# Software distributed under the NPL is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL
+# for the specific language governing rights and limitations under the
+# NPL.
+# 
+# The Initial Developer of this code under the NPL is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation.  All Rights
+# Reserved.
+#
+
+#
+# An NMAKE file to set up and adjust NSPR20's build system for
+# Client build.  Client build should invoke NMAKE on this file
+# instead of invoking gmake directly.
+#
+
+DEPTH = ..\..
+include <$(DEPTH)\config\config.mak>
+
+#
+# Backslashes are escape characters to gmake, so flip all backslashes
+# in $(MOZ_TOOLS) to forward slashes and pass that to gmake.
+#
+
+GMAKE = $(MOZ_TOOLS)\bin\gmake.exe
+
+GMAKE_FLAGS = MOZ_TOOLS_FLIPPED=$(MOZ_TOOLS:\=/) PR_CLIENT_BUILD=1 PR_CLIENT_BUILD_WINDOWS=1 OBJDIR_NAME=$(OBJDIR) 
+
+#
+# The Client's debug build uses MSVC's debug runtime library (/MDd).
+#
+
+!ifdef MOZ_DEBUG
+!else
+GMAKE_FLAGS = $(GMAKE_FLAGS) BUILD_OPT=1
+!endif
+
+!if "$(MOZ_BITS)" == "16"
+GMAKE_FLAGS = $(GMAKE_FLAGS) OS_TARGET=WIN16
+!else
+
+GMAKE_FLAGS = $(GMAKE_FLAGS) OS_TARGET=WIN95
+!ifdef MOZ_DEBUG
+!ifdef MOZ_NO_DEBUG_RTL
+!IF "$(CPU)" == "ALPHA"
+PR_OBJDIR = WIN954.0ALPHA_DBG.OBJ
+!else
+PR_OBJDIR = WIN954.0_DBG.OBJ
+!endif
+!else
+GMAKE_FLAGS = $(GMAKE_FLAGS) USE_DEBUG_RTL=1
+!IF "$(CPU)" == "ALPHA"
+PR_OBJDIR = WIN954.0ALPHA_DBG.OBJD
+!else
+PR_OBJDIR = WIN954.0_DBG.OBJD
+!endif
+!endif
+!else
+!IF "$(CPU)" == "ALPHA"
+PR_OBJDIR = WIN954.0ALPHA_OPT.OBJ
+!else
+PR_OBJDIR = WIN954.0_OPT.OBJ
+!endif
+!endif
+
+!endif
+ 
+
+#
+# The rules.  Simply invoke gmake with the same target.
+# The default target is 'all'.  For Win16, set up the
+# environment to use the Watcom compiler, Watcom headers,
+# and Watcom libs.
+#
+
+all:: export libs install
+
+depend::
+
+export libs install clobber clobber_all clean:: 
+!if "$(MOZ_BITS)" == "16"
+	set PATH=%WATCPATH%
+	set INCLUDE=%WATC_INC%
+	set LIB=%WATC_LIB%
+!endif
+	$(GMAKE) $(GMAKE_FLAGS) $@
+!if "$(MOZ_BITS)" == "16"
+	set PATH=%MSVCPATH%
+	set INCLUDE=%MSVC_INC%
+	set LIB=%MSVC_LIB%
+!endif

mozilla/security/psm/manifest.mn

@@ -0,0 +1,40 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+CORE_DEPTH = ..
+DEPTH      = ../..
+
+RELEASE = security
+
+DIRS = lib ui server
+
+