char* nsNSSCertificate::defaultServerNickname(CERTCertificate* cert) { nsNSSShutDownPreventionLock locker; char* nickname = nullptr; int count; bool conflict; char* servername = nullptr; servername = CERT_GetCommonName(&cert->subject); if (!servername) { // Certs without common names are strange, but they do exist... // Let's try to use another string for the nickname servername = CERT_GetOrgUnitName(&cert->subject); if (!servername) { servername = CERT_GetOrgName(&cert->subject); if (!servername) { servername = CERT_GetLocalityName(&cert->subject); if (!servername) { servername = CERT_GetStateName(&cert->subject); if (!servername) { servername = CERT_GetCountryName(&cert->subject); if (!servername) { // We tried hard, there is nothing more we can do. // A cert without any names doesn't really make sense. return nullptr; } } } } } } count = 1; while (1) { if (count == 1) { nickname = PR_smprintf("%s", servername); } else { nickname = PR_smprintf("%s #%d", servername, count); } if (nickname == NULL) { break; } conflict = SEC_CertNicknameConflict(nickname, &cert->derSubject, cert->dbhandle); if (!conflict) { break; } PR_Free(nickname); count++; } PR_FREEIF(servername); return nickname; }
NS_IMETHODIMP nsNSSCertificate::GetIssuerOrganization(nsAString &aOrganization) { nsNSSShutDownPreventionLock locker; if (isAlreadyShutDown()) return NS_ERROR_NOT_AVAILABLE; aOrganization.Truncate(); if (mCert) { char *organization = CERT_GetOrgName(&mCert->issuer); if (organization) { aOrganization = NS_ConvertUTF8toUTF16(organization); PORT_Free(organization); } else { return GetIssuerCommonName(aOrganization); } } return NS_OK; }
NS_IMETHODIMP nsNSSCertificate::GetOrganization(nsAString &aOrganization) { nsNSSShutDownPreventionLock locker; if (isAlreadyShutDown()) return NS_ERROR_NOT_AVAILABLE; aOrganization.Truncate(); if (mCert) { char *organization = CERT_GetOrgName(&mCert->subject); if (organization) { aOrganization = NS_ConvertUTF8toUTF16(organization); PORT_Free(organization); } /*else { *aOrganization = ToNewUnicode(NS_LITERAL_STRING("<not set>")), }*/ } return NS_OK; }
static void checkName(CERTName *n, char *fieldName, int verbose) { char *v=0; if (verbose) { printf("Checking %s\n", fieldName); } v = CERT_GetCountryName(n); if (!v) { printf("PROBLEM: %s lacks Country Name (C)\n", fieldName); } PORT_Free(v); v = CERT_GetOrgName(n); if (!v) { printf("PROBLEM: %s lacks Organization Name (O)\n", fieldName); } PORT_Free(v); v = CERT_GetOrgUnitName(n); if (!v) { printf("WARNING: %s lacks Organization Unit Name (OU)\n", fieldName); } PORT_Free(v); v = CERT_GetCommonName(n); if (!v) { printf("PROBLEM: %s lacks Common Name (CN)\n", fieldName); } PORT_Free(v); }
void nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert, nsIInterfaceRequestor* ctx, nsCString &nickname) { nickname.Truncate(); nsNSSShutDownPreventionLock locker; nsresult rv; CK_OBJECT_HANDLE keyHandle; CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB(); nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv)); if (NS_FAILED(rv)) return; nsCAutoString username; char *temp_un = CERT_GetCommonName(&cert->subject); if (temp_un) { username = temp_un; PORT_Free(temp_un); temp_un = nsnull; } nsCAutoString caname; char *temp_ca = CERT_GetOrgName(&cert->issuer); if (temp_ca) { caname = temp_ca; PORT_Free(temp_ca); temp_ca = nsnull; } nsAutoString tmpNickFmt; nssComponent->GetPIPNSSBundleString("nick_template", tmpNickFmt); NS_ConvertUTF16toUTF8 nickFmt(tmpNickFmt); nsCAutoString baseName; char *temp_nn = PR_smprintf(nickFmt.get(), username.get(), caname.get()); if (!temp_nn) { return; } else { baseName = temp_nn; PR_smprintf_free(temp_nn); temp_nn = nsnull; } nickname = baseName; /* * We need to see if the private key exists on a token, if it does * then we need to check for nicknames that already exist on the smart * card. */ PK11SlotInfo *slot = PK11_KeyForCertExists(cert, &keyHandle, ctx); PK11SlotInfoCleaner slotCleaner(slot); if (!slot) return; if (!PK11_IsInternal(slot)) { char *tmp = PR_smprintf("%s:%s", PK11_GetTokenName(slot), baseName.get()); if (!tmp) { nickname.Truncate(); return; } baseName = tmp; PR_smprintf_free(tmp); nickname = baseName; } int count = 1; while (true) { if ( count > 1 ) { char *tmp = PR_smprintf("%s #%d", baseName.get(), count); if (!tmp) { nickname.Truncate(); return; } nickname = tmp; PR_smprintf_free(tmp); } CERTCertificate *dummycert = nsnull; CERTCertificateCleaner dummycertCleaner(dummycert); if (PK11_IsInternal(slot)) { /* look up the nickname to make sure it isn't in use already */ dummycert = CERT_FindCertByNickname(defaultcertdb, nickname.get()); } else { /* * Check the cert against others that already live on the smart * card. */ dummycert = PK11_FindCertFromNickname(nickname.get(), ctx); if (dummycert != NULL) { /* * Make sure the subject names are different. */ if (CERT_CompareName(&cert->subject, &dummycert->subject) == SECEqual) { /* * There is another certificate with the same nickname and * the same subject name on the smart card, so let's use this * nickname. */ CERT_DestroyCertificate(dummycert); dummycert = NULL; } } } if (!dummycert) break; count++; } }
void PR_CALLBACK HandshakeCallback(PRFileDesc* fd, void* client_data) { nsNSSShutDownPreventionLock locker; PRInt32 sslStatus; char* signer = nsnull; char* cipherName = nsnull; PRInt32 keyLength; nsresult rv; PRInt32 encryptBits; if (SECSuccess != SSL_SecurityStatus(fd, &sslStatus, &cipherName, &keyLength, &encryptBits, &signer, nsnull)) { return; } PRInt32 secStatus; if (sslStatus == SSL_SECURITY_STATUS_OFF) secStatus = nsIWebProgressListener::STATE_IS_BROKEN; else if (encryptBits >= 90) secStatus = (nsIWebProgressListener::STATE_IS_SECURE | nsIWebProgressListener::STATE_SECURE_HIGH); else secStatus = (nsIWebProgressListener::STATE_IS_SECURE | nsIWebProgressListener::STATE_SECURE_LOW); CERTCertificate *peerCert = SSL_PeerCertificate(fd); const char* caName = nsnull; // caName is a pointer only, no ownership char* certOrgName = CERT_GetOrgName(&peerCert->issuer); CERT_DestroyCertificate(peerCert); caName = certOrgName ? certOrgName : signer; const char* verisignName = "Verisign, Inc."; // If the CA name is RSA Data Security, then change the name to the real // name of the company i.e. VeriSign, Inc. if (nsCRT::strcmp((const char*)caName, "RSA Data Security, Inc.") == 0) { caName = verisignName; } nsAutoString shortDesc; const PRUnichar* formatStrings[1] = { ToNewUnicode(NS_ConvertUTF8toUTF16(caName)) }; nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv)); if (NS_SUCCEEDED(rv)) { rv = nssComponent->PIPBundleFormatStringFromName("SignedBy", formatStrings, 1, shortDesc); nsMemory::Free(const_cast<PRUnichar*>(formatStrings[0])); nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret; infoObject->SetSecurityState(secStatus); infoObject->SetShortSecurityDescription(shortDesc.get()); /* Set the SSL Status information */ nsRefPtr<nsSSLStatus> status = infoObject->SSLStatus(); if (!status) { status = new nsSSLStatus(); infoObject->SetSSLStatus(status); } CERTCertificate *serverCert = SSL_PeerCertificate(fd); if (serverCert) { nsRefPtr<nsNSSCertificate> nssc = new nsNSSCertificate(serverCert); CERT_DestroyCertificate(serverCert); serverCert = nsnull; nsCOMPtr<nsIX509Cert> prevcert; infoObject->GetPreviousCert(getter_AddRefs(prevcert)); PRBool equals_previous = PR_FALSE; if (prevcert) { nsresult rv = nssc->Equals(prevcert, &equals_previous); if (NS_FAILED(rv)) { equals_previous = PR_FALSE; } } if (equals_previous) { PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("HandshakeCallback using PREV cert %p\n", prevcert.get())); infoObject->SetCert(prevcert); status->mServerCert = prevcert; } else { if (status->mServerCert) { PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("HandshakeCallback KEEPING cert %p\n", status->mServerCert.get())); infoObject->SetCert(status->mServerCert); } else { PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("HandshakeCallback using NEW cert %p\n", nssc.get())); infoObject->SetCert(nssc); status->mServerCert = nssc; } } } status->mHaveKeyLengthAndCipher = PR_TRUE; status->mKeyLength = keyLength; status->mSecretKeyLength = encryptBits; status->mCipherName.Adopt(cipherName); } PR_FREEIF(certOrgName); PR_Free(signer); }