[Fedora-directory-commits] esc/src/app/xpcom CoolKeyCSP.cpp, 1.2, 1.3 CoolKeyCSP.h, 1.1.1.1, 1.2 Makefile.moz, 1.3, 1.4 openkey.h, 1.1.1.1, 1.2 rhCoolKey.cpp, 1.3, 1.4

Jack Magne (jmagne) fedora-directory-commits at redhat.com
Wed Oct 25 03:58:19 UTC 2006


Author: jmagne

Update of /cvs/dirsec/esc/src/app/xpcom
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9499

Modified Files:
	CoolKeyCSP.cpp CoolKeyCSP.h Makefile.moz openkey.h 
	rhCoolKey.cpp 
Log Message:
Latest mac/win fixes.


Index: CoolKeyCSP.cpp
===================================================================
RCS file: /cvs/dirsec/esc/src/app/xpcom/CoolKeyCSP.cpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- CoolKeyCSP.cpp	13 Sep 2006 17:50:07 -0000	1.2
+++ CoolKeyCSP.cpp	25 Oct 2006 03:58:16 -0000	1.3
@@ -24,6 +24,8 @@
 #include "openkey.h"
 #include "CoolKeyCSP.h"
 
+
+
 #define MAX_CONTAINER_NAME 128
 #define MAX_KEY_ID 128
 
@@ -45,7 +47,7 @@
     {
 
        CryptAcquireContext(&CoolKeyCSPKeyListener::mCryptProv, NULL, 
-           OPENKEY_PROV, PROV_RSA_FULL,CRYPT_VERIFYCONTEXT);
+           OPENKEY_PROV, PROV_RSA_FULL,NULL);
 
     }
 
@@ -73,6 +75,9 @@
   const char *keyID,
   HCERTSTORE hCertStore)
 {
+
+   PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("CoolKeyCSPListener::AddCert %p \n",(void *) pbCert));
+
   BOOL rv = TRUE;
   PCCERT_CONTEXT pCertContext = CertCreateCertificateContext(
                                 X509_ASN_ENCODING, pbCert, cbCert);
@@ -93,7 +98,7 @@
   blob.cbData = (DWORD) (wcslen(OPENKEY_NAME_W)+1) * sizeof(wchar_t);
   blob.pbData = (BYTE *) OPENKEY_NAME_W;
   if (!CertSetCertificateContextProperty(pCertContext,
-      CERT_FRIENDLY_NAME_PROP_ID, 0, &blob))
+     CERT_FRIENDLY_NAME_PROP_ID, 0, &blob))
   {
     rv = FALSE;
     goto failed;
@@ -108,7 +113,7 @@
   // CERT_SET_KEY_PROV_HANDLE_PROP_ID.
   keyProvInfo.dwKeySpec = dwKeySpec;
   if (!CertSetCertificateContextProperty(pCertContext,
-      CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo))
+     CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo))
   {
     rv = FALSE;
     goto failed;
@@ -144,12 +149,17 @@
 //
 // Return TRUE on success, FALSE on failure.
 
+
 static BOOL
 GetCert(
   HCRYPTKEY hKey,
   BYTE **ppbCert,
   DWORD *pcbCert)
 {
+
+
+  PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("GetCert kKey %d \n",hKey));
+
   BYTE *pbCert;
   DWORD cbCert;
   if (!CryptGetKeyParam(hKey, KP_CERTIFICATE, NULL,  &cbCert, 0))
@@ -171,6 +181,92 @@
   return TRUE;
 }
 
+// GetISCACert
+//
+// Return whether or not the presented cert is a CA cert. 
+//
+// Return TRUE on success, FALSE on failure.
+
+static
+BOOL GetISCACert(const BYTE *cert, DWORD certSize)
+{
+   BOOL rv = false;
+
+   PCCERT_CONTEXT certContext = 0;
+
+
+    PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("GETISCACert cert %p length %d \n.",cert,certSize));
+
+
+
+   PCERT_BASIC_CONSTRAINTS2_INFO pInfo; 
+
+
+   DWORD cbInfo = sizeof(CERT_BASIC_CONSTRAINTS2_INFO);
+   
+   PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("GETISCACert size of BASIC_CONSTRAINTS structure: %d . \n",cbInfo));
+
+   pInfo = (PCERT_BASIC_CONSTRAINTS2_INFO) LocalAlloc(LPTR,cbInfo);
+
+   if(!pInfo)
+       goto failed;
+
+   certContext =
+   CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING ,
+      &cert[0], certSize);
+
+   if (certContext == 0)
+       goto failed;
+
+
+   PCERT_EXTENSION pBC = CertFindExtension(szOID_BASIC_CONSTRAINTS2,
+      certContext->pCertInfo->cExtension, certContext->pCertInfo->rgExtension);
+
+   if(!pBC)
+   {
+       PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("GETISCACert Error in getting BASIC_CONSTRAINTS extension. \n."));
+
+      if (certContext)
+         CertFreeCertificateContext(certContext);
+
+      goto failed;
+
+   }
+
+   DWORD cbDecoded =  cbInfo;
+
+      
+   BOOL dResult = CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING ,
+       X509_BASIC_CONSTRAINTS2,
+       pBC->Value.pbData, pBC->Value.cbData, 0, (void *) pInfo  ,&cbDecoded
+   );
+
+   if(!dResult)
+   {
+      DWORD error = GetLastError();
+
+      PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("GETISCACert Error from CtypDecodeObect error: %d size needed %d \n.",error,cbDecoded));
+   }
+   else
+   {
+
+      PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("GETISCACert found result %d \n.",pInfo->fCA));
+      rv = (BOOL) pInfo->fCA;
+   }
+
+failed:
+
+   if (certContext)
+      CertFreeCertificateContext(certContext);
+
+   if(pInfo)
+       LocalFree(pInfo);
+
+   return rv;
+}
+
+
+
 // PropCertsInContainer
 //
 // Propagate the certs in the key container named szContainer to
@@ -183,8 +279,11 @@
 PropCertsInContainer(
   const char *keyID,
   const char *szContainer,
-  HCERTSTORE hCertStore)
+  HCERTSTORE hCertStore,HCERTSTORE hCACertStore = NULL)
 {
+
+   PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("PropCertsInContainer %s \n",(char *)szContainer));
+
   BOOL rv = TRUE;
 
   HCRYPTPROV hCryptProv = CoolKeyCSPKeyListener::GetCryptHandle();
@@ -211,22 +310,33 @@
 
   // If anything fails, we go on to propagate the next cert.
 
+  PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("PropCertsInContainer dwNumKeySpec %d \n",dwNumKeySpec));
+
   for (i = 0; i < dwNumKeySpec; i++)
   {
     HCRYPTKEY hUserKey = NULL;
     if (!CryptGetUserKey(hCryptProv, dwKeySpec[i], &hUserKey))
     {
+      PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("PropCertsInContainer No user key in this cert. Check to see if it is a CA cert. Error %d. \n",GetLastError()));
       // NTE_NO_KEY means there is no key of this type and is
       // not a real error.
       if (GetLastError() != NTE_NO_KEY)
       {
         rv = FALSE;
       }
-      continue;
+     
+
+      continue; 
     }
+
     PBYTE pbCert = NULL;
     DWORD cbCert = 0;
     BOOL bOK = GetCert(hUserKey, &pbCert, &cbCert);
+
+     
+    PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("PropCertsInContainer Result of GetCert %d \n",bOK));
+
+
     if (!CryptDestroyKey(hUserKey))
     {
       // Should not happen.
@@ -248,13 +358,8 @@
   }
 
 failed:
+  PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("PropCertsInContainer We have reached the failed block. \n"));
   free(wszContainer);
-/*  if (!CryptReleaseContext(hContext, 0))
-  {
-    rv = FALSE;
-  }
-
-*/
   return rv;
 }
 
@@ -271,6 +376,11 @@
 {
   BOOL rv = TRUE;
   BOOL hasReader = (BOOL) CoolKeyHasReader(aKey);
+
+
+  PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("CoolKeyCSPListener::PropCerts. \n"));
+
+
   if (!hasReader)
   {
     return FALSE;
@@ -288,6 +398,15 @@
     goto failed;
   }
 
+  
+  HCERTSTORE hCACertStore = CertOpenSystemStore(NULL,"CA");
+
+  if(!hCACertStore)
+  {
+    rv = FALSE;
+    goto failed;
+  }
+
   // Enumerate the key containers in our CSP and acquire
   // context for each of them.
 
@@ -304,8 +423,37 @@
     // XXX the container name should be fully qualified:
     //     \\.\reader\container
     // But our CSP only recognizes simple container names.
-    PropCertsInContainer(aKey->mKeyID, szContainer, hCertStore);
-    dwContainerLen = sizeof szContainer;
+
+     PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("CoolKeyCSPListener::PropCerts container %s \n",(char *) szContainer));
+
+     dwContainerLen = sizeof szContainer;
+
+    if(dwContainerLen)
+    {
+
+       if(CryptAcquireContext(&CoolKeyCSPKeyListener::mCryptProv, szContainer,
+    OPENKEY_PROV, PROV_RSA_FULL,0))
+       {
+             PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("CoolKeyCSPListener::PropCerts: about to call PropCertsInContainer %s \n",szContainer)); 
+            PropCertsInContainer(aKey->mKeyID, szContainer, hCertStore);
+
+       }
+       else
+       {
+
+          PR_LOG( coolKeyCSPLog, PR_LOG_DEBUG, ("CoolKeyCSPListener::PropCerts: failed to acquire context: %s \n.",szContainer));
+
+       }
+    }
+
+
+    if(CoolKeyCSPKeyListener::mCryptProv)
+    {
+       CryptReleaseContext(CoolKeyCSPKeyListener::mCryptProv, 0);
+       CoolKeyCSPKeyListener::mCryptProv = 0;
+
+    }
+
     dwFlags = 0;
   }
 
@@ -314,12 +462,12 @@
   {
     rv = FALSE;
   }
-/*  if (!CryptReleaseContext(hCryptProv, 0))
+
+  if (!CertCloseStore(hCACertStore, CERT_CLOSE_STORE_CHECK_FLAG))
   {
     rv = FALSE;
   }
 
-*/
   return rv;
 }
 
@@ -412,4 +560,5 @@
 }
 
 
+
 NS_IMPL_ISUPPORTS1(CoolKeyCSPKeyListener,rhIKeyNotify)


Index: CoolKeyCSP.h
===================================================================
RCS file: /cvs/dirsec/esc/src/app/xpcom/CoolKeyCSP.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- CoolKeyCSP.h	12 Jun 2006 23:39:49 -0000	1.1.1.1
+++ CoolKeyCSP.h	25 Oct 2006 03:58:16 -0000	1.2
@@ -32,10 +32,8 @@
 
    
     static HCRYPTPROV GetCryptHandle();   
+    static HCRYPTPROV mCryptProv;
 
-private:
-
-    static HCRYPTPROV mCryptProv ;
 };
 
 #endif


Index: Makefile.moz
===================================================================
RCS file: /cvs/dirsec/esc/src/app/xpcom/Makefile.moz,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- Makefile.moz	27 Sep 2006 17:22:20 -0000	1.3
+++ Makefile.moz	25 Oct 2006 03:58:16 -0000	1.4
@@ -26,7 +26,6 @@
 CORE_DIST	= $(CORE_DEPTH)/dist/$(OBJDIR)
 CORE_INC	= $(CORE_DEPTH)/dist/public
 MDDEPDIR	:= $(OBJDIR)/.deps
-DESTDIR		= $(MOZ_OBJDIR)/install
 
 NO_DIST_INSTALL	= 1
 
@@ -37,6 +36,9 @@
 DEPLOY_OBJDIR           = $(CORE_DEPTH)/dist/$(OBJDIR)/esc_build
 
 XULRUNNER_ZIP_NAME	= xulrunner-1.8.0.1.*.tar.gz 
+ifeq ($(OS_ARCH),WINNT)
+XULRUNNER_ZIP_NAME	= xulrunner-1.8.0.1.*.win32.zip
+endif
 XULRUNNER_BIN_PATH	= $(MOZ_OBJDIR)/dist/xulrunner
 XULRUNNER_EXEC		= xulrunner
 ifeq ($(OS_ARCH), Darwin)
@@ -46,6 +48,13 @@
 XULRUNNER_FRAME_BASE	= ESC.app/Contents/Frameworks
 endif
 
+DEPLOY_OFFSET=/esc
+
+ifeq ($(OS_ARCH),Linux)
+DEPLOY_OFFSET=/src
+DESTDIR=$(MOZ_OBJDIR)/install
+endif
+
 ifeq ($(OS_ARCH), WINNT)
 OS_LIBS			+= crypt32.lib
 CSPSRCS			=  CoolKeyCSP.cpp
@@ -74,6 +83,10 @@
 DEFINES		+= -DXPCOM_GLUE  $(GECKO_INCLUDES) -I$(CORE_INC)/ckymanager -I$(CORE_INC)/httpchuncked -I./_xpidlgen
 
 
+ifdef ESC_VERSION
+DEFINES += -DESC_VERSION=$(ESC_VERSION)
+endif
+
 REQUIRES	= string \
 		  xpcom \
 		  $(NULL)
@@ -115,7 +128,7 @@
 clean::
 	rm -f Makefile.in
 	rm -rf $(DEPLOY_OBJDIR)
-	rm -rf $(CORE_DEPTH)/src/app/xul/esc/esc
+	rm -rf $(CORE_DEPTH)$(DEPLOY_OFFSET)/app/xul/esc/esc
 
 deploy: $(DEPLOY_OBJDIR)
 	echo "deploy! on $(OS_ARCH)"
@@ -160,14 +173,14 @@
 
 $(DEPLOY_OBJDIR):
 	echo "Installing!"
-	$(NSINSTALL) ./$(LIB_PREFIX)rhCoolKey$(DLL_SUFFIX) $(CORE_DEPTH)/src/app/xul/esc/components
-	$(NSINSTALL) ./_xpidlgen/*.xpt $(CORE_DEPTH)/src/app/xul/esc/components
+	$(NSINSTALL) ./$(LIB_PREFIX)rhCoolKey$(DLL_SUFFIX) $(CORE_DEPTH)$(DEPLOY_OFFSET)/app/xul/esc/components
+	$(NSINSTALL) ./_xpidlgen/*.xpt $(CORE_DEPTH)$(DEPLOY_OFFSET)/app/xul/esc/components
 
 	echo  "Creating $(DEPLOY_OBJDIR)"
 	mkdir $(DEPLOY_OBJDIR)
 
-	cd $(CORE_DEPTH)/src/app/xul/esc; zip -r test.zip * -x *\CVS\* \*.fix*; unzip -d esc test.zip ; rm -f test.zip
-	$(XULRUNNER_BIN_PATH)/$(XULRUNNER_EXEC) --install-app $(CORE_DEPTH)/src/app/xul/esc/esc  $(DEPLOY_OBJDIR)
+	cd $(CORE_DEPTH)/$(DEPLOY_OFFSET)/app/xul/esc; zip -r test.zip * -x *\CVS\* \*.fix*; unzip -d esc test.zip ; rm -f test.zip
+	$(XULRUNNER_BIN_PATH)/$(XULRUNNER_EXEC) --install-app $(CORE_DEPTH)$(DEPLOY_OFFSET)/app/xul/esc/esc  $(DEPLOY_OBJDIR)
 
 ifeq ($(OS_ARCH), Darwin)
 
@@ -178,8 +191,11 @@
 endif
 	#cp -Rf -v $(XULRUNNER_BIN_PATH) $(DEPLOY_OBJDIR)/$(XULRUNNER_FRAME_DEST)
 
+ifeq ($(OS_ARCH),Linux)
 	tar -xzvf $(MOZ_OBJDIR)/dist/$(XULRUNNER_ZIP_NAME)  -C $(DEPLOY_OBJDIR)/$(XULRUNNER_FRAME_DEST)/esc 
+endif
 ifeq ($(OS_ARCH),WINNT)
+	unzip $(MOZ_OBJDIR)/dist/$(XULRUNNER_ZIP_NAME) -d $(DEPLOY_OBJDIR)/$(XULRUNNER_FRAME_DEST)/esc
 	cp -f $(XPCOM_EXTRA)  $(DEPLOY_OBJDIR)/ESC/components
 endif
 ifdef DESTDIR


Index: openkey.h
===================================================================
RCS file: /cvs/dirsec/esc/src/app/xpcom/openkey.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- openkey.h	12 Jun 2006 23:39:49 -0000	1.1.1.1
+++ openkey.h	25 Oct 2006 03:58:16 -0000	1.2
@@ -18,13 +18,13 @@
 #ifndef _OPENKEY_H
 #define _OPENKEY_H 1
 
-#define OPENKEY_CARD_NAME "OpenKey Card Type"
-#define OPENKEY_CARD_NAME_MS "OpenKey Card Type\0"  /* a multi-string */
+#define OPENKEY_CARD_NAME "CoolKey Card Type"
+#define OPENKEY_CARD_NAME_MS "CoolKey Card Type\0"  /* a multi-string */
 
 #define OPENKEY_PROV   "Identity Alliance CSP"
 #define OPENKEY_PROV_W L"Identity Alliance CSP"
 
-#define OPENKEY_NAME_W L"OpenKey"
+#define OPENKEY_NAME_W L"CoolKey"
 
 /*
  * User-defined certificate properties must faill in the range


Index: rhCoolKey.cpp
===================================================================
RCS file: /cvs/dirsec/esc/src/app/xpcom/rhCoolKey.cpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- rhCoolKey.cpp	27 Sep 2006 17:22:20 -0000	1.3
+++ rhCoolKey.cpp	25 Oct 2006 03:58:16 -0000	1.4
@@ -32,6 +32,7 @@
 #endif
 
 #include "nsIPrefBranch.h"
+#include "nsIPrefService.h"
 #include "nsCOMPtr.h"
 #include "nsIProxyObjectManager.h"
 #include "nsIObserver.h"
@@ -43,6 +44,14 @@
 #include <vector>
 #include <string>
 
+
+#define STRINGIFY(x) #x
+#define GETSTRING(x) STRINGIFY(x)
+
+#ifndef ESC_VERSION
+#define ESC_VERSION 1.0.0-0
+#endif
+
 #include <prlog.h>
 #define COOL_MAX_PATH 1024
 #define MAX_STR_LEN COOL_MAX_PATH
@@ -259,7 +268,7 @@
     }
 
 
-    nsCOMPtr<nsIPrefBranch> pref;
+    nsCOMPtr<nsIPrefService> pref;
     pref = do_GetService("@mozilla.org/preferences-service;1");
 
     if(!pref)
@@ -268,8 +277,15 @@
     }
 
 
-    pref->SetCharPref(aName, aValue);
+    nsCOMPtr<nsIPrefBranch> pBranch;
 
+    pref->GetBranch(nsnull,getter_AddRefs(pBranch));
+
+    if(pBranch)
+    {
+      pBranch->SetCharPref(aName, aValue);
+      pref->SavePrefFile(nsnull);
+    }
 
     return S_OK;
 
@@ -1358,10 +1374,9 @@
 {
     PR_LOG( coolKeyLog, PR_LOG_DEBUG, ("rhCoolKey::GetCoolKeyVersion \n"));
 
-    char *version = "1.0.0-16";
+    char *version = GETSTRING(ESC_VERSION);
     
     char *versionVal =  (char *) nsMemory::Clone(version,sizeof(char) * strlen(version) +  1);
-
     
     *_retval = versionVal;   
 




More information about the Fedora-directory-commits mailing list