[Fedora-directory-commits] esc/src/lib/coolkey NSSManager.cpp, 1.2, 1.3
Jack Magne (jmagne)
fedora-directory-commits at redhat.com
Sat Feb 24 02:20:24 UTC 2007
Author: jmagne
Update of /cvs/dirsec/esc/src/lib/coolkey
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2331
Modified Files:
NSSManager.cpp
Log Message:
Add time stamps to log messages.
Index: NSSManager.cpp
===================================================================
RCS file: /cvs/dirsec/esc/src/lib/coolkey/NSSManager.cpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- NSSManager.cpp 27 Sep 2006 17:47:46 -0000 1.2
+++ NSSManager.cpp 24 Feb 2007 02:20:22 -0000 1.3
@@ -40,8 +40,7 @@
#include "keyhi.h"
#include <iostream>
- #include <sstream>
-
+#include <sstream>
#include "SlotUtils.h"
@@ -49,146 +48,148 @@
NSSManager::NSSManager()
{
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::NSSManager:\n"));
+ char tBuff[56];
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::NSSManager:\n",GetTStamp(tBuff,56)));
mpSCMonitoringThread = NULL;
}
NSSManager::~NSSManager()
{
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::~NSSManager:\n"));
- if (mpSCMonitoringThread) {
- delete mpSCMonitoringThread;
- mpSCMonitoringThread = NULL;
- }
+ char tBuff[56];
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::~NSSManager:\n",GetTStamp(tBuff,56)));
+ if (mpSCMonitoringThread) {
+ delete mpSCMonitoringThread;
+ mpSCMonitoringThread = NULL;
+ }
}
HRESULT NSSManager::InitNSS(const char *aAppDir)
{
// Init NSS
- PR_LOG( coolKeyLogNSS, PR_LOG_ALWAYS, ("Initializing the NSS Crypto Library. \n"));
+ char tBuff[56];
+ PR_LOG( coolKeyLogNSS, PR_LOG_ALWAYS, ("%s Initializing the NSS Crypto Library. \n",GetTStamp(tBuff,56)));
+ if(aAppDir)
+ {
+ SECStatus status = NSS_Init(aAppDir);
- if(aAppDir)
- {
- SECStatus status = NSS_Init(aAppDir);
-
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("InitNSS:\n"));
- if(status != SECSuccess)
- {
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("InitNSS: db init failed try simple init.\n"));
- status = NSS_NoDB_Init(NULL);
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s InitNSS:\n",GetTStamp(tBuff,56)));
+ if(status != SECSuccess)
+ {
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s InitNSS: db init failed try simple init.\n",GetTStamp(tBuff,56)));
+ status = NSS_NoDB_Init(NULL);
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("InitNSS: tried NSS_NoDB_Init res %d .\n",status));
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s InitNSS: tried NSS_NoDB_Init res %d .\n",GetTStamp(tBuff,56),status));
- if(status != SECSuccess)
- {
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("InitNSS:Simple init failed.\n"));
+ if(status != SECSuccess)
+ {
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s InitNSS:Simple init failed.\n",GetTStamp(tBuff,56)));
return E_FAIL;
- }
- }
- }
-
- char *libName = COOLKEY_PKCS11_LIBRARY ;
+ }
+ }
+ }
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("InitNSS: About to try SECMOD_AddNewModule :%s \n",libName));
+ char *libName = COOLKEY_PKCS11_LIBRARY ;
- char modSpec[512];
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s InitNSS: About to try SECMOD_AddNewModule :%s \n",GetTStamp(tBuff,56),libName));
- sprintf(modSpec,"library=\"%s\" name=\"%s\" parameters=\"%s\" NSS=\"slotParams={0x00000002=[slotFlags='PublicCerts']}\"\n",COOLKEY_PKCS11_LIBRARY,COOLKEY_NAME,PROMISCUOUS_PARAMETER);
+ char modSpec[512];
+ sprintf(modSpec,"library=\"%s\" name=\"%s\" parameters=\"%s\" NSS=\"slotParams={0x00000002=[slotFlags='PublicCerts']}\"\n",COOLKEY_PKCS11_LIBRARY,COOLKEY_NAME,PROMISCUOUS_PARAMETER);
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("InitNSS: modSpec %s\n",modSpec));
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s InitNSS: modSpec %s\n",GetTStamp(tBuff,56),modSpec));
- SECMODModule *userModule = SECMOD_LoadUserModule(modSpec,NULL,0);
+ SECMODModule *userModule = SECMOD_LoadUserModule(modSpec,NULL,0);
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("InitNSS: Done SECMOD_LoadUserModule %p \n",userModule));
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s InitNSS: Done SECMOD_LoadUserModule %p \n",GetTStamp(tBuff,56),userModule));
- if(!userModule || !userModule->loaded)
- {
- PR_LOG( coolKeyLogNSS, PR_LOG_ALWAYS, ("NSSManager::InitNSS problem loading PKCS11 module. No keys will be recognized!\n"));
- return E_FAIL;
- }
+ if(!userModule || !userModule->loaded)
+ {
+ PR_LOG( coolKeyLogNSS, PR_LOG_ALWAYS, ("%s NSSManager::InitNSS problem loading PKCS11 module. No keys will be recognized!\n",GetTStamp(tBuff,56)));
+ return E_FAIL;
+ }
- mpSCMonitoringThread = new SmartCardMonitoringThread(userModule);
- if (!mpSCMonitoringThread) {
- SECMOD_UnloadUserModule(userModule);
- return E_FAIL;
- }
- mpSCMonitoringThread->Start();
+ mpSCMonitoringThread = new SmartCardMonitoringThread(userModule);
+ if (!mpSCMonitoringThread) {
+ SECMOD_UnloadUserModule(userModule);
+ return E_FAIL;
+ }
+ mpSCMonitoringThread->Start();
- return S_OK;
+ return S_OK;
}
void NSSManager::Shutdown()
{
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::Shutdown \n"));
- if (mpSCMonitoringThread) {
+ char tBuff[56];
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::Shutdown \n",GetTStamp(tBuff,56)));
+ if (mpSCMonitoringThread) {
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::Shutdown Stopping Smart Thread %p \n",mpSCMonitoringThread));
- mpSCMonitoringThread->Stop();
- }
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::Shutdown Stopping Smart Thread %p \n",GetTStamp(tBuff,56),mpSCMonitoringThread));
+ mpSCMonitoringThread->Stop();
+ }
// Logout all tokens.
- PK11_LogoutAll();
-
+ PK11_LogoutAll();
}
bool
NSSManager::AuthenticateCoolKey(const CoolKey *aKey, const char *aPIN)
{
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::AuthenticateCoolKey \n"));
- PK11SlotInfo *slot = GetSlotForKeyID(aKey);
+ char tBuff[56];
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::AuthenticateCoolKey \n",GetTStamp(tBuff,56)));
+ PK11SlotInfo *slot = GetSlotForKeyID(aKey);
- if (!slot)
- return false;
+ if (!slot)
+ return false;
- if (!PK11_IsPresent(slot)) {
- PK11_FreeSlot(slot);
- return false;
- }
+ if (!PK11_IsPresent(slot)) {
+ PK11_FreeSlot(slot);
+ return false;
+ }
- if (!PK11_NeedLogin(slot)) {
- PK11_FreeSlot(slot);
- return true;
- }
+ if (!PK11_NeedLogin(slot)) {
+ PK11_FreeSlot(slot);
+ return true;
+ }
- SECStatus status = PK11_CheckUserPassword(slot, (char *)aPIN);
- PK11_FreeSlot(slot);
+ SECStatus status = PK11_CheckUserPassword(slot, (char *)aPIN);
+ PK11_FreeSlot(slot);
// Note: SECWouldBlock means that the password was incorrect.
// SECFailure means NSS encountered a failure that couldn't
// be fixed by a retry.
- bool didAuth = (status == SECSuccess);
+ bool didAuth = (status == SECSuccess);
- return didAuth;
+ return didAuth;
}
-
HRESULT
NSSManager::GetSignatureLength(const CoolKey *aKey, int *aLength)
{
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetSignatureLength \n"));
- if (!aKey || !aKey->mKeyID || !aLength)
- return E_FAIL;
+ char tBuff[56];
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetSignatureLength \n",GetTStamp(tBuff,56)));
+ if (!aKey || !aKey->mKeyID || !aLength)
+ return E_FAIL;
- *aLength = 0;
+ *aLength = 0;
- PK11SlotInfo *slot = GetSlotForKeyID(aKey);
- if (!slot)
- return E_FAIL;
+ PK11SlotInfo *slot = GetSlotForKeyID(aKey);
+ if (!slot)
+ return E_FAIL;
- SECKEYPrivateKey *privKey = GetAuthenticationPrivateKey(slot);
+ SECKEYPrivateKey *privKey = GetAuthenticationPrivateKey(slot);
- if (!privKey)
- return E_FAIL;
+ if (!privKey)
+ return E_FAIL;
- *aLength = PK11_SignatureLen(privKey);
+ *aLength = PK11_SignatureLen(privKey);
- PK11_FreeSlot(slot);
- SECKEY_DestroyPrivateKey(privKey);
- return S_OK;
+ PK11_FreeSlot(slot);
+ SECKEY_DestroyPrivateKey(privKey);
+ return S_OK;
}
HRESULT
@@ -196,76 +197,75 @@
const unsigned char *aData, int aDataLen,
unsigned char *aSignedData, int *aSignedDataLen)
{
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::SignDataWithKey \n"));
- if (!aKey || !aKey->mKeyID || !aData || aDataLen < 1 ||
- !aSignedData || !aSignedDataLen)
- return E_FAIL;
-
+ char tBuff[56];
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::SignDataWithKey \n",GetTStamp(tBuff,56)));
+ if (!aKey || !aKey->mKeyID || !aData || aDataLen < 1 ||
+ !aSignedData || !aSignedDataLen)
+ return E_FAIL;
- PK11SlotInfo *slot = GetSlotForKeyID(aKey);
- if (!slot)
- return E_FAIL;
+ PK11SlotInfo *slot = GetSlotForKeyID(aKey);
+ if (!slot)
+ return E_FAIL;
- SECKEYPrivateKey *privKey = GetAuthenticationPrivateKey(slot);
+ SECKEYPrivateKey *privKey = GetAuthenticationPrivateKey(slot);
- if (!privKey)
- return E_FAIL;
+ if (!privKey)
+ return E_FAIL;
// Make sure the caller supplied us with a aSignedData
// buffer that was large enough!
- int sigLen = PK11_SignatureLen(privKey);
-
- if (sigLen > *aSignedDataLen)
- return E_FAIL;
+ int sigLen = PK11_SignatureLen(privKey);
- unsigned char digest[1024]; // How do I dynamically check the size needed?
- unsigned int digestLen;
+ if (sigLen > *aSignedDataLen)
+ return E_FAIL;
- PK11Context* DigestContext = PK11_CreateDigestContext(SEC_OID_SHA1);
- SECStatus s = PK11_DigestBegin(DigestContext);
- s = PK11_DigestOp(DigestContext, aData, aDataLen);
- s = PK11_DigestFinal(DigestContext, digest, &digestLen, sizeof digest);
+ unsigned char digest[1024]; // How do I dynamically check the size needed?
+ unsigned int digestLen;
- PK11_DestroyContext(DigestContext, PR_TRUE);
+ PK11Context* DigestContext = PK11_CreateDigestContext(SEC_OID_SHA1);
+ SECStatus s = PK11_DigestBegin(DigestContext);
+ s = PK11_DigestOp(DigestContext, aData, aDataLen);
+ s = PK11_DigestFinal(DigestContext, digest, &digestLen, sizeof digest);
- SECItem sig, hash;
+ PK11_DestroyContext(DigestContext, PR_TRUE);
- sig.data = aSignedData;
- sig.len = *aSignedDataLen;
- hash.data = digest;
- hash.len = digestLen;
+ SECItem sig, hash;
- s = PK11_Sign(privKey, &sig, &hash);
+ sig.data = aSignedData;
+ sig.len = *aSignedDataLen;
+ hash.data = digest;
+ hash.len = digestLen;
+ s = PK11_Sign(privKey, &sig, &hash);
- PK11_FreeSlot(slot);
- SECKEY_DestroyPrivateKey(privKey);
- return S_OK;
+ PK11_FreeSlot(slot);
+ SECKEY_DestroyPrivateKey(privKey);
+ return S_OK;
}
HRESULT
NSSManager::GetKeyCertNicknames( const CoolKey *aKey, vector<string> & aStrings )
{
+ char tBuff[56];
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyCertNickNames \n",GetTStamp(tBuff,56)));
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetKeyCertNickNames \n"));
-
- if(!aKey )
- {
- return E_FAIL;
- }
+ if(!aKey )
+ {
+ return E_FAIL;
+ }
- PK11SlotInfo *slot = GetSlotForKeyID(aKey);
+ PK11SlotInfo *slot = GetSlotForKeyID(aKey);
- if (!slot)
- {
- return E_FAIL;
- }
+ if (!slot)
+ {
+ return E_FAIL;
+ }
- CERTCertList *certs = PK11_ListCerts(PK11CertListAll,NULL);
+ CERTCertList *certs = PK11_ListCerts(PK11CertListAll,NULL);
if (!certs)
{
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetCertNicknames no certs found! \n"));
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetCertNicknames no certs found! \n",GetTStamp(tBuff,56)));
PK11_FreeSlot(slot);
return E_FAIL;
}
@@ -285,17 +285,15 @@
}
}
}
-
}
+ if (!certs)
+ {
+ PK11_FreeSlot(slot);
+ return E_FAIL;
+ }
- if (!certs)
- {
- PK11_FreeSlot(slot);
- return E_FAIL;
- }
-
- CERTCertNicknames *nicknames =
+ CERTCertNicknames *nicknames =
CERT_NicknameStringsFromCertList(certs,
NICKNAME_EXPIRED_STRING,
NICKNAME_NOT_YET_VALID_STRING);
@@ -310,38 +308,33 @@
{
curName = nicknames->nicknames[i];
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetCertKeyNicknames name %s \n",curName));
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetCertKeyNicknames name %s \n",GetTStamp(tBuff,56),curName));
string str = curName;
aStrings.push_back (str);
}
-
CERT_FreeNicknames(nicknames);
-
}
if(certs)
- CERT_DestroyCertList(certs);
+ CERT_DestroyCertList(certs);
if(slot)
- PK11_FreeSlot(slot);
-
-
+ PK11_FreeSlot(slot);
return S_OK;
-
}
HRESULT NSSManager::GetKeyIssuedTo(const CoolKey *aKey, char *aBuf, int aBufLength)
{
-
+ char tBuff[56];
if(!aBuf)
return E_FAIL;
aBuf[0]=0;
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetKeyIssuedTo \n"));
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyIssuedTo \n",GetTStamp(tBuff,56)));
if(!aKey )
{
@@ -355,12 +348,11 @@
return E_FAIL;
}
-
CERTCertList *certs = PK11_ListCerts(PK11CertListAll,NULL);
if (!certs)
{
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetKeyIssuedTo no certs found! \n"));
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%sNSSManager::GetKeyIssuedTo no certs found! \n",GetTStamp(tBuff,56)));
PK11_FreeSlot(slot);
return E_FAIL;
}
@@ -369,7 +361,6 @@
char *certID = NULL;
-
for( node = CERT_LIST_HEAD(certs);
! CERT_LIST_END(node, certs);
node = CERT_LIST_NEXT(node))
@@ -380,13 +371,10 @@
if(cert)
{
-
-
if(cert->slot == slot)
{
-
certID = CERT_GetCommonName(&cert->subject);
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetKeyIssuedTo ourSlot %p curSlot %p certID %s \n",slot,cert->slot,certID));
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyIssuedTo ourSlot %p curSlot %p certID %s \n",GetTStamp(tBuff,56),slot,cert->slot,certID));
}
@@ -416,40 +404,40 @@
HRESULT NSSManager::GetKeyCertInfo(const CoolKey *aKey, char *aCertNickname, string & aCertInfo)
{
+ char tBuff[56];
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyCertInfo Nickname %s \n",GetTStamp(tBuff,56),aCertNickname));
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetKeyCertInfo Nickname %s \n",aCertNickname));
-
- aCertInfo = "";
+ aCertInfo = "";
- if(!aKey )
- {
- return E_FAIL;
- }
+ if(!aKey )
+ {
+ return E_FAIL;
+ }
- if(!aCertNickname)
- {
- return E_FAIL;
- }
+ if(!aCertNickname)
+ {
+ return E_FAIL;
+ }
- PK11SlotInfo *slot = GetSlotForKeyID(aKey);
+ PK11SlotInfo *slot = GetSlotForKeyID(aKey);
- if (!slot)
- {
- return E_FAIL;
- }
+ if (!slot)
+ {
+ return E_FAIL;
+ }
- CERTCertList *certs = PK11_ListCerts(PK11CertListAll,NULL);
+ CERTCertList *certs = PK11_ListCerts(PK11CertListAll,NULL);
- if (!certs)
- {
- if(slot)
- PK11_FreeSlot(slot);
- return E_FAIL;
- }
+ if (!certs)
+ {
+ if(slot)
+ PK11_FreeSlot(slot);
+ return E_FAIL;
+ }
- PR_LOG(coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetKeyCertInfo About to get CertList for slot. \n"));
+ PR_LOG(coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyCertInfo About to get CertList for slot. \n",GetTStamp(tBuff,56)));
- CERTCertListNode *node= NULL;
+ CERTCertListNode *node= NULL;
for( node = CERT_LIST_HEAD(certs);
! CERT_LIST_END(node, certs);
node = CERT_LIST_NEXT(node))
@@ -463,7 +451,7 @@
{
if(!strcmp(cert->nickname,aCertNickname))
{
- PR_LOG(coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetKeyCertInfo We have a matching cert to our slot. nickname %s \n",cert->nickname));
+ PR_LOG(coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyCertInfo We have a matching cert to our slot. nickname %s \n",GetTStamp(tBuff,56),cert->nickname));
char *issuerCN = NULL;
char *issuedToCN = NULL;
@@ -485,16 +473,13 @@
char *nBefore = (char *) DER_UTCTimeToAscii(&cert->validity.notBefore);
char *nAfter = (char *) DER_UTCTimeToAscii(&cert->validity.notAfter);
-
-
if(nBefore)
notBeforeStr = nBefore;
if(nAfter)
notAfterStr = nAfter;
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetKeyCertInfo notBefore %s notAfter %s \n",nBefore, nAfter));
-
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyCertInfo notBefore %s notAfter %s \n",GetTStamp(tBuff,56),nBefore, nAfter));
int serialNumber = DER_GetInteger(&cert->serialNumber);
@@ -505,9 +490,8 @@
aCertInfo = issuedToCNStr + "\n" + issuerCNStr + "\n"
+ notBeforeStr + "\n" + notAfterStr + "\n" + serialStr ;
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetKeyCertInfo issuerCN %s issuedToCN %s \n",issuerCN, issuedToCN));
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyCertInfo issuerCN %s issuedToCN %s \n",GetTStamp(tBuff,56),issuerCN, issuedToCN));
-
break;
}
}
@@ -515,201 +499,131 @@
}
}
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetKeyCertInfo info: %s \n",aCertInfo.c_str()));
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyCertInfo info: %s \n",GetTStamp(tBuff,56),aCertInfo.c_str()));
- if(certs)
- CERT_DestroyCertList(certs);
+ if(certs)
+ CERT_DestroyCertList(certs);
- if(slot)
- PK11_FreeSlot(slot);
+ if(slot)
+ PK11_FreeSlot(slot);
- return S_OK;
+ return S_OK;
}
HRESULT
NSSManager::GetKeyPolicy(const CoolKey *aKey, char *aBuf, int aBufLength)
{
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::GetKeyPolicy \n"));
- aBuf[0] = '\0';
- char* carot = aBuf;
+ char tBuff[56];
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::GetKeyPolicy \n",GetTStamp(tBuff,56)));
+ aBuf[0] = '\0';
+ char* carot = aBuf;
- PK11SlotInfo *slot = GetSlotForKeyID(aKey);
+ PK11SlotInfo *slot = GetSlotForKeyID(aKey);
- if (!slot)
- return E_FAIL;
+ if (!slot)
+ return E_FAIL;
- CERTCertListNode *node;
- CERTCertList *certs = PK11_ListCertsInSlot(slot);
- if (!certs)
- return E_FAIL;;
-
- for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); node = CERT_LIST_NEXT(node)) {
- SECItem policyItem;
- policyItem.data = 0;
+ CERTCertListNode *node;
+ CERTCertList *certs = PK11_ListCertsInSlot(slot);
+ if (!certs)
+ return E_FAIL;;
+
+ for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); node = CERT_LIST_NEXT(node)) {
+ SECItem policyItem;
+ policyItem.data = 0;
- SECStatus s = CERT_FindCertExtension(node->cert, SEC_OID_X509_CERTIFICATE_POLICIES, &policyItem);
+ SECStatus s = CERT_FindCertExtension(node->cert, SEC_OID_X509_CERTIFICATE_POLICIES, &policyItem);
- if (s != SECSuccess || !policyItem.data)
- continue;
+ if (s != SECSuccess || !policyItem.data)
+ continue;
- CERTCertificatePolicies *policies = CERT_DecodeCertificatePoliciesExtension(&policyItem);
+ CERTCertificatePolicies *policies = CERT_DecodeCertificatePoliciesExtension(&policyItem);
- if (!policies) {
- PORT_Free(policyItem.data);
- continue;
- }
+ if (!policies) {
+ PORT_Free(policyItem.data);
+ continue;
+ }
- CERTPolicyInfo **policyInfos = policies->policyInfos;
+ CERTPolicyInfo **policyInfos = policies->policyInfos;
- while (*policyInfos) {
- char *policyID = CERT_GetOidString(&(*policyInfos)->policyID);
- int policyLen = (int)strlen(policyID);
+ while (*policyInfos) {
+ char *policyID = CERT_GetOidString(&(*policyInfos)->policyID);
+ int policyLen = (int)strlen(policyID);
// check to see if there is space. we substract an extra -1 for the comma
- if (aBufLength - policyLen - 1 >=0) {
+ if (aBufLength - policyLen - 1 >=0) {
// if this policy ID isn't in the buffer, add it.
- if (!strstr(aBuf, policyID)) {
+ if (!strstr(aBuf, policyID)) {
// assuming that this isn't the start, add our delimiter
- if (carot != aBuf)
- strcat(carot++, ",");
+ if (carot != aBuf)
+ strcat(carot++, ",");
// Add the policy id
- strcat(carot, policyID);
- carot += policyLen;
+ strcat(carot, policyID);
+ carot += policyLen;
// decrement the length of the availability space in the |in| buffer.
- aBufLength -= (policyLen + 1);
+ aBufLength -= (policyLen + 1);
+ }
+ }
+ policyInfos++;
+ PR_smprintf_free(policyID);
}
- }
- policyInfos++;
- PR_smprintf_free(policyID);
- }
-
- PORT_Free(policyItem.data);
- CERT_DestroyCertificatePoliciesExtension(policies);
- }
-
- CERT_DestroyCertList(certs);
- PK11_FreeSlot(slot);
- return S_OK;
- }
-
-/*
-
-
-HRESULT
-NSSManager::GetKeyPolicy(const CoolKey *aKey, char *aBuf, int aBufLength)
-{
- aBuf[0] = '\0';
- char* carot = aBuf;
- PK11SlotInfo *slot = GetSlotForKeyID(aKey);
-
- if (!slot)
- return E_FAIL;
-
- CERTCertListNode *node;
- CERTCertList *certs = PK11_ListCertsInSlot(slot);
- if (!certs)
- return E_FAIL;;
-
- for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); node = CERT_LIST_NEXT(node)) {
- SECItem policyItem;
- policyItem.data = 0;
-
- SECStatus s = CERT_FindCertExtension(node->cert, SEC_OID_X509_CERTIFICATE_POLICIES, &policyItem);
-
- if (s != SECSuccess || !policyItem.data)
- continue;
-
- CERTCertificatePolicies *policies = CERT_DecodeCertificatePoliciesExtension(&policyItem);
-
- if (!policies) {
PORT_Free(policyItem.data);
- continue;
+ CERT_DestroyCertificatePoliciesExtension(policies);
}
-
- CERTPolicyInfo **policyInfos = policies->policyInfos;
-
- while (*policyInfos) {
- char *policyID = CERT_GetOidString(&(*policyInfos)->policyID);
- int policyLen = (int)strlen(policyID);
-
- // check to see if there is space. we substract an extra -1 for the comma
- if (aBufLength - policyLen - 1 >=0) {
-
- // if this policy ID isn't in the buffer, add it.
- if (!strstr(aBuf, policyID)) {
-
- // assuming that this isn't the start, add our delimiter
- if (carot != aBuf)
- strcat(carot++, ",");
- // Add the policy id
- strcat(carot++, policyID);
+ CERT_DestroyCertList(certs);
+ PK11_FreeSlot(slot);
+ return S_OK;
+}
- // decrement the length of the availability space in the |in| buffer.
- aBufLength -= (policyLen + 1);
- }
- }
- policyInfos++;
- PR_smprintf_free(policyID);
- }
-
- PORT_Free(policyItem.data);
- CERT_DestroyCertificatePoliciesExtension(policies);
- }
-
- CERT_DestroyCertList(certs);
- PK11_FreeSlot(slot);
- return S_OK;
- }
-*/
bool
NSSManager::RequiresAuthentication(const CoolKey *aKey)
{
-
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::RequiresAuthentication \n"));
- if (!aKey || !aKey->mKeyID)
- return false;
+ char tBuff[56];
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::RequiresAuthentication \n",GetTStamp(tBuff,56)));
+ if (!aKey || !aKey->mKeyID)
+ return false;
- PK11SlotInfo *slot = GetSlotForKeyID(aKey);
+ PK11SlotInfo *slot = GetSlotForKeyID(aKey);
- if (!slot)
- return false;
+ if (!slot)
+ return false;
- bool needsLogin = false;
+ bool needsLogin = false;
- if (PK11_IsPresent(slot))
- needsLogin = PK11_NeedLogin(slot) ? true : false;
+ if (PK11_IsPresent(slot))
+ needsLogin = PK11_NeedLogin(slot) ? true : false;
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
- return needsLogin;
+ return needsLogin;
}
bool
NSSManager::IsAuthenticated(const CoolKey *aKey)
{
-
- PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("NSSManager::IsAuthenticated \n"));
- if (!aKey || !aKey->mKeyID)
- return false;
+ char tBuff[56];
+ PR_LOG( coolKeyLogNSS, PR_LOG_DEBUG, ("%s NSSManager::IsAuthenticated \n",GetTStamp(tBuff,56)));
+ if (!aKey || !aKey->mKeyID)
+ return false;
- PK11SlotInfo *slot = GetSlotForKeyID(aKey);
+ PK11SlotInfo *slot = GetSlotForKeyID(aKey);
- if (!slot)
- return false;
+ if (!slot)
+ return false;
- bool isAuthenticated = false;
+ bool isAuthenticated = false;
- if (PK11_IsPresent(slot))
- isAuthenticated = PK11_IsLoggedIn(slot, NULL) ? true : false;
+ if (PK11_IsPresent(slot))
+ isAuthenticated = PK11_IsLoggedIn(slot, NULL) ? true : false;
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
- return isAuthenticated;
+ return isAuthenticated;
}
More information about the Fedora-directory-commits
mailing list