npcore: crypto_setup.cpp Source File

00001 /*
00002 **  ClanLib SDK
00003 **  Copyright (c) 1997-2005 The ClanLib Team
00004 **
00005 **  This software is provided 'as-is', without any express or implied
00006 **  warranty.  In no event will the authors be held liable for any damages
00007 **  arising from the use of this software.
00008 **
00009 **  Permission is granted to anyone to use this software for any purpose,
00010 **  including commercial applications, and to alter it and redistribute it
00011 **  freely, subject to the following restrictions:
00012 **
00013 **  1. The origin of this software must not be misrepresented; you must not
00014 **     claim that you wrote the original software. If you use this software
00015 **     in a product, an acknowledgment in the product documentation would be
00016 **     appreciated but is not required.
00017 **  2. Altered source versions must be plainly marked as such, and must not be
00018 **     misrepresented as being the original software.
00019 **  3. This notice may not be removed or altered from any source distribution.
00020 **
00021 **  Note: Some of the libraries ClanLib link to may have additional
00022 **  requirements or restrictions.
00023 **
00024 **  File Author(s):
00025 **
00026 **    Magnus Norddahl
00027 */
00028 
00029 #include "precomp.h"
00030 #include "crypto_setup.h"
00031 #include "exception.h"
00032 #include "string_help.h"
00033 #include "certificate.h"
00034 #include "private_key.h"
00035 #include <prerr.h>
00036 #include <nspr.h>
00037 #include <nss.h>
00038 #include <pk11func.h>
00039 #include <ssl.h>
00040 
00042 // CL_CryptoSetup Construction:
00043 
00044 CL_CryptoSetup::CL_CryptoSetup(const CL_String &config_dir, bool read_write)
00045 {
00046         if (instance != 0)
00047                 throw CL_Exception(TEXT("Only one instance of CL_CryptoSetup allowed!"));
00048                 
00049         PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
00050         PK11_SetPasswordFunc(&CL_CryptoSetup::pk11_password_func);
00051         
00052         CL_StringA config_dir_local8 = CL_StringHelp::text_to_local8(config_dir);
00053         
00054         SECStatus result = SECFailure;
00055         if (read_write)
00056                 result = NSS_InitReadWrite(config_dir_local8.c_str());
00057         else
00058                 result = NSS_Init(config_dir_local8.c_str());
00059         if (result == SECFailure)
00060                 throw CL_Exception(TEXT("NSS_Init failed!"));
00061                 
00062         // SSL_OptionSetDefault(option, on);
00063         result = NSS_SetDomesticPolicy();
00064         if (result == SECFailure)
00065                 throw CL_Exception(TEXT("NSS_SetDomesticPolicy failed!"));
00066         // result = SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled);
00067 
00068         instance = this;
00069 }
00070 
00071 CL_CryptoSetup::~CL_CryptoSetup()
00072 {
00073         instance = 0;
00074 }
00075 
00077 // CL_CryptoSetup Attributes:
00078 
00080 // CL_CryptoSetup Operations:
00081 
00082 void CL_CryptoSetup::config_server_sid_cache(
00083         int max_cache_entries,
00084         unsigned int timeout,
00085         unsigned int ssl3_timeout,
00086         const CL_String &directory)
00087 {
00088         SECStatus result = SSL_ConfigServerSessionIDCache(
00089                 max_cache_entries,
00090                 timeout,
00091                 ssl3_timeout,
00092                 directory.empty() ? 0 : directory.c_str());
00093         if (result == SECFailure)
00094                 throw CL_Exception(TEXT("SSL_ConfigServerSessionIDCache failed!"));
00095 }
00096         
00097 CL_Certificate CL_CryptoSetup::find_cert_from_nickname(
00098         const CL_String &nickname,
00099         PK11PasswordHandler *pw_handler)
00100 {
00101         CL_StringA nickname_local8 = CL_StringHelp::text_to_local8(nickname);
00102         CERTCertificate *cert = PK11_FindCertFromNickname((char *) nickname_local8.c_str(), pw_handler);
00103         if (cert == 0)
00104                 throw CL_Exception(TEXT("No PK11 certificate found for nickname ") + nickname);
00105         return CL_Certificate(cert);
00106 }
00107         
00108 CL_Certificate CL_CryptoSetup::find_cert_from_nickname(
00109         const CL_String &nickname,
00110         const CL_String &password)
00111 {
00112         PK11PasswordHandler_Password pw_handler(password);
00113         return find_cert_from_nickname(nickname, &pw_handler);
00114 }
00115         
00116 CL_PrivateKey CL_CryptoSetup::find_key_by_any_cert(
00117         const CL_Certificate &cert,
00118         PK11PasswordHandler *pw_handler)
00119 {
00120         SECKEYPrivateKey *key = PK11_FindKeyByAnyCert(cert.cert, pw_handler);
00121         if (key == 0)
00122                 throw CL_Exception(TEXT("No private key found for certificate"));
00123         return CL_PrivateKey(key);
00124 }
00125 
00127 // CL_CryptoSetup Implementation:
00128 
00129 CL_CryptoSetup *CL_CryptoSetup::instance = 0;
00130 
00131 char *CL_CryptoSetup::pk11_password_func(PK11SlotInfo *slot, PRBool retry, void *arg)
00132 {
00133         PK11PasswordHandler *handler = (PK11PasswordHandler *) arg;
00134         return 0;
00135 }