static void ConvertToXPNewlines(nsAFlatString& aString)
{
#if defined(XP_MACOSX)
aString.ReplaceSubstring(NS_LITERAL_STRING("\r"), NS_LITERAL_STRING("\n"));
#elif defined(XP_WIN)
aString.ReplaceSubstring(NS_LITERAL_STRING("\r\n"), NS_LITERAL_STRING("\n"));
#endif
}
PRInt32
nsString::RFind( const nsAFlatString& aString, PRInt32 aOffset, PRInt32 aCount ) const
{
// this method changes the meaning of aOffset and aCount:
RFind_ComputeSearchRange(mLength, aString.Length(), aOffset, aCount);
PRInt32 result = RFindSubstring(mData + aOffset, aCount, aString.get(), aString.Length(), false);
if (result != kNotFound)
result += aOffset;
return result;
}
nsStringKey::nsStringKey(const nsAFlatString& str)
: mStr((char16_t*)str.get()),
mStrLen(str.Length()),
mOwnership(OWN_CLONE)
{
NS_ASSERTION(mStr, "null string key");
#ifdef DEBUG
mKeyType = StringKey;
#endif
MOZ_COUNT_CTOR(nsStringKey);
}
/**
* Returns true if the given string has only whitespace characters
*/
bool XMLUtils::isWhitespace(const nsAFlatString& aText)
{
nsAFlatString::const_char_iterator start, end;
aText.BeginReading(start);
aText.EndReading(end);
for ( ; start != end; ++start) {
if (!isWhitespace(*start)) {
return false;
}
}
return true;
}
nsresult
txFormattedCounter::getCounterFor(const nsAFlatString& aToken,
PRInt32 aGroupSize,
const nsAString& aGroupSeparator,
txFormattedCounter*& aCounter)
{
PRInt32 length = aToken.Length();
NS_ASSERTION(length, "getting counter for empty token");
aCounter = 0;
if (length == 1) {
PRUnichar ch = aToken.CharAt(0);
switch (ch) {
case 'i':
case 'I':
aCounter = new txRomanCounter(ch == 'I');
break;
case 'a':
case 'A':
aCounter = new txAlphaCounter(ch);
break;
case '1':
default:
// if we don't recognize the token then use "1"
aCounter = new txDecimalCounter(1, aGroupSize,
aGroupSeparator);
break;
}
return aCounter ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
// for now, the only multi-char token we support are decimals
PRInt32 i;
for (i = 0; i < length-1; ++i) {
if (aToken.CharAt(i) != '0')
break;
}
if (i == length-1 && aToken.CharAt(i) == '1') {
aCounter = new txDecimalCounter(length, aGroupSize, aGroupSeparator);
}
else {
// if we don't recognize the token then use '1'
aCounter = new txDecimalCounter(1, aGroupSize, aGroupSeparator);
}
return aCounter ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
/**
* Returns the document base of the href argument
* @return the document base of the given href
**/
void URIUtils::getDocumentBase(const nsAFlatString& href, nsAString& dest)
{
if (href.IsEmpty()) {
return;
}
nsAFlatString::const_char_iterator temp;
href.BeginReading(temp);
PRUint32 iter = href.Length();
while (iter > 0) {
if (temp[--iter] == HREF_PATH_SEP) {
dest.Append(Substring(href, 0, iter));
break;
}
}
}
nsresult txResultStringComparator::init(const nsAFlatString& aLanguage)
{
nsresult rv;
nsCOMPtr<nsILocaleService> localeService =
do_GetService(NS_LOCALESERVICE_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsILocale> locale;
if (!aLanguage.IsEmpty()) {
rv = localeService->NewLocale(aLanguage,
getter_AddRefs(locale));
}
else {
rv = localeService->GetApplicationLocale(getter_AddRefs(locale));
}
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsICollationFactory> colFactory =
do_CreateInstance(NS_COLLATIONFACTORY_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
rv = colFactory->CreateCollation(locale, getter_AddRefs(mCollation));
NS_ENSURE_SUCCESS(rv, rv);
return NS_OK;
}
static nsresult GenerateFlatTextContent(nsIRange* aRange,
nsAFlatString& aString)
{
nsCOMPtr<nsIContentIterator> iter;
nsresult rv = NS_NewContentIterator(getter_AddRefs(iter));
NS_ENSURE_SUCCESS(rv, rv);
NS_ASSERTION(iter, "NS_NewContentIterator succeeded, but the result is null");
nsCOMPtr<nsIDOMRange> domRange(do_QueryInterface(aRange));
NS_ASSERTION(domRange, "aRange doesn't have nsIDOMRange!");
iter->Init(domRange);
NS_ASSERTION(aString.IsEmpty(), "aString must be empty string");
nsINode* startNode = aRange->GetStartParent();
NS_ENSURE_TRUE(startNode, NS_ERROR_FAILURE);
nsINode* endNode = aRange->GetEndParent();
NS_ENSURE_TRUE(endNode, NS_ERROR_FAILURE);
if (startNode == endNode && startNode->IsNodeOfType(nsINode::eTEXT)) {
nsIContent* content = static_cast<nsIContent*>(startNode);
AppendSubString(aString, content, aRange->StartOffset(),
aRange->EndOffset() - aRange->StartOffset());
ConvertToNativeNewlines(aString);
return NS_OK;
}
nsAutoString tmpStr;
for (; !iter->IsDone(); iter->Next()) {
nsINode* node = iter->GetCurrentNode();
if (!node || !node->IsNodeOfType(nsINode::eCONTENT))
continue;
nsIContent* content = static_cast<nsIContent*>(node);
if (content->IsNodeOfType(nsINode::eTEXT)) {
if (content == startNode)
AppendSubString(aString, content, aRange->StartOffset(),
content->TextLength() - aRange->StartOffset());
else if (content == endNode)
AppendSubString(aString, content, 0, aRange->EndOffset());
else
AppendString(aString, content);
} else if (IsContentBR(content))
aString.Append(PRUnichar('\n'));
}
ConvertToNativeNewlines(aString);
return NS_OK;
}
static nsresult GenerateFlatTextContent(nsRange* aRange,
nsAFlatString& aString)
{
nsCOMPtr<nsIContentIterator> iter = NS_NewContentIterator();
iter->Init(aRange);
NS_ASSERTION(aString.IsEmpty(), "aString must be empty string");
nsINode* startNode = aRange->GetStartParent();
NS_ENSURE_TRUE(startNode, NS_ERROR_FAILURE);
nsINode* endNode = aRange->GetEndParent();
NS_ENSURE_TRUE(endNode, NS_ERROR_FAILURE);
if (startNode == endNode && startNode->IsNodeOfType(nsINode::eTEXT)) {
nsIContent* content = static_cast<nsIContent*>(startNode);
AppendSubString(aString, content, aRange->StartOffset(),
aRange->EndOffset() - aRange->StartOffset());
ConvertToNativeNewlines(aString);
return NS_OK;
}
nsAutoString tmpStr;
for (; !iter->IsDone(); iter->Next()) {
nsINode* node = iter->GetCurrentNode();
if (!node)
break;
if (!node->IsNodeOfType(nsINode::eCONTENT))
continue;
nsIContent* content = static_cast<nsIContent*>(node);
if (content->IsNodeOfType(nsINode::eTEXT)) {
if (content == startNode)
AppendSubString(aString, content, aRange->StartOffset(),
content->TextLength() - aRange->StartOffset());
else if (content == endNode)
AppendSubString(aString, content, 0, aRange->EndOffset());
else
AppendString(aString, content);
} else if (IsContentBR(content))
aString.Append(PRUnichar('\n'));
}
ConvertToNativeNewlines(aString);
return NS_OK;
}
static void AppendNonAsciiToNCR(const nsAString& in, nsAFlatString& out)
{
nsAString::const_iterator start, end;
in.BeginReading(start);
in.EndReading(end);
while (start != end) {
if (*start < 128) {
out.Append(*start++);
} else {
out.AppendLiteral("&#x");
nsAutoString hex;
hex.AppendInt(*start++, 16);
out.Append(hex);
out.Append((PRUnichar)';');
}
}
}
int32_t
nsString::RFind( const nsAFlatString& aString, int32_t aOffset, int32_t aCount ) const
{
// this method changes the meaning of aOffset and aCount:
RFind_ComputeSearchRange(mLength, aString.Length(), aOffset, aCount);
int32_t result = RFindSubstring(mData + aOffset, aCount, static_cast<const char16_t*>(aString.get()), aString.Length(), false);
if (result != kNotFound)
result += aOffset;
return result;
}
/**
* Implementation of utility functions for parsing URLs.
* Just file paths for now.
*/
void
txParsedURL::init(const nsAFlatString& aSpec)
{
mPath.Truncate();
mName.Truncate();
mRef.Truncate();
PRUint32 specLength = aSpec.Length();
if (!specLength) {
return;
}
const PRUnichar* start = aSpec.get();
const PRUnichar* end = start + specLength;
const PRUnichar* c = end - 1;
// check for #ref
for (; c >= start; --c) {
if (*c == '#') {
// we could eventually unescape this, too.
mRef = Substring(c + 1, end);
end = c;
--c;
if (c == start) {
// we're done,
return;
}
break;
}
}
for (c = end - 1; c >= start; --c) {
if (*c == '/') {
mName = Substring(c + 1, end);
mPath = Substring(start, c + 1);
return;
}
}
mName = Substring(start, end);
}
nsresult
inCSSValueSearch::SearchStyleValue(const nsAFlatString& aValue, nsIURI* aBaseURL)
{
if (StringBeginsWith(aValue, NS_LITERAL_STRING("url(")) &&
StringEndsWith(aValue, NS_LITERAL_STRING(")"))) {
const nsASingleFragmentString &url =
Substring(aValue, 4, aValue.Length() - 5);
// XXXldb Need to do more with |mReturnRelativeURLs|, perhaps?
nsCOMPtr<nsIURI> uri;
nsresult rv = NS_NewURI(getter_AddRefs(uri), url, nsnull, aBaseURL);
NS_ENSURE_SUCCESS(rv, rv);
nsCAutoString spec;
uri->GetSpec(spec);
nsAutoString *result = new NS_ConvertUTF8toUTF16(spec);
if (mReturnRelativeURLs)
EqualizeURL(result);
mResults->AppendElement(result);
++mResultCount;
}
return NS_OK;
}
already_AddRefed<nsMIMEInfoWin> nsOSHelperAppService::GetByExtension(const nsAFlatString& aFileExt, const char *aTypeHint)
{
if (aFileExt.IsEmpty())
return nullptr;
// windows registry assumes your file extension is going to include the '.'.
// so make sure it's there...
nsAutoString fileExtToUse;
if (aFileExt.First() != char16_t('.'))
fileExtToUse = char16_t('.');
fileExtToUse.Append(aFileExt);
// Try to get an entry from the windows registry.
nsCOMPtr<nsIWindowsRegKey> regKey =
do_CreateInstance("@mozilla.org/windows-registry-key;1");
if (!regKey)
return nullptr;
nsresult rv = regKey->Open(nsIWindowsRegKey::ROOT_KEY_CLASSES_ROOT,
fileExtToUse,
nsIWindowsRegKey::ACCESS_QUERY_VALUE);
if (NS_FAILED(rv))
return nullptr;
nsAutoCString typeToUse;
if (aTypeHint && *aTypeHint) {
typeToUse.Assign(aTypeHint);
}
else {
nsAutoString temp;
if (NS_FAILED(regKey->ReadStringValue(NS_LITERAL_STRING("Content Type"),
temp)) || temp.IsEmpty()) {
return nullptr;
}
// Content-Type is always in ASCII
LossyAppendUTF16toASCII(temp, typeToUse);
}
nsRefPtr<nsMIMEInfoWin> mimeInfo = new nsMIMEInfoWin(typeToUse);
// don't append the '.'
mimeInfo->AppendExtension(NS_ConvertUTF16toUTF8(Substring(fileExtToUse, 1)));
mimeInfo->SetPreferredAction(nsIMIMEInfo::useSystemDefault);
nsAutoString appInfo;
bool found;
// Retrieve the default application for this extension
if (mAppAssoc) {
// Vista: use the new application association COM interfaces
// for resolving helpers.
nsString assocType(fileExtToUse);
wchar_t * pResult = nullptr;
HRESULT hr = mAppAssoc->QueryCurrentDefault(assocType.get(),
AT_FILEEXTENSION, AL_EFFECTIVE,
&pResult);
if (SUCCEEDED(hr)) {
found = true;
appInfo.Assign(pResult);
CoTaskMemFree(pResult);
}
else {
found = false;
}
}
else
{
found = NS_SUCCEEDED(regKey->ReadStringValue(EmptyString(),
appInfo));
}
// Bug 358297 - ignore the default handler, force the user to choose app
if (appInfo.EqualsLiteral("XPSViewer.Document"))
found = false;
if (!found) {
return nullptr;
}
// Get other nsIMIMEInfo fields from registry, if possible.
nsAutoString defaultDescription;
nsCOMPtr<nsIFile> defaultApplication;
if (NS_FAILED(GetDefaultAppInfo(appInfo, defaultDescription,
getter_AddRefs(defaultApplication)))) {
return nullptr;
}
mimeInfo->SetDefaultDescription(defaultDescription);
mimeInfo->SetDefaultApplicationHandler(defaultApplication);
// Grab the general description
GetMIMEInfoFromRegistry(appInfo, mimeInfo);
return mimeInfo.forget();
}
nsresult
nsKeygenFormProcessor::GetPublicKey(nsAString& aValue, nsAString& aChallenge,
nsAFlatString& aKeyType,
nsAString& aOutPublicKey, nsAString& aKeyParams)
{
nsNSSShutDownPreventionLock locker;
nsresult rv = NS_ERROR_FAILURE;
char *keystring = nsnull;
char *keyparamsString = nsnull, *str = nsnull;
KeyType type;
PRUint32 keyGenMechanism;
PRInt32 primeBits;
PK11SlotInfo *slot = nsnull;
PK11RSAGenParams rsaParams;
SECOidTag algTag;
int keysize = 0;
void *params;
SECKEYPrivateKey *privateKey = nsnull;
SECKEYPublicKey *publicKey = nsnull;
CERTSubjectPublicKeyInfo *spkInfo = nsnull;
PRArenaPool *arena = nsnull;
SECStatus sec_rv = SECFailure;
SECItem spkiItem;
SECItem pkacItem;
SECItem signedItem;
CERTPublicKeyAndChallenge pkac;
pkac.challenge.data = nsnull;
nsIGeneratingKeypairInfoDialogs * dialogs;
nsKeygenThread *KeygenRunnable = 0;
nsCOMPtr<nsIKeygenThread> runnable;
// Get the key size //
for (size_t i = 0; i < number_of_key_size_choices; ++i) {
if (aValue.Equals(mSECKeySizeChoiceList[i].name)) {
keysize = mSECKeySizeChoiceList[i].size;
break;
}
}
if (!keysize) {
goto loser;
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) {
goto loser;
}
// Set the keygen mechanism
if (aKeyType.IsEmpty() || aKeyType.LowerCaseEqualsLiteral("rsa")) {
type = rsaKey;
keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
} else if (aKeyType.LowerCaseEqualsLiteral("dsa")) {
char * end;
keyparamsString = ToNewCString(aKeyParams);
if (!keyparamsString) {
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
type = dsaKey;
keyGenMechanism = CKM_DSA_KEY_PAIR_GEN;
if (strcmp(keyparamsString, "null") == 0)
goto loser;
str = keyparamsString;
PRBool found_match = PR_FALSE;
do {
end = strchr(str, ',');
if (end != nsnull)
*end = '\0';
primeBits = pqg_prime_bits(str);
if (keysize == primeBits) {
found_match = PR_TRUE;
break;
}
str = end + 1;
} while (end != nsnull);
if (!found_match) {
goto loser;
}
} else if (aKeyType.LowerCaseEqualsLiteral("ec")) {
keyparamsString = ToNewCString(aKeyParams);
if (!keyparamsString) {
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
type = ecKey;
keyGenMechanism = CKM_EC_KEY_PAIR_GEN;
/* ecParams are initialized later */
} else {
goto loser;
}
// Get the slot
rv = GetSlot(keyGenMechanism, &slot);
if (NS_FAILED(rv)) {
goto loser;
}
switch (keyGenMechanism) {
case CKM_RSA_PKCS_KEY_PAIR_GEN:
rsaParams.keySizeInBits = keysize;
rsaParams.pe = DEFAULT_RSA_KEYGEN_PE;
algTag = DEFAULT_RSA_KEYGEN_ALG;
params = &rsaParams;
break;
case CKM_DSA_KEY_PAIR_GEN:
// XXX Fix this! XXX //
goto loser;
case CKM_EC_KEY_PAIR_GEN:
/* XXX We ought to rethink how the KEYGEN tag is
* displayed. The pulldown selections presented
* to the user must depend on the keytype.
* The displayed selection could be picked
* from the keyparams attribute (this is currently called
* the pqg attribute).
* For now, we pick ecparams from the keyparams field
* if it specifies a valid supported curve, or else
* we pick one of secp384r1, secp256r1 or secp192r1
* respectively depending on the user's selection
* (High, Medium, Low).
* (RSA uses RSA-2048, RSA-1024 and RSA-512 for historical
* reasons, while ECC choices represent a stronger mapping)
* NOTE: The user's selection
* is silently ignored when a valid curve is presented
* in keyparams.
*/
if ((params = decode_ec_params(keyparamsString)) == nsnull) {
/* The keyparams attribute did not specify a valid
* curve name so use a curve based on the keysize.
* NOTE: Here keysize is used only as an indication of
* High/Medium/Low strength; elliptic curve
* cryptography uses smaller keys than RSA to provide
* equivalent security.
*/
switch (keysize) {
case 2048:
params = decode_ec_params("secp384r1");
break;
case 1024:
case 512:
params = decode_ec_params("secp256r1");
break;
}
}
/* XXX The signature algorithm ought to choose the hashing
* algorithm based on key size once ECDSA variations based
* on SHA256 SHA384 and SHA512 are standardized.
*/
algTag = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
break;
default:
goto loser;
}
/* Make sure token is initialized. */
rv = setPassword(slot, m_ctx);
if (NS_FAILED(rv))
goto loser;
sec_rv = PK11_Authenticate(slot, PR_TRUE, m_ctx);
if (sec_rv != SECSuccess) {
goto loser;
}
rv = getNSSDialogs((void**)&dialogs,
NS_GET_IID(nsIGeneratingKeypairInfoDialogs),
NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID);
if (NS_SUCCEEDED(rv)) {
KeygenRunnable = new nsKeygenThread();
NS_IF_ADDREF(KeygenRunnable);
}
if (NS_FAILED(rv) || !KeygenRunnable) {
rv = NS_OK;
privateKey = PK11_GenerateKeyPair(slot, keyGenMechanism, params,
&publicKey, PR_TRUE, PR_TRUE, m_ctx);
} else {
KeygenRunnable->SetParams( slot, keyGenMechanism, params, PR_TRUE, PR_TRUE, m_ctx );
runnable = do_QueryInterface(KeygenRunnable);
if (runnable) {
{
nsPSMUITracker tracker;
if (tracker.isUIForbidden()) {
rv = NS_ERROR_NOT_AVAILABLE;
}
else {
rv = dialogs->DisplayGeneratingKeypairInfo(m_ctx, runnable);
// We call join on the thread,
// so we can be sure that no simultaneous access to the passed parameters will happen.
KeygenRunnable->Join();
}
}
NS_RELEASE(dialogs);
if (NS_SUCCEEDED(rv)) {
rv = KeygenRunnable->GetParams(&privateKey, &publicKey);
}
}
}
if (NS_FAILED(rv) || !privateKey) {
goto loser;
}
// just in case we'll need to authenticate to the db -jp //
privateKey->wincx = m_ctx;
/*
* Create a subject public key info from the public key.
*/
spkInfo = SECKEY_CreateSubjectPublicKeyInfo(publicKey);
if ( !spkInfo ) {
goto loser;
}
/*
* Now DER encode the whole subjectPublicKeyInfo.
*/
sec_rv=DER_Encode(arena, &spkiItem, CERTSubjectPublicKeyInfoTemplate, spkInfo);
if (sec_rv != SECSuccess) {
goto loser;
}
/*
* set up the PublicKeyAndChallenge data structure, then DER encode it
*/
pkac.spki = spkiItem;
pkac.challenge.len = aChallenge.Length();
pkac.challenge.data = (unsigned char *)ToNewCString(aChallenge);
if (!pkac.challenge.data) {
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
sec_rv = DER_Encode(arena, &pkacItem, CERTPublicKeyAndChallengeTemplate, &pkac);
if ( sec_rv != SECSuccess ) {
goto loser;
}
/*
* now sign the DER encoded PublicKeyAndChallenge
*/
sec_rv = SEC_DerSignData(arena, &signedItem, pkacItem.data, pkacItem.len,
privateKey, algTag);
if ( sec_rv != SECSuccess ) {
goto loser;
}
/*
* Convert the signed public key and challenge into base64/ascii.
*/
keystring = BTOA_DataToAscii(signedItem.data, signedItem.len);
if (!keystring) {
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
CopyASCIItoUTF16(keystring, aOutPublicKey);
nsCRT::free(keystring);
rv = NS_OK;
loser:
if ( sec_rv != SECSuccess ) {
if ( privateKey ) {
PK11_DestroyTokenObject(privateKey->pkcs11Slot,privateKey->pkcs11ID);
}
if ( publicKey ) {
PK11_DestroyTokenObject(publicKey->pkcs11Slot,publicKey->pkcs11ID);
}
}
if ( spkInfo ) {
SECKEY_DestroySubjectPublicKeyInfo(spkInfo);
}
if ( publicKey ) {
SECKEY_DestroyPublicKey(publicKey);
}
if ( privateKey ) {
SECKEY_DestroyPrivateKey(privateKey);
}
if ( arena ) {
PORT_FreeArena(arena, PR_TRUE);
}
if (slot != nsnull) {
PK11_FreeSlot(slot);
}
if (KeygenRunnable) {
NS_RELEASE(KeygenRunnable);
}
if (keyparamsString) {
nsMemory::Free(keyparamsString);
}
if (pkac.challenge.data) {
nsMemory::Free(pkac.challenge.data);
}
return rv;
}
nsresult
nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue,
const nsAString& aChallenge,
const nsAFlatString& aKeyType,
nsAString& aOutPublicKey,
const nsAString& aKeyParams)
{
nsNSSShutDownPreventionLock locker;
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = NS_ERROR_FAILURE;
char *keystring = nullptr;
char *keyparamsString = nullptr;
uint32_t keyGenMechanism;
PK11SlotInfo *slot = nullptr;
PK11RSAGenParams rsaParams;
SECOidTag algTag;
int keysize = 0;
void *params = nullptr;
SECKEYPrivateKey *privateKey = nullptr;
SECKEYPublicKey *publicKey = nullptr;
CERTSubjectPublicKeyInfo *spkInfo = nullptr;
SECStatus srv = SECFailure;
SECItem spkiItem;
SECItem pkacItem;
SECItem signedItem;
CERTPublicKeyAndChallenge pkac;
pkac.challenge.data = nullptr;
nsIGeneratingKeypairInfoDialogs * dialogs;
nsKeygenThread *KeygenRunnable = 0;
nsCOMPtr<nsIKeygenThread> runnable;
// permanent and sensitive flags for keygen
PK11AttrFlags attrFlags = PK11_ATTR_TOKEN | PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE;
UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
if (!arena) {
goto loser;
}
// Get the key size //
for (size_t i = 0; i < number_of_key_size_choices; ++i) {
if (aValue.Equals(mSECKeySizeChoiceList[i].name)) {
keysize = mSECKeySizeChoiceList[i].size;
break;
}
}
if (!keysize) {
goto loser;
}
// Set the keygen mechanism
if (aKeyType.IsEmpty() || aKeyType.LowerCaseEqualsLiteral("rsa")) {
keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
} else if (aKeyType.LowerCaseEqualsLiteral("ec")) {
keyparamsString = ToNewCString(aKeyParams);
if (!keyparamsString) {
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
keyGenMechanism = CKM_EC_KEY_PAIR_GEN;
/* ecParams are initialized later */
} else {
goto loser;
}
// Get the slot
rv = GetSlot(keyGenMechanism, &slot);
if (NS_FAILED(rv)) {
goto loser;
}
switch (keyGenMechanism) {
case CKM_RSA_PKCS_KEY_PAIR_GEN:
rsaParams.keySizeInBits = keysize;
rsaParams.pe = DEFAULT_RSA_KEYGEN_PE;
algTag = DEFAULT_RSA_KEYGEN_ALG;
params = &rsaParams;
break;
case CKM_EC_KEY_PAIR_GEN:
/* XXX We ought to rethink how the KEYGEN tag is
* displayed. The pulldown selections presented
* to the user must depend on the keytype.
* The displayed selection could be picked
* from the keyparams attribute (this is currently called
* the pqg attribute).
* For now, we pick ecparams from the keyparams field
* if it specifies a valid supported curve, or else
* we pick one of secp384r1, secp256r1 or secp192r1
* respectively depending on the user's selection
* (High, Medium, Low).
* (RSA uses RSA-2048, RSA-1024 and RSA-512 for historical
* reasons, while ECC choices represent a stronger mapping)
* NOTE: The user's selection
* is silently ignored when a valid curve is presented
* in keyparams.
*/
if ((params = decode_ec_params(keyparamsString)) == nullptr) {
/* The keyparams attribute did not specify a valid
* curve name so use a curve based on the keysize.
* NOTE: Here keysize is used only as an indication of
* High/Medium/Low strength; elliptic curve
* cryptography uses smaller keys than RSA to provide
* equivalent security.
*/
switch (keysize) {
case 2048:
params = decode_ec_params("secp384r1");
break;
case 1024:
case 512:
params = decode_ec_params("secp256r1");
break;
}
}
/* XXX The signature algorithm ought to choose the hashing
* algorithm based on key size once ECDSA variations based
* on SHA256 SHA384 and SHA512 are standardized.
*/
algTag = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
break;
default:
goto loser;
}
/* Make sure token is initialized. */
rv = setPassword(slot, m_ctx, locker);
if (NS_FAILED(rv))
goto loser;
srv = PK11_Authenticate(slot, true, m_ctx);
if (srv != SECSuccess) {
goto loser;
}
rv = getNSSDialogs((void**)&dialogs,
NS_GET_IID(nsIGeneratingKeypairInfoDialogs),
NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID);
if (NS_SUCCEEDED(rv)) {
KeygenRunnable = new nsKeygenThread();
NS_IF_ADDREF(KeygenRunnable);
}
if (NS_FAILED(rv) || !KeygenRunnable) {
rv = NS_OK;
privateKey = PK11_GenerateKeyPairWithFlags(slot, keyGenMechanism, params,
&publicKey, attrFlags, m_ctx);
} else {
KeygenRunnable->SetParams( slot, attrFlags, nullptr, 0,
keyGenMechanism, params, m_ctx );
runnable = do_QueryInterface(KeygenRunnable);
if (runnable) {
rv = dialogs->DisplayGeneratingKeypairInfo(m_ctx, runnable);
// We call join on the thread so we can be sure that no
// simultaneous access to the passed parameters will happen.
KeygenRunnable->Join();
NS_RELEASE(dialogs);
if (NS_SUCCEEDED(rv)) {
PK11SlotInfo *used_slot = nullptr;
rv = KeygenRunnable->ConsumeResult(&used_slot, &privateKey, &publicKey);
if (NS_SUCCEEDED(rv) && used_slot) {
PK11_FreeSlot(used_slot);
}
}
}
}
if (NS_FAILED(rv) || !privateKey) {
goto loser;
}
// just in case we'll need to authenticate to the db -jp //
privateKey->wincx = m_ctx;
/*
* Create a subject public key info from the public key.
*/
spkInfo = SECKEY_CreateSubjectPublicKeyInfo(publicKey);
if ( !spkInfo ) {
goto loser;
}
/*
* Now DER encode the whole subjectPublicKeyInfo.
*/
srv = DER_Encode(arena.get(), &spkiItem, CERTSubjectPublicKeyInfoTemplate,
spkInfo);
if (srv != SECSuccess) {
goto loser;
}
/*
* set up the PublicKeyAndChallenge data structure, then DER encode it
*/
pkac.spki = spkiItem;
pkac.challenge.len = aChallenge.Length();
pkac.challenge.data = (unsigned char *)ToNewCString(aChallenge);
if (!pkac.challenge.data) {
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
srv = DER_Encode(arena.get(), &pkacItem, CERTPublicKeyAndChallengeTemplate,
&pkac);
if (srv != SECSuccess) {
goto loser;
}
/*
* now sign the DER encoded PublicKeyAndChallenge
*/
srv = SEC_DerSignData(arena.get(), &signedItem, pkacItem.data, pkacItem.len,
privateKey, algTag);
if (srv != SECSuccess) {
goto loser;
}
/*
* Convert the signed public key and challenge into base64/ascii.
*/
keystring = BTOA_DataToAscii(signedItem.data, signedItem.len);
if (!keystring) {
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
CopyASCIItoUTF16(keystring, aOutPublicKey);
free(keystring);
rv = NS_OK;
GatherKeygenTelemetry(keyGenMechanism, keysize, keyparamsString);
loser:
if (srv != SECSuccess) {
if ( privateKey ) {
PK11_DestroyTokenObject(privateKey->pkcs11Slot,privateKey->pkcs11ID);
}
if ( publicKey ) {
PK11_DestroyTokenObject(publicKey->pkcs11Slot,publicKey->pkcs11ID);
}
}
if ( spkInfo ) {
SECKEY_DestroySubjectPublicKeyInfo(spkInfo);
}
if ( publicKey ) {
SECKEY_DestroyPublicKey(publicKey);
}
if ( privateKey ) {
SECKEY_DestroyPrivateKey(privateKey);
}
if (slot) {
PK11_FreeSlot(slot);
}
if (KeygenRunnable) {
NS_RELEASE(KeygenRunnable);
}
if (keyparamsString) {
free(keyparamsString);
}
if (pkac.challenge.data) {
free(pkac.challenge.data);
}
// If params is non-null and doesn't point to rsaParams, it was allocated
// in decode_ec_params. We have to free this memory.
if (params && params != &rsaParams) {
SECITEM_FreeItem(static_cast<SECItem*>(params), true);
params = nullptr;
}
return rv;
}
inline bool isOnlySafeChars(const nsAFlatString& in,
const nsAFlatString& blacklist)
{
return (blacklist.IsEmpty() ||
in.FindCharInSet(blacklist) == kNotFound);
}
void txStandaloneXSLTProcessor::parseStylesheetPI(const nsAFlatString& aData,
nsAString& aType,
nsAString& aHref)
{
nsAFlatString::const_char_iterator start, end;
aData.BeginReading(start);
aData.EndReading(end);
nsAFlatString::const_char_iterator iter;
PRInt8 found = 0;
while (start != end) {
SKIP_WHITESPACE(start, end);
iter = start;
SKIP_ATTR_NAME(iter, end);
// Remember the attr name.
const nsAString & attrName = Substring(start, iter);
// Now check whether this is a valid name="value" pair.
start = iter;
SKIP_WHITESPACE(start, end);
if (*start != '=') {
// No '=', so this is not a name="value" pair. We don't know
// what it is, and we have no way to handle it.
break;
}
// Have to skip the value.
++start;
SKIP_WHITESPACE(start, end);
PRUnichar q = *start;
if (q != QUOTE && q != APOSTROPHE) {
// Not a valid quoted value, so bail.
break;
}
++start; // Point to the first char of the value.
iter = start;
while (iter != end && *iter != q) {
++iter;
}
if (iter == end) {
// Oops, unterminated quoted string.
break;
}
// At this point attrName holds the name of the "attribute" and
// the value is between start and iter.
if (attrName.EqualsLiteral("type")) {
aType = Substring(start, iter);
++found;
}
else if (attrName.EqualsLiteral("href")) {
aHref = Substring(start, iter);
++found;
}
// Stop if we found both attributes
if (found == 2) {
break;
}
// Resume scanning after the end of the attribute value.
start = iter;
++start; // To move past the quote char.
}
}
