1 files changed, 92 insertions, 0 deletions
diff --git a/comm/mailnews/extensions/smime/nsCMSSecureMessage.cpp b/comm/mailnews/extensions/smime/nsCMSSecureMessage.cpp
new file mode 100644
index 0000000000..c2c220a2f4
--- /dev/null
+++ b/comm/mailnews/extensions/smime/nsCMSSecureMessage.cpp
@@ -0,0 +1,92 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsCMSSecureMessage.h"
+
+#include <string.h>
+
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "cms.h"
+#include "mozilla/Logging.h"
+#include "mozilla/RefPtr.h"
+#include "nsCOMPtr.h"
+#include "nsDependentSubstring.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsServiceManagerUtils.h"
+#include "nsISupports.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertDB.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "plbase64.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+// Standard ISupports implementation
+// NOTE: Should these be the thread-safe versions?
+
+/*****
+ * nsCMSSecureMessage
+ *****/
+
+// Standard ISupports implementation
+NS_IMPL_ISUPPORTS(nsCMSSecureMessage, nsICMSSecureMessage)
+
+// nsCMSSecureMessage constructor
+nsCMSSecureMessage::nsCMSSecureMessage() {
+  // initialize superclass
+}
+
+// nsCMSMessage destructor
+nsCMSSecureMessage::~nsCMSSecureMessage() {}
+
+nsresult nsCMSSecureMessage::Init() {
+  nsresult rv;
+  nsCOMPtr<nsISupports> nssInitialized =
+      do_GetService("@mozilla.org/psm;1", &rv);
+  return rv;
+}
+
+nsresult nsCMSSecureMessage::CheckUsageOk(nsIX509Cert* aCert,
+                                          SECCertificateUsage aUsage,
+                                          bool* aCanBeUsed) {
+  NS_ENSURE_ARG_POINTER(aCert);
+  *aCanBeUsed = false;
+
+  nsresult rv;
+  nsCOMPtr<nsIX509CertDB> certdb =
+      do_GetService("@mozilla.org/security/x509certdb;1", &rv);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  nsTArray<uint8_t> certBytes;
+  rv = aCert->GetRawDER(certBytes);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
+
+  nsTArray<nsTArray<uint8_t>> unusedBuiltChain;
+  // It's fine to skip OCSP, because this is called only from code
+  // for selecting the user's own configured cert.
+  if (certVerifier->VerifyCert(certBytes, aUsage, mozilla::pkix::Now(), nullptr,
+                               nullptr, unusedBuiltChain,
+                               CertVerifier::FLAG_LOCAL_ONLY) ==
+      mozilla::pkix::Success) {
+    *aCanBeUsed = true;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP nsCMSSecureMessage::CanBeUsedForEmailEncryption(
+    nsIX509Cert* aCert, bool* aCanBeUsed) {
+  return CheckUsageOk(aCert, certificateUsageEmailRecipient, aCanBeUsed);
+}
+
+NS_IMETHODIMP nsCMSSecureMessage::CanBeUsedForEmailSigning(nsIX509Cert* aCert,
+                                                           bool* aCanBeUsed) {
+  return CheckUsageOk(aCert, certificateUsageEmailSigner, aCanBeUsed);
+}