From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 19:32:43 +0200 Subject: Adding upstream version 1:115.7.0. Signed-off-by: Daniel Baumann --- .../extensions/smime/nsCMSSecureMessage.cpp | 92 ++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 comm/mailnews/extensions/smime/nsCMSSecureMessage.cpp (limited to 'comm/mailnews/extensions/smime/nsCMSSecureMessage.cpp') diff --git a/comm/mailnews/extensions/smime/nsCMSSecureMessage.cpp b/comm/mailnews/extensions/smime/nsCMSSecureMessage.cpp new file mode 100644 index 0000000000..c2c220a2f4 --- /dev/null +++ b/comm/mailnews/extensions/smime/nsCMSSecureMessage.cpp @@ -0,0 +1,92 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsCMSSecureMessage.h" + +#include + +#include "ScopedNSSTypes.h" +#include "SharedCertVerifier.h" +#include "cms.h" +#include "mozilla/Logging.h" +#include "mozilla/RefPtr.h" +#include "nsCOMPtr.h" +#include "nsDependentSubstring.h" +#include "nsIInterfaceRequestor.h" +#include "nsServiceManagerUtils.h" +#include "nsISupports.h" +#include "nsIX509Cert.h" +#include "nsIX509CertDB.h" +#include "nsNSSComponent.h" +#include "nsNSSHelper.h" +#include "plbase64.h" + +using namespace mozilla; +using namespace mozilla::psm; + +// Standard ISupports implementation +// NOTE: Should these be the thread-safe versions? + +/***** + * nsCMSSecureMessage + *****/ + +// Standard ISupports implementation +NS_IMPL_ISUPPORTS(nsCMSSecureMessage, nsICMSSecureMessage) + +// nsCMSSecureMessage constructor +nsCMSSecureMessage::nsCMSSecureMessage() { + // initialize superclass +} + +// nsCMSMessage destructor +nsCMSSecureMessage::~nsCMSSecureMessage() {} + +nsresult nsCMSSecureMessage::Init() { + nsresult rv; + nsCOMPtr nssInitialized = + do_GetService("@mozilla.org/psm;1", &rv); + return rv; +} + +nsresult nsCMSSecureMessage::CheckUsageOk(nsIX509Cert* aCert, + SECCertificateUsage aUsage, + bool* aCanBeUsed) { + NS_ENSURE_ARG_POINTER(aCert); + *aCanBeUsed = false; + + nsresult rv; + nsCOMPtr certdb = + do_GetService("@mozilla.org/security/x509certdb;1", &rv); + NS_ENSURE_SUCCESS(rv, rv); + + nsTArray certBytes; + rv = aCert->GetRawDER(certBytes); + NS_ENSURE_SUCCESS(rv, rv); + + RefPtr certVerifier(GetDefaultCertVerifier()); + NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED); + + nsTArray> unusedBuiltChain; + // It's fine to skip OCSP, because this is called only from code + // for selecting the user's own configured cert. + if (certVerifier->VerifyCert(certBytes, aUsage, mozilla::pkix::Now(), nullptr, + nullptr, unusedBuiltChain, + CertVerifier::FLAG_LOCAL_ONLY) == + mozilla::pkix::Success) { + *aCanBeUsed = true; + } + return NS_OK; +} + +NS_IMETHODIMP nsCMSSecureMessage::CanBeUsedForEmailEncryption( + nsIX509Cert* aCert, bool* aCanBeUsed) { + return CheckUsageOk(aCert, certificateUsageEmailRecipient, aCanBeUsed); +} + +NS_IMETHODIMP nsCMSSecureMessage::CanBeUsedForEmailSigning(nsIX509Cert* aCert, + bool* aCanBeUsed) { + return CheckUsageOk(aCert, certificateUsageEmailSigner, aCanBeUsed); +} -- cgit v1.2.3