--- a/security/manager/ssl/nsPKCS12Blob.cpp
+++ b/security/manager/ssl/nsPKCS12Blob.cpp
@@ -21,216 +21,222 @@
#include "nsThreadUtils.h"
#include "p12plcy.h"
#include "pkix/pkixtypes.h"
#include "secerr.h"
using namespace mozilla;
extern LazyLogModule gPIPNSSLog;
-#define PIP_PKCS12_TMPFILENAME NS_LITERAL_CSTRING(".pip_p12tmp")
-#define PIP_PKCS12_BUFFER_SIZE 2048
-#define PIP_PKCS12_USER_CANCELED 3
-#define PIP_PKCS12_NOSMARTCARD_EXPORT 4
-#define PIP_PKCS12_RESTORE_FAILED 5
-#define PIP_PKCS12_BACKUP_FAILED 6
-#define PIP_PKCS12_NSS_ERROR 7
+#define PIP_PKCS12_TMPFILENAME NS_LITERAL_CSTRING(".pip_p12tmp")
+#define PIP_PKCS12_BUFFER_SIZE 2048
+#define PIP_PKCS12_USER_CANCELED 3
+#define PIP_PKCS12_NOSMARTCARD_EXPORT 4
+#define PIP_PKCS12_RESTORE_FAILED 5
+#define PIP_PKCS12_BACKUP_FAILED 6
+#define PIP_PKCS12_NSS_ERROR 7
// constructor
nsPKCS12Blob::nsPKCS12Blob()
: mCertArray(nullptr)
, mTmpFile(nullptr)
{
mUIContext = new PipUIContext();
}
// nsPKCS12Blob::ImportFromFile
//
// Given a file handle, read a PKCS#12 blob from that file, decode it, and
// import the results into the internal database.
nsresult
-nsPKCS12Blob::ImportFromFile(nsIFile *file)
+nsPKCS12Blob::ImportFromFile(nsIFile* file)
{
nsresult rv = NS_OK;
RetryReason wantRetry;
do {
rv = ImportFromFileHelper(file, im_standard_prompt, wantRetry);
if (NS_SUCCEEDED(rv) && wantRetry == rr_auto_retry_empty_password_flavors) {
rv = ImportFromFileHelper(file, im_try_zero_length_secitem, wantRetry);
}
- }
- while (NS_SUCCEEDED(rv) && (wantRetry != rr_do_not_retry));
+ } while (NS_SUCCEEDED(rv) && (wantRetry != rr_do_not_retry));
return rv;
}
nsresult
-nsPKCS12Blob::ImportFromFileHelper(nsIFile *file,
+nsPKCS12Blob::ImportFromFileHelper(nsIFile* file,
nsPKCS12Blob::ImportMode aImportMode,
- nsPKCS12Blob::RetryReason &aWantRetry)
+ nsPKCS12Blob::RetryReason& aWantRetry)
{
nsresult rv = NS_OK;
SECStatus srv = SECSuccess;
- SEC_PKCS12DecoderContext *dcx = nullptr;
- SECItem unicodePw = { siBuffer, nullptr, 0 };
+ SEC_PKCS12DecoderContext* dcx = nullptr;
+ SECItem unicodePw = { siBuffer, nullptr, 0 };
aWantRetry = rr_do_not_retry;
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
if (!slot) {
srv = SECFailure;
goto finish;
}
if (aImportMode == im_try_zero_length_secitem) {
unicodePw.len = 0;
} else {
// get file password (unicode)
rv = getPKCS12FilePassword(&unicodePw);
- if (NS_FAILED(rv)) goto finish;
+ if (NS_FAILED(rv))
+ goto finish;
if (!unicodePw.data) {
handleError(PIP_PKCS12_USER_CANCELED);
return NS_OK;
}
}
// initialize the decoder
- dcx = SEC_PKCS12DecoderStart(&unicodePw, slot.get(), nullptr, nullptr,
- nullptr, nullptr, nullptr, nullptr);
+ dcx = SEC_PKCS12DecoderStart(&unicodePw,
+ slot.get(),
+ nullptr,
+ nullptr,
+ nullptr,
+ nullptr,
+ nullptr,
+ nullptr);
if (!dcx) {
srv = SECFailure;
goto finish;
}
// read input file and feed it to the decoder
rv = inputToDecoder(dcx, file);
if (NS_FAILED(rv)) {
if (NS_ERROR_ABORT == rv) {
// inputToDecoder indicated a NSS error
srv = SECFailure;
}
goto finish;
}
// verify the blob
srv = SEC_PKCS12DecoderVerify(dcx);
- if (srv) goto finish;
+ if (srv)
+ goto finish;
// validate bags
srv = SEC_PKCS12DecoderValidateBags(dcx, nickname_collision);
- if (srv) goto finish;
+ if (srv)
+ goto finish;
// import cert and key
srv = SEC_PKCS12DecoderImportBags(dcx);
- if (srv) goto finish;
+ if (srv)
+ goto finish;
// Later - check to see if this should become default email cert
finish:
// If srv != SECSuccess, NSS probably set a specific error code.
// We should use that error code instead of inventing a new one
// for every error possible.
if (srv != SECSuccess) {
if (SEC_ERROR_BAD_PASSWORD == PORT_GetError()) {
- if (unicodePw.len == sizeof(char16_t))
- {
+ if (unicodePw.len == sizeof(char16_t)) {
// no password chars available,
// unicodeToItem allocated space for the trailing zero character only.
aWantRetry = rr_auto_retry_empty_password_flavors;
- }
- else
- {
+ } else {
aWantRetry = rr_bad_password;
handleError(PIP_PKCS12_NSS_ERROR);
}
- }
- else
- {
+ } else {
handleError(PIP_PKCS12_NSS_ERROR);
}
} else if (NS_FAILED(rv)) {
handleError(PIP_PKCS12_RESTORE_FAILED);
}
// finish the decoder
if (dcx)
SEC_PKCS12DecoderFinish(dcx);
SECITEM_ZfreeItem(&unicodePw, false);
return NS_OK;
}
static bool
-isExtractable(SECKEYPrivateKey *privKey)
+isExtractable(SECKEYPrivateKey* privKey)
{
ScopedAutoSECItem value;
- SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, privKey,
- CKA_EXTRACTABLE, &value);
+ SECStatus rv =
+ PK11_ReadRawAttribute(PK11_TypePrivKey, privKey, CKA_EXTRACTABLE, &value);
if (rv != SECSuccess) {
return false;
}
bool isExtractable = false;
if ((value.len == 1) && value.data) {
isExtractable = !!(*(CK_BBOOL*)value.data);
}
return isExtractable;
}
// nsPKCS12Blob::ExportToFile
//
// Having already loaded the certs, form them into a blob (loading the keys
// also), encode the blob, and stuff it into the file.
nsresult
-nsPKCS12Blob::ExportToFile(nsIFile *file,
- nsIX509Cert **certs, int numCerts)
+nsPKCS12Blob::ExportToFile(nsIFile* file, nsIX509Cert** certs, int numCerts)
{
nsresult rv;
SECStatus srv = SECSuccess;
- SEC_PKCS12ExportContext *ecx = nullptr;
+ SEC_PKCS12ExportContext* ecx = nullptr;
SEC_PKCS12SafeInfo *certSafe = nullptr, *keySafe = nullptr;
SECItem unicodePw;
nsAutoString filePath;
int i;
nsCOMPtr<nsIFile> localFileRef;
// init slot
bool InformedUserNoSmartcardBackup = false;
int numCertsExported = 0;
// get file password (unicode)
unicodePw.data = nullptr;
rv = newPKCS12FilePassword(&unicodePw);
- if (NS_FAILED(rv)) goto finish;
+ if (NS_FAILED(rv))
+ goto finish;
if (!unicodePw.data) {
handleError(PIP_PKCS12_USER_CANCELED);
return NS_OK;
}
// what about slotToUse in psm 1.x ???
// create export context
- ecx = SEC_PKCS12CreateExportContext(nullptr, nullptr, nullptr /*slot*/, nullptr);
+ ecx =
+ SEC_PKCS12CreateExportContext(nullptr, nullptr, nullptr /*slot*/, nullptr);
if (!ecx) {
srv = SECFailure;
goto finish;
}
// add password integrity
srv = SEC_PKCS12AddPasswordIntegrity(ecx, &unicodePw, SEC_OID_SHA1);
- if (srv) goto finish;
- for (i=0; i<numCerts; i++) {
- nsNSSCertificate *cert = (nsNSSCertificate *)certs[i];
+ if (srv)
+ goto finish;
+ for (i = 0; i < numCerts; i++) {
+ nsNSSCertificate* cert = (nsNSSCertificate*)certs[i];
// get it as a CERTCertificate XXX
UniqueCERTCertificate nssCert(cert->GetCert());
if (!nssCert) {
rv = NS_ERROR_FAILURE;
goto finish;
}
// We can only successfully export certs that are on
// internal token. Most, if not all, smart card vendors
// won't let you extract the private key (in any way
// shape or form) from the card. So let's punt if
// the cert is not in the internal db.
if (nssCert->slot && !PK11_IsInternal(nssCert->slot)) {
// we aren't the internal token, see if the key is extractable.
- SECKEYPrivateKey *privKey=PK11_FindKeyByDERCert(nssCert->slot,
- nssCert.get(), this);
+ SECKEYPrivateKey* privKey =
+ PK11_FindKeyByDERCert(nssCert->slot, nssCert.get(), this);
if (privKey) {
bool privKeyIsExtractable = isExtractable(privKey);
SECKEY_DestroyPrivateKey(privKey);
if (!privKeyIsExtractable) {
if (!InformedUserNoSmartcardBackup) {
@@ -244,57 +250,69 @@ nsPKCS12Blob::ExportToFile(nsIFile *file
// XXX this is why, to verify the slot is the same
// PK11_FindObjectForCert(nssCert, nullptr, slot);
// create the cert and key safes
keySafe = SEC_PKCS12CreateUnencryptedSafe(ecx);
if (!SEC_PKCS12IsEncryptionAllowed() || PK11_IsFIPS()) {
certSafe = keySafe;
} else {
- certSafe = SEC_PKCS12CreatePasswordPrivSafe(ecx, &unicodePw,
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC);
+ certSafe = SEC_PKCS12CreatePasswordPrivSafe(
+ ecx, &unicodePw, SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC);
}
if (!certSafe || !keySafe) {
rv = NS_ERROR_FAILURE;
goto finish;
}
// add the cert and key to the blob
- srv = SEC_PKCS12AddCertAndKey(ecx, certSafe, nullptr, nssCert.get(),
- CERT_GetDefaultCertDB(), // XXX
- keySafe, nullptr, true, &unicodePw,
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC);
- if (srv) goto finish;
+ srv = SEC_PKCS12AddCertAndKey(
+ ecx,
+ certSafe,
+ nullptr,
+ nssCert.get(),
+ CERT_GetDefaultCertDB(), // XXX
+ keySafe,
+ nullptr,
+ true,
+ &unicodePw,
+ SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC);
+ if (srv)
+ goto finish;
// cert was dup'ed, so release it
++numCertsExported;
}
- if (!numCertsExported) goto finish;
+ if (!numCertsExported)
+ goto finish;
// prepare the instance to write to an export file
this->mTmpFile = nullptr;
file->GetPath(filePath);
// Use the nsCOMPtr var localFileRef so that
// the reference to the nsIFile we create gets released as soon as
// we're out of scope, ie when this function exits.
if (filePath.RFind(".p12", true, -1, 4) < 0) {
// We're going to add the .p12 extension to the file name just like
// Communicator used to. We create a new nsIFile and initialize
// it with the new patch.
filePath.AppendLiteral(".p12");
localFileRef = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID, &rv);
- if (NS_FAILED(rv)) goto finish;
+ if (NS_FAILED(rv))
+ goto finish;
localFileRef->InitWithPath(filePath);
file = localFileRef;
}
- rv = file->OpenNSPRFileDesc(PR_RDWR|PR_CREATE_FILE|PR_TRUNCATE, 0664,
- &mTmpFile);
- if (NS_FAILED(rv) || !this->mTmpFile) goto finish;
+ rv = file->OpenNSPRFileDesc(
+ PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 0664, &mTmpFile);
+ if (NS_FAILED(rv) || !this->mTmpFile)
+ goto finish;
// encode and write
srv = SEC_PKCS12Encode(ecx, write_export_file, this);
- if (srv) goto finish;
+ if (srv)
+ goto finish;
finish:
if (NS_FAILED(rv) || srv != SECSuccess) {
handleError(PIP_PKCS12_BACKUP_FAILED);
}
if (ecx)
SEC_PKCS12DestroyExportContext(ecx);
if (this->mTmpFile) {
PR_Close(this->mTmpFile);
@@ -320,68 +338,70 @@ nsPKCS12Blob::unicodeToItem(const nsStri
uint32_t len = uni.Length() + 1; // +1 for the null terminator.
if (!SECITEM_AllocItem(nullptr, item, sizeof(char16_t) * len)) {
return NS_ERROR_OUT_OF_MEMORY;
}
// We have to use a cast here because on Windows, uni.get() returns
// char16ptr_t instead of char16_t*.
mozilla::NativeEndian::copyAndSwapToBigEndian(
- item->data,
- static_cast<const char16_t*>(uni.get()),
- len);
+ item->data, static_cast<const char16_t*>(uni.get()), len);
return NS_OK;
}
// newPKCS12FilePassword
//
// Launch a dialog requesting the user for a new PKCS#12 file passowrd.
// Handle user canceled by returning null password (caller must catch).
nsresult
-nsPKCS12Blob::newPKCS12FilePassword(SECItem *unicodePw)
+nsPKCS12Blob::newPKCS12FilePassword(SECItem* unicodePw)
{
nsresult rv = NS_OK;
nsAutoString password;
nsCOMPtr<nsICertificateDialogs> certDialogs;
rv = ::getNSSDialogs(getter_AddRefs(certDialogs),
NS_GET_IID(nsICertificateDialogs),
NS_CERTIFICATEDIALOGS_CONTRACTID);
- if (NS_FAILED(rv)) return rv;
+ if (NS_FAILED(rv))
+ return rv;
bool pressedOK;
rv = certDialogs->SetPKCS12FilePassword(mUIContext, password, &pressedOK);
- if (NS_FAILED(rv) || !pressedOK) return rv;
+ if (NS_FAILED(rv) || !pressedOK)
+ return rv;
return unicodeToItem(password, unicodePw);
}
// getPKCS12FilePassword
//
// Launch a dialog requesting the user for the password to a PKCS#12 file.
// Handle user canceled by returning null password (caller must catch).
nsresult
-nsPKCS12Blob::getPKCS12FilePassword(SECItem *unicodePw)
+nsPKCS12Blob::getPKCS12FilePassword(SECItem* unicodePw)
{
nsresult rv = NS_OK;
nsAutoString password;
nsCOMPtr<nsICertificateDialogs> certDialogs;
rv = ::getNSSDialogs(getter_AddRefs(certDialogs),
NS_GET_IID(nsICertificateDialogs),
NS_CERTIFICATEDIALOGS_CONTRACTID);
- if (NS_FAILED(rv)) return rv;
+ if (NS_FAILED(rv))
+ return rv;
bool pressedOK;
rv = certDialogs->GetPKCS12FilePassword(mUIContext, password, &pressedOK);
- if (NS_FAILED(rv) || !pressedOK) return rv;
+ if (NS_FAILED(rv) || !pressedOK)
+ return rv;
return unicodeToItem(password, unicodePw);
}
// inputToDecoder
//
// Given a decoder, read bytes from file and input them to the decoder.
nsresult
-nsPKCS12Blob::inputToDecoder(SEC_PKCS12DecoderContext *dcx, nsIFile *file)
+nsPKCS12Blob::inputToDecoder(SEC_PKCS12DecoderContext* dcx, nsIFile* file)
{
nsresult rv;
SECStatus srv;
uint32_t amount;
char buf[PIP_PKCS12_BUFFER_SIZE];
nsCOMPtr<nsIInputStream> fileStream;
rv = NS_NewLocalFileInputStream(getter_AddRefs(fileStream), file);
@@ -391,36 +411,34 @@ nsPKCS12Blob::inputToDecoder(SEC_PKCS12D
}
while (true) {
rv = fileStream->Read(buf, PIP_PKCS12_BUFFER_SIZE, &amount);
if (NS_FAILED(rv)) {
return rv;
}
// feed the file data into the decoder
- srv = SEC_PKCS12DecoderUpdate(dcx,
- (unsigned char*) buf,
- amount);
+ srv = SEC_PKCS12DecoderUpdate(dcx, (unsigned char*)buf, amount);
if (srv) {
// don't allow the close call to overwrite our precious error code
int pr_err = PORT_GetError();
PORT_SetError(pr_err);
return NS_ERROR_ABORT;
}
if (amount < PIP_PKCS12_BUFFER_SIZE)
break;
}
return NS_OK;
}
// nickname_collision
// what to do when the nickname collides with one already in the db.
// TODO: not handled, throw a dialog allowing the nick to be changed?
-SECItem *
-nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
+SECItem*
+nsPKCS12Blob::nickname_collision(SECItem* oldNick, PRBool* cancel, void* wincx)
{
*cancel = false;
int count = 1;
nsCString nickname;
nsAutoString nickFromProp;
nsresult rv = GetPIPNSSBundleString("P12DefaultNickname", nickFromProp);
if (NS_FAILED(rv)) {
return nullptr;
@@ -449,52 +467,52 @@ nsPKCS12Blob::nickname_collision(SECItem
// that nickname. Keep updating the count until we find a nickname
// without a corresponding cert.
// XXX If a user imports *many* certs without the 'friendly name'
// attribute, then this may take a long time. :(
nickname = nickFromPropC;
if (count > 1) {
nickname.AppendPrintf(" #%d", count);
}
- UniqueCERTCertificate cert(CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
- nickname.get()));
+ UniqueCERTCertificate cert(
+ CERT_FindCertByNickname(CERT_GetDefaultCertDB(), nickname.get()));
if (!cert) {
break;
}
count++;
}
- SECItem *newNick = new SECItem;
+ SECItem* newNick = new SECItem;
if (!newNick)
return nullptr;
newNick->type = siAsciiString;
- newNick->data = (unsigned char*) strdup(nickname.get());
- newNick->len = strlen((char*)newNick->data);
+ newNick->data = (unsigned char*)strdup(nickname.get());
+ newNick->len = strlen((char*)newNick->data);
return newNick;
}
// write_export_file
// write bytes to the exported PKCS#12 file
void
-nsPKCS12Blob::write_export_file(void *arg, const char *buf, unsigned long len)
+nsPKCS12Blob::write_export_file(void* arg, const char* buf, unsigned long len)
{
- nsPKCS12Blob *cx = (nsPKCS12Blob *)arg;
+ nsPKCS12Blob* cx = (nsPKCS12Blob*)arg;
PR_Write(cx->mTmpFile, buf, len);
}
// pip_ucs2_ascii_conversion_fn
// required to be set by NSS (to do PKCS#12), but since we've already got
// unicode make this a no-op.
PRBool
pip_ucs2_ascii_conversion_fn(PRBool toUnicode,
- unsigned char *inBuf,
+ unsigned char* inBuf,
unsigned int inBufLen,
- unsigned char *outBuf,
+ unsigned char* outBuf,
unsigned int maxOutBufLen,
- unsigned int *outBufLen,
+ unsigned int* outBufLen,
PRBool swapBytes)
{
// do a no-op, since I've already got unicode. Hah!
*outBufLen = inBufLen;
memcpy(outBuf, inBuf, inBufLen);
return true;
}
@@ -505,45 +523,56 @@ nsPKCS12Blob::handleError(int myerr)
if (!NS_IsMainThread()) {
return;
}
int prerr = PORT_GetError();
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PKCS12: NSS/NSPR error(%d)", prerr));
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PKCS12: I called(%d)", myerr));
- const char * msgID = nullptr;
+ const char* msgID = nullptr;
switch (myerr) {
- case PIP_PKCS12_USER_CANCELED:
- return; /* Just ignore it for now */
- case PIP_PKCS12_NOSMARTCARD_EXPORT: msgID = "PKCS12InfoNoSmartcardBackup"; break;
- case PIP_PKCS12_RESTORE_FAILED: msgID = "PKCS12UnknownErrRestore"; break;
- case PIP_PKCS12_BACKUP_FAILED: msgID = "PKCS12UnknownErrBackup"; break;
- case PIP_PKCS12_NSS_ERROR:
- switch (prerr) {
- // The following errors have the potential to be "handled", by asking
- // the user (via a dialog) whether s/he wishes to continue
- case 0: break;
- case SEC_ERROR_PKCS12_CERT_COLLISION:
- /* pop a dialog saying the cert is already in the database */
- /* ask to keep going? what happens if one collision but others ok? */
- // The following errors cannot be "handled", notify the user (via an alert)
- // that the operation failed.
- case SEC_ERROR_BAD_PASSWORD: msgID = "PK11BadPassword"; break;
+ case PIP_PKCS12_USER_CANCELED:
+ return; /* Just ignore it for now */
+ case PIP_PKCS12_NOSMARTCARD_EXPORT:
+ msgID = "PKCS12InfoNoSmartcardBackup";
+ break;
+ case PIP_PKCS12_RESTORE_FAILED:
+ msgID = "PKCS12UnknownErrRestore";
+ break;
+ case PIP_PKCS12_BACKUP_FAILED:
+ msgID = "PKCS12UnknownErrBackup";
+ break;
+ case PIP_PKCS12_NSS_ERROR:
+ switch (prerr) {
+ // The following errors have the potential to be "handled", by asking
+ // the user (via a dialog) whether s/he wishes to continue
+ case 0:
+ break;
+ case SEC_ERROR_PKCS12_CERT_COLLISION:
+ /* pop a dialog saying the cert is already in the database */
+ /* ask to keep going? what happens if one collision but others ok? */
+ // The following errors cannot be "handled", notify the user (via an
+ // alert) that the operation failed.
+ case SEC_ERROR_BAD_PASSWORD:
+ msgID = "PK11BadPassword";
+ break;
- case SEC_ERROR_BAD_DER:
- case SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE:
- case SEC_ERROR_PKCS12_INVALID_MAC:
- msgID = "PKCS12DecodeErr";
+ case SEC_ERROR_BAD_DER:
+ case SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE:
+ case SEC_ERROR_PKCS12_INVALID_MAC:
+ msgID = "PKCS12DecodeErr";
+ break;
+
+ case SEC_ERROR_PKCS12_DUPLICATE_DATA:
+ msgID = "PKCS12DupData";
+ break;
+ }
break;
-
- case SEC_ERROR_PKCS12_DUPLICATE_DATA: msgID = "PKCS12DupData"; break;
- }
- break;
}
if (!msgID)
msgID = "PKCS12UnknownErr";
nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService(NS_WINDOWWATCHER_CONTRACTID));
if (!wwatch) {
return;--- a/security/manager/ssl/nsPKCS12Blob.h
+++ b/security/manager/ssl/nsPKCS12Blob.h
@@ -21,50 +21,61 @@ class nsIX509Cert;
//
class nsPKCS12Blob
{
public:
nsPKCS12Blob();
virtual ~nsPKCS12Blob() {}
// PKCS#12 Import
- nsresult ImportFromFile(nsIFile *file);
+ nsresult ImportFromFile(nsIFile* file);
// PKCS#12 Export
- nsresult ExportToFile(nsIFile *file, nsIX509Cert **certs, int numCerts);
+ nsresult ExportToFile(nsIFile* file, nsIX509Cert** certs, int numCerts);
private:
-
- nsCOMPtr<nsIMutableArray> mCertArray;
+ nsCOMPtr<nsIMutableArray> mCertArray;
nsCOMPtr<nsIInterfaceRequestor> mUIContext;
// local helper functions
- nsresult getPKCS12FilePassword(SECItem *);
- nsresult newPKCS12FilePassword(SECItem *);
- nsresult inputToDecoder(SEC_PKCS12DecoderContext *, nsIFile *);
+ nsresult getPKCS12FilePassword(SECItem*);
+ nsresult newPKCS12FilePassword(SECItem*);
+ nsresult inputToDecoder(SEC_PKCS12DecoderContext*, nsIFile*);
nsresult unicodeToItem(const nsString& uni, SECItem* item);
void handleError(int myerr = 0);
// RetryReason and ImportMode are used when importing a PKCS12 file.
// There are two reasons that cause us to retry:
// - When the password entered by the user is incorrect.
// The user will be prompted to try again.
// - When the user entered a zero length password.
// An empty password should be represented as an empty
// string (a SECItem that contains a single terminating
// null UTF16 character), but some applications use a
// zero length SECItem.
// We try both variations, zero length item and empty string,
- // without giving a user prompt when trying the different empty password flavors.
+ // without giving a user prompt when trying the different empty password
+ // flavors.
- enum RetryReason { rr_do_not_retry, rr_bad_password, rr_auto_retry_empty_password_flavors };
- enum ImportMode { im_standard_prompt, im_try_zero_length_secitem };
+ enum RetryReason
+ {
+ rr_do_not_retry,
+ rr_bad_password,
+ rr_auto_retry_empty_password_flavors
+ };
+ enum ImportMode
+ {
+ im_standard_prompt,
+ im_try_zero_length_secitem
+ };
- nsresult ImportFromFileHelper(nsIFile *file, ImportMode aImportMode, RetryReason &aWantRetry);
+ nsresult ImportFromFileHelper(nsIFile* file,
+ ImportMode aImportMode,
+ RetryReason& aWantRetry);
// NSPR file I/O for export file
- PRFileDesc *mTmpFile;
+ PRFileDesc* mTmpFile;
- static SECItem * nickname_collision(SECItem *, PRBool *, void *);
- static void write_export_file(void *arg, const char *buf, unsigned long len);
+ static SECItem* nickname_collision(SECItem*, PRBool*, void*);
+ static void write_export_file(void* arg, const char* buf, unsigned long len);
};
#endif // nsPKCS12Blob_h