Back to index

lightning-sunbird  0.9+nobinonly
Public Types | Public Member Functions | Private Member Functions | Private Attributes | Friends
nsCMSMessage Class Reference

#include <nsCMS.h>

Inheritance diagram for nsCMSMessage:
Inheritance graph
[legend]
Collaboration diagram for nsCMSMessage:
Collaboration graph
[legend]

List of all members.

Public Types

enum  CalledFromType { calledFromList, calledFromObject }

Public Member Functions

NS_DECL_ISUPPORTS
NS_DECL_NSICMSMESSAGE
NS_DECL_NSICMSMESSAGE2 
nsCMSMessage ()
 nsCMSMessage (NSSCMSMessage *aCMSMsg)
virtual ~nsCMSMessage ()
void referenceContext (nsIInterfaceRequestor *aContext)
NSSCMSMessage * getCMS ()
void contentIsSigned (out boolean aSigned)
void contentIsEncrypted (out boolean aEncrypted)
void getSignerCommonName (out string aName)
void getSignerEmailAddress (out string aEmail)
void getSignerCert (out nsIX509Cert scert)
void getEncryptionCert (out nsIX509Cert ecert)
void verifySignature ()
void verifyDetachedSignature (in UnsignedCharPtr aDigestData, in unsigned long aDigestDataLen)
void CreateEncrypted (in nsIArray aRecipientCerts)
void CreateSigned (in nsIX509Cert scert, in nsIX509Cert ecert, in UnsignedCharPtr aDigestData, in unsigned long aDigestDataLen)
void asyncVerifySignature (in nsISMimeVerificationListener listener)
 Async version of nsICMSMessage::VerifySignature.
void asyncVerifyDetachedSignature (in nsISMimeVerificationListener listener, in UnsignedCharPtr aDigestData, in unsigned long aDigestDataLen)
 Async version of nsICMSMessage::VerifyDetachedSignature.
void shutdown (CalledFromType calledFrom)
PRBool isAlreadyShutDown ()

Private Member Functions

NSSCMSSignerInfo * GetTopLevelSignerInfo ()
nsresult CommonVerifySignature (unsigned char *aDigestData, PRUint32 aDigestDataLen)
nsresult CommonAsyncVerifySignature (nsISMimeVerificationListener *aListener, unsigned char *aDigestData, PRUint32 aDigestDataLen)
virtual void virtualDestroyNSSReference ()
void destructorSafeDestroyNSSReference ()

Private Attributes

nsCOMPtr< nsIInterfaceRequestorm_ctx
NSSCMSMessage * m_cmsMsg

Friends

class nsSMimeVerificationJob

Detailed Description

Definition at line 60 of file nsCMS.h.


Member Enumeration Documentation

Enumerator:
calledFromList 
calledFromObject 

Definition at line 270 of file nsNSSShutDown.h.


Constructor & Destructor Documentation

Definition at line 61 of file nsCMS.cpp.

nsCMSMessage::nsCMSMessage ( NSSCMSMessage *  aCMSMsg)

Definition at line 65 of file nsCMS.cpp.

{
  m_cmsMsg = aCMSMsg;
}

Definition at line 70 of file nsCMS.cpp.

Here is the call graph for this function:


Member Function Documentation

void nsICMSMessage2::asyncVerifyDetachedSignature ( in nsISMimeVerificationListener  listener,
in UnsignedCharPtr  aDigestData,
in unsigned long  aDigestDataLen 
) [inherited]

Async version of nsICMSMessage::VerifyDetachedSignature.

Code will be executed on a background thread and availability of results will be notified using a call to nsISMimeVerificationListener.

We are using "native unsigned char" ptr, because the function signatures of this one and nsICMSMessage::verifyDetachedSignature should be the identical. Cleaning up nsICMSMessages needs to be postponed, because this async version is needed on MOZILLA_1_8_BRANCH.

Once both interfaces get cleaned up, the function signature should look like: [array, length_is(aDigestDataLen)] in octet aDigestData, in unsigned long aDigestDataLen);

Async version of nsICMSMessage::VerifySignature.

Code will be executed on a background thread and availability of results will be notified using a call to nsISMimeVerificationListener.

nsresult nsCMSMessage::CommonAsyncVerifySignature ( nsISMimeVerificationListener aListener,
unsigned char *  aDigestData,
PRUint32  aDigestDataLen 
) [private]

Definition at line 370 of file nsCMS.cpp.

{
  nsSMimeVerificationJob *job = new nsSMimeVerificationJob;
  if (!job)
    return NS_ERROR_OUT_OF_MEMORY;
  
  if (aDigestData)
  {
    job->digest_data = new unsigned char[aDigestDataLen];
    if (!job->digest_data)
    {
      delete job;
      return NS_ERROR_OUT_OF_MEMORY;
    }
    
    memcpy(job->digest_data, aDigestData, aDigestDataLen);
  }
  else
  {
    job->digest_data = nsnull;
  }
  
  job->digest_len = aDigestDataLen;
  job->mMessage = this;
  job->mListener = aListener;

  nsresult rv = nsCertVerificationThread::addJob(job);
  if (NS_FAILED(rv))
    delete job;

  return rv;
}

Here is the call graph for this function:

nsresult nsCMSMessage::CommonVerifySignature ( unsigned char *  aDigestData,
PRUint32  aDigestDataLen 
) [private]

Definition at line 237 of file nsCMS.cpp.

{
  nsNSSShutDownPreventionLock locker;
  if (isAlreadyShutDown())
    return NS_ERROR_NOT_AVAILABLE;

  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature, content level count %d\n", NSS_CMSMessage_ContentLevelCount(m_cmsMsg)));
  NSSCMSContentInfo *cinfo = nsnull;
  NSSCMSSignedData *sigd = nsnull;
  NSSCMSSignerInfo *si;
  PRInt32 nsigners;
  nsresult rv = NS_ERROR_FAILURE;

  if (NSS_CMSMessage_IsSigned(m_cmsMsg) == PR_FALSE) {
    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - not signed\n"));
    return NS_ERROR_CMS_VERIFY_NOT_SIGNED;
  } 

  cinfo = NSS_CMSMessage_ContentLevel(m_cmsMsg, 0);
  if (cinfo) {
    // I don't like this hard cast. We should check in some way, that we really have this type.
    sigd = (NSSCMSSignedData*)NSS_CMSContentInfo_GetContent(cinfo);
  }
  
  if (!sigd) {
    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - no content info\n"));
    rv = NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
    goto loser;
  }

  if (aDigestData && aDigestDataLen)
  {
    SECItem digest;
    digest.data = aDigestData;
    digest.len = aDigestDataLen;

    if (NSS_CMSSignedData_SetDigestValue(sigd, SEC_OID_SHA1, &digest)) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - bad digest\n"));
      rv = NS_ERROR_CMS_VERIFY_BAD_DIGEST;
      goto loser;
    }
  }

  // Import certs. Note that import failure is not a signature verification failure. //
  if (NSS_CMSSignedData_ImportCerts(sigd, CERT_GetDefaultCertDB(), certUsageEmailRecipient, PR_TRUE) != SECSuccess) {
    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - can not import certs\n"));
  }

  nsigners = NSS_CMSSignedData_SignerInfoCount(sigd);
  PR_ASSERT(nsigners > 0);
  si = NSS_CMSSignedData_GetSignerInfo(sigd, 0);


  // See bug 324474. We want to make sure the signing cert is 
  // still valid at the current time.
  if (CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), si->cert, PR_TRUE, 
                                certificateUsageEmailSigner,
                                si->cmsg->pwfn_arg, NULL) != SECSuccess) {
    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - signing cert not trusted now\n"));
    rv = NS_ERROR_CMS_VERIFY_UNTRUSTED;
    goto loser;
  }

  // We verify the first signer info,  only //
  if (NSS_CMSSignedData_VerifySignerInfo(sigd, 0, CERT_GetDefaultCertDB(), certUsageEmailSigner) != SECSuccess) {
    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - unable to verify signature\n"));

    if (NSSCMSVS_SigningCertNotFound == si->verificationStatus) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - signing cert not found\n"));
      rv = NS_ERROR_CMS_VERIFY_NOCERT;
    }
    else if(NSSCMSVS_SigningCertNotTrusted == si->verificationStatus) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - signing cert not trusted at signing time\n"));
      rv = NS_ERROR_CMS_VERIFY_UNTRUSTED;
    }
    else if(NSSCMSVS_Unverified == si->verificationStatus) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - can not verify\n"));
      rv = NS_ERROR_CMS_VERIFY_ERROR_UNVERIFIED;
    }
    else if(NSSCMSVS_ProcessingError == si->verificationStatus) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - processing error\n"));
      rv = NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
    }
    else if(NSSCMSVS_BadSignature == si->verificationStatus) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - bad signature\n"));
      rv = NS_ERROR_CMS_VERIFY_BAD_SIGNATURE;
    }
    else if(NSSCMSVS_DigestMismatch == si->verificationStatus) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - digest mismatch\n"));
      rv = NS_ERROR_CMS_VERIFY_DIGEST_MISMATCH;
    }
    else if(NSSCMSVS_SignatureAlgorithmUnknown == si->verificationStatus) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - algo unknown\n"));
      rv = NS_ERROR_CMS_VERIFY_UNKNOWN_ALGO;
    }
    else if(NSSCMSVS_SignatureAlgorithmUnsupported == si->verificationStatus) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - algo not supported\n"));
      rv = NS_ERROR_CMS_VERIFY_UNSUPPORTED_ALGO;
    }
    else if(NSSCMSVS_MalformedSignature == si->verificationStatus) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - malformed signature\n"));
      rv = NS_ERROR_CMS_VERIFY_MALFORMED_SIGNATURE;
    }

    goto loser;
  }

  // Save the profile. Note that save import failure is not a signature verification failure. //
  if (NSS_SMIMESignerInfo_SaveSMIMEProfile(si) != SECSuccess) {
    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CommonVerifySignature - unable to save smime profile\n"));
  }

  rv = NS_OK;
loser:
  return rv;
}

Here is the call graph for this function:

void nsICMSMessage::contentIsEncrypted ( out boolean  aEncrypted) [inherited]
void nsICMSMessage::contentIsSigned ( out boolean  aSigned) [inherited]
void nsICMSMessage::CreateEncrypted ( in nsIArray  aRecipientCerts) [inherited]
void nsICMSMessage::CreateSigned ( in nsIX509Cert  scert,
in nsIX509Cert  ecert,
in UnsignedCharPtr  aDigestData,
in unsigned long  aDigestDataLen 
) [inherited]

Definition at line 85 of file nsCMS.cpp.

Here is the call graph for this function:

Here is the caller graph for this function:

NSSCMSMessage* nsCMSMessage::getCMS ( ) [inline]

Definition at line 74 of file nsCMS.h.

{return m_cmsMsg;};
NSSCMSSignerInfo * nsCMSMessage::GetTopLevelSignerInfo ( ) [private]

Definition at line 100 of file nsCMS.cpp.

{
  nsNSSShutDownPreventionLock locker;
  if (isAlreadyShutDown())
    return nsnull;

  if (!m_cmsMsg)
    return nsnull;

  if (!NSS_CMSMessage_IsSigned(m_cmsMsg))
    return nsnull;

  NSSCMSContentInfo *cinfo = NSS_CMSMessage_ContentLevel(m_cmsMsg, 0);
  if (!cinfo)
    return nsnull;

  NSSCMSSignedData *sigd = (NSSCMSSignedData*)NSS_CMSContentInfo_GetContent(cinfo);
  if (!sigd)
    return nsnull;

  PR_ASSERT(NSS_CMSSignedData_SignerInfoCount(sigd) > 0);
  return NSS_CMSSignedData_GetSignerInfo(sigd, 0);
}

Here is the call graph for this function:

Definition at line 298 of file nsNSSShutDown.h.

{ return mAlreadyShutDown; }

Here is the caller graph for this function:

Definition at line 73 of file nsCMS.h.

void nsNSSShutDownObject::shutdown ( CalledFromType  calledFrom) [inline, inherited]

Definition at line 285 of file nsNSSShutDown.h.

  {
    if (!mAlreadyShutDown) {
      if (calledFromObject == calledFrom) {
        nsNSSShutDownList::forget(this);
      }
      if (calledFromList == calledFrom) {
        virtualDestroyNSSReference();
      }
      mAlreadyShutDown = PR_TRUE;
    }
  }

Here is the call graph for this function:

Here is the caller graph for this function:

void nsICMSMessage::verifyDetachedSignature ( in UnsignedCharPtr  aDigestData,
in unsigned long  aDigestDataLen 
) [inherited]

Implements nsNSSShutDownObject.

Definition at line 80 of file nsCMS.cpp.

Here is the call graph for this function:


Friends And Related Function Documentation

friend class nsSMimeVerificationJob [friend]

Definition at line 87 of file nsCMS.h.


Member Data Documentation

NSSCMSMessage* nsCMSMessage::m_cmsMsg [private]

Definition at line 77 of file nsCMS.h.

Definition at line 74 of file nsCMS.h.


The documentation for this class was generated from the following files: