mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 867465: Remove the "Revocation Lists" feature, r=cviecco, r=mattn

This commit is contained in:
Brian Smith 2013-06-02 23:37:47 -07:00
Родитель 19ee230192
Коммит 0272350848
34 изменённых файлов: 12 добавлений и 2270 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
browser/app/profile/firefox.js
Просмотреть файл

@ -1027,7 +1027,6 @@ pref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", true);
pref("services.sync.prefs.sync.privacy.donottrackheader.enabled", true);
pref("services.sync.prefs.sync.privacy.donottrackheader.value", true);
pref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", true);
pref("services.sync.prefs.sync.security.OCSP.disable_button.managecrl", true);
pref("services.sync.prefs.sync.security.OCSP.enabled", true);
pref("services.sync.prefs.sync.security.OCSP.require", true);
pref("services.sync.prefs.sync.security.default_personal_cert", true);

10
browser/components/preferences/advanced.js
Просмотреть файл

@ -804,16 +804,6 @@ var gAdvancedPane = {
"", null);
},
/**
* Displays a dialog which describes the user's CRLs.
*/
showCRLs: function ()
{
document.documentElement.openWindow("mozilla:crlmanager",
"chrome://pippki/content/crlManager.xul",
"", null);
},
/**
* Displays a dialog in which OCSP preferences can be configured.
*/

17
browser/components/preferences/advanced.xul
Просмотреть файл

@ -101,9 +101,6 @@
<preference id="security.disable_button.openCertManager"
name="security.disable_button.openCertManager"
type="bool"/>
<preference id="security.OCSP.disable_button.managecrl"
name="security.OCSP.disable_button.managecrl"
type="bool"/>
<preference id="security.disable_button.openDeviceManager"
name="security.disable_button.openDeviceManager"
type="bool"/>
@ -424,33 +421,19 @@
<separator/>
#ifdef XP_MACOSX
<vbox>
#endif
<hbox>
<button id="viewCertificatesButton"
label="&viewCerts.label;" accesskey="&viewCerts.accesskey;"
oncommand="gAdvancedPane.showCertificates();"
preference="security.disable_button.openCertManager"/>
<button id="viewCRLButton"
label="&viewCRLs.label;" accesskey="&viewCRLs.accesskey;"
oncommand="gAdvancedPane.showCRLs();"
preference="security.OCSP.disable_button.managecrl"/>
<button id="verificationButton"
label="&verify2.label;" accesskey="&verify2.accesskey;"
oncommand="gAdvancedPane.showOCSP();"/>
#ifdef XP_MACOSX
</hbox>
<hbox>
#endif
<button id="viewSecurityDevicesButton"
label="&viewSecurityDevices.label;" accesskey="&viewSecurityDevices.accesskey;"
oncommand="gAdvancedPane.showSecurityDevices();"
preference="security.disable_button.openDeviceManager"/>
</hbox>
#ifdef XP_MACOSX
</vbox>
#endif
</tabpanel>
</tabpanels>

10
browser/components/preferences/in-content/advanced.js
Просмотреть файл

@ -768,16 +768,6 @@ var gAdvancedPane = {
"model=yes", null);
},
/**
* Displays a dialog which describes the user's CRLs.
*/
showCRLs: function ()
{
openDialog("chrome://pippki/content/crlManager.xul",
"mozilla:crlmanager",
"model=yes", null);
},
/**
* Displays a dialog in which OCSP preferences can be configured.
*/

7
browser/components/preferences/in-content/advanced.xul
Просмотреть файл

@ -117,9 +117,6 @@
<preference id="security.disable_button.openCertManager"
name="security.disable_button.openCertManager"
type="bool"/>
<preference id="security.OCSP.disable_button.managecrl"
name="security.OCSP.disable_button.managecrl"
type="bool"/>
<preference id="security.disable_button.openDeviceManager"
name="security.disable_button.openDeviceManager"
type="bool"/>
@ -446,10 +443,6 @@
label="&viewCerts.label;" accesskey="&viewCerts.accesskey;"
oncommand="gAdvancedPane.showCertificates();"
preference="security.disable_button.openCertManager"/>
<button id="viewCRLButton"
label="&viewCRLs.label;" accesskey="&viewCRLs.accesskey;"
oncommand="gAdvancedPane.showCRLs();"
preference="security.OCSP.disable_button.managecrl"/>
<button id="verificationButton"
label="&verify2.label;" accesskey="&verify2.accesskey;"
oncommand="gAdvancedPane.showOCSP();"/>

2
browser/locales/en-US/chrome/browser/preferences/advanced.dtd
Просмотреть файл

@ -130,8 +130,6 @@
<!ENTITY certs.ask.accesskey "i">
<!ENTITY viewCerts.label "View Certificates">
<!ENTITY viewCerts.accesskey "s">
<!ENTITY viewCRLs.label "Revocation Lists">
<!ENTITY viewCRLs.accesskey "R">
<!ENTITY verify2.label "Validation">
<!ENTITY verify2.accesskey "V">
<!ENTITY viewSecurityDevices.label "Security Devices">

6
mobile/android/components/NSSDialogService.js
Просмотреть файл

@ -146,12 +146,6 @@ NSSDialogs.prototype = {
this.showPrompt(p);
},
crlImportStatusDialog: function(aCtx, aCrl) {
// this dialog is never shown in Fennec; in Desktop it is shown after importing a CRL
// via Preferences->Advanced->Encryption->Revocation Lists->Import.
throw "Unimplemented";
},
viewCertDetails: function(details) {
let p = this.getPrompt(this.getString("clientAuthAsk.message3"),
'',

9
security/manager/locales/en-US/chrome/pipnss/pipnss.properties
Просмотреть файл

@ -338,15 +338,6 @@ CertInfoPurposes=Purposes
CertInfoEmail=Email
CertInfoStoredIn=Stored in:
P12DefaultNickname=Imported Certificate
CrlImportFailure1x=The application cannot import the Certificate Revocation List (CRL).
CrlImportFailureExpired=A more recent version of this CRL is available.
CrlImportFailureBadSignature=CRL has an invalid Signature.
CrlImportFailureInvalid=New CRL has an invalid format.
CrlImportFailureOld=New CRL is older than the current one.
CrlImportFailureNotYetValid=The CRL is not yet valid. You might want to check your system clock.
CrlImportFailureNetworkProblem=Download of the CRL failed due to Network problems.
CrlImportFailureReasonUnknown=Error Importing CRL to local Database. Error Code:
CrlImportFailure2=Please ask your system administrator for assistance.
NSSInitProblemX=Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features.
VerifyExpired=<Expired>
VerifyRevoked=<Revoked>

2
security/manager/locales/en-US/chrome/pippki/pippki.dtd
Просмотреть файл

@ -76,8 +76,6 @@
<!ENTITY examineCert.label "View Certificate">
<!ENTITY examineCert.accesskey "V">
<!ENTITY serverCrlNextupdate.message "Please ask your system administrator for assistance">
<!-- Strings for the CreateCertInfo dialog -->
<!ENTITY createCertInfo.title "Generating A Private Key">
<!ENTITY createCertInfo.msg1 "Key Generation in progress… This may take a few minutes….">

22
security/manager/locales/en-US/chrome/pippki/pippki.properties
Просмотреть файл

@ -125,30 +125,8 @@ disable_fips=Disable FIPS
fips_nonempty_password_required=FIPS mode requires that you have a Master Password set for each security device. Please set the password before trying to enable FIPS mode.
unable_to_toggle_fips=Unable to change the FIPS mode for the security device. It is recommended that you exit and restart this application.
# CRL next update.
crlNextUpdateMsg1=%S cannot establish an encrypted connection with "%S".
crlNextUpdateMsg2=The certificate revocation list (CRL) from "%S" needs to be updated.
NoUpdateFailure=None
lastFetchUrlLabel=URL originally fetched from
advertisedUrlLabel=URL advertised by the CA
crlAutoUpdateDayCntError=Number of days before next update must be a number greater than zero.
crlAutoUpdtaeFreqCntError=Frequency of update must be a number greater than zero.
disabledStatement=Automatic Update is not enabled for this CRL.
enabledStatement=Automatic Update is enabled for this CRL.
crlAutoupdateQuestion1=Would you like to enable automatic update?
crlAutoupdateQuestion2=Would you like to view the automatic update settings?
undefinedValStr=<Not Defined>
undefinedURL=Auto update URL is not defined.
yesButton=Yes
noButton=No
resetPasswordConfirmationTitle=Reset Master Password
resetPasswordConfirmationMessage=Your password has been reset.
crlAutoupdateEnabled=Enabled
crlAutoupdateNotEnabled=Not Enabled
crlAutoupdateOk=OK
crlAutoupdateFailed=Failed
crlImportNewCRLTitle=Import Certificate Revocation List
crlImportNewCRLLabel=Import the CRL from:
#Import certificate(s) file dialog
importEmailCertPrompt=Select File containing somebody's Email certificate to import

34
security/manager/locales/en-US/chrome/pippki/validation.dtd
Просмотреть файл

@ -1,34 +0,0 @@
<!-- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
<!ENTITY validation.crlmanager.label "Manage CRLs">
<!ENTITY validation.crlmanager.description "These Certificate Revocation Lists (CRL) are stored in your certificate database:">
<!ENTITY validation.crlname.label "Name">
<!ENTITY validation.crllastupdate.label "Last Update">
<!ENTITY validation.crlnextupdate.label "Next Update">
<!ENTITY validation.crlautoupdateenabled.label "Auto Update">
<!ENTITY validation.crlautoupdatestatus.label "Auto Update Status">
<!ENTITY validation.deletecrl.label "Delete">
<!ENTITY validation.deletecrl.accesskey "D">
<!ENTITY validation.updatecrl.label "Update">
<!ENTITY validation.updatecrl.accesskey "U">
<!ENTITY validation.advanced.label "Settings">
<!ENTITY validation.advanced.accesskey "S">
<!ENTITY validation.crl.autoupdate.title "Automatic CRL Update Preferences">
<!ENTITY validation.crl.autoupdate.enable.label "Enable Automatic Update for this CRL">
<!ENTITY validation.crl.autoupdate.time.label1 "Update">
<!ENTITY validation.crl.autoupdate.time.label2 "Day(s) before Next Update date">
<!ENTITY validation.crl.autoupdate.freq.label1 "Update every">
<!ENTITY validation.crl.autoupdate.freq.label2 "Day(s)">
<!ENTITY validation.crl.autoupdate.url.label "CRL would be imported From:">
<!ENTITY crl.import.status.title "CRL Import Status">
<!ENTITY crl.import.success.message "The Certificate Revocation List (CRL) was successfully imported.">
<!ENTITY crl.issuer.label "CRL Issued By:">
<!ENTITY crl.issuer.org.label "Organization: ">
<!ENTITY crl.issuer.orgunit.label "Unit: ">
<!ENTITY crl.import.nextupdate.label "Next Update On: ">
<!ENTITY crl.autoupdate.fail.cnt.label "Previous Consecutive Update Failures: ">
<!ENTITY crl.autoupdate.fail.reason.label "Details of Last Update Failure: ">
<!ENTITY edit.button "Settings">

1
security/manager/locales/jar.mn
Просмотреть файл

@ -14,4 +14,3 @@
locale/@AB_CD@/pippki/pippki.properties (%chrome/pippki/pippki.properties)
locale/@AB_CD@/pippki/certManager.dtd (%chrome/pippki/certManager.dtd)
locale/@AB_CD@/pippki/deviceManager.dtd (%chrome/pippki/deviceManager.dtd)
locale/@AB_CD@/pippki/validation.dtd (%chrome/pippki/validation.dtd)

84
security/manager/pki/resources/content/crlImportDialog.js
Просмотреть файл

@ -1,84 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const nsPKIParamBlock = "@mozilla.org/security/pkiparamblock;1";
const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
const nsIX509Cert = Components.interfaces.nsIX509Cert;
const nsICRLInfo = Components.interfaces.nsICRLInfo;
const nsIPrefService = Components.interfaces.nsIPrefService
var pkiParams;
var cert;
var crl;
function onLoad()
{
pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);
isupport = pkiParams.getISupportAtIndex(1);
if (isupport) {
crl = isupport.QueryInterface(nsICRLInfo);
}
var bundle = document.getElementById("pippki_bundle");
var yesButton = bundle.getString("yesButton");
var noButton = bundle.getString("noButton");
document.documentElement.getButton("accept").label = yesButton;
document.documentElement.getButton("cancel").label = noButton;
var nextUpdateStr;
var orgStr;
var orgUnitStr;
if(crl != null) {
nextUpdateStr = crl.nextUpdateLocale;
if( (nextUpdateStr == null) || (nextUpdateStr.length == 0) ){
nextUpdateStr = bundle.getString("undefinedValStr");
}
var nextUpdate = document.getElementById("nextUpdate");
nextUpdate.setAttribute("value",nextUpdateStr);
var org = document.getElementById("orgText");
org.setAttribute("value", crl.organization);
var orgUnit = document.getElementById("orgUnitText");
orgUnit.setAttribute("value", crl.organizationalUnit);
var autoupdateEnabledString = "security.crl.autoupdate.enable." + crl.nameInDb;
var updateEnabled = false;
try {
var prefService = Components.classes["@mozilla.org/preferences-service;1"].getService(nsIPrefService);
var prefBranch = prefService.getBranch(null);
updateEnabled = prefBranch.getBoolPref(autoupdateEnabledString);
if(updateEnabled) {
var autoupdateURLString = "security.crl.autoupdate.url." + crl.nameInDb;
prefBranch.setCharPref(autoupdateURLString, crl.lastFetchURL);
prefService.savePrefFile(null);
}
}catch(exception){}
var statement = document.getElementById("status");
var question = document.getElementById("question");
if(updateEnabled) {
statement.setAttribute("value", bundle.getString("enabledStatement"));
question.setAttribute("value", bundle.getString("crlAutoupdateQuestion2"));
} else {
statement.setAttribute("value", bundle.getString("disabledStatement"));
question.setAttribute("value", bundle.getString("crlAutoupdateQuestion1"));
}
}
}
function onCancel()
{
return true;
}
function onAccept()
{
var params = Components.classes[nsPKIParamBlock].createInstance(nsIPKIParamBlock);
params.setISupportAtIndex(1, crl);
window.openDialog("chrome://pippki/content/pref-crlupdate.xul","",
"chrome,centerscreen,modal",params);
return true;
}

52
security/manager/pki/resources/content/crlImportDialog.xul
Просмотреть файл

@ -1,52 +0,0 @@
<?xml version="1.0"?>
<!-- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/validation.dtd">
<dialog id="crlImportSuccess"
title="&crl.import.status.title;"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
onload="onLoad();"
buttons="accept,cancel"
ondialogaccept="return onAccept();"
ondialogcancel="return onCancel();">
<stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
<script type="application/javascript" src="chrome://pippki/content/crlImportDialog.js" />
<script type="application/javascript" src="pippki.js" />
<vbox style="margin: 5px;" flex="1">
<text value="&crl.import.success.message;" />
<separator/>
<text class="header" value="&crl.issuer.label;" />
<hbox>
<text value="&crl.issuer.org.label;" />
<text id="orgText" />
</hbox>
<hbox>
<text value="&crl.issuer.orgunit.label;" />
<text id="orgUnitText" />
</hbox>
<separator/>
<hbox>
<text value="&crl.import.nextupdate.label;" />
<text id="nextUpdate" />
</hbox>
<separator/>
<vbox>
<text id="status" />
<text id="question" />
</vbox>
</vbox>
</dialog>

222
security/manager/pki/resources/content/crlManager.js
Просмотреть файл

@ -1,222 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const nsICRLManager = Components.interfaces.nsICRLManager;
const nsCRLManager = "@mozilla.org/security/crlmanager;1";
const nsICRLInfo = Components.interfaces.nsICRLInfo;
const nsISupportsArray = Components.interfaces.nsISupportsArray;
const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
const nsPKIParamBlock = "@mozilla.org/security/pkiparamblock;1";
const nsIPrefService = Components.interfaces.nsIPrefService;
var crlManager;
var crls;
var prefService;
var prefBranch;
var autoupdateEnabledBaseString = "security.crl.autoupdate.enable.";
var autoupdateTimeTypeBaseString = "security.crl.autoupdate.timingType.";
var autoupdateTimeBaseString = "security.crl.autoupdate.nextInstant.";
var autoupdateURLBaseString = "security.crl.autoupdate.url.";
var autoupdateErrCntBaseString = "security.crl.autoupdate.errCount.";
var autoupdateErrDetailBaseString = "security.crl.autoupdate.errDetail.";
var autoupdateDayCntString = "security.crl.autoupdate.dayCnt.";
var autoupdateFreqCntString = "security.crl.autoupdate.freqCnt.";
function onLoad()
{
var crlEntry;
var i;
crlManager = Components.classes[nsCRLManager].getService(nsICRLManager);
crls = crlManager.getCrls();
prefService = Components.classes["@mozilla.org/preferences-service;1"].getService(nsIPrefService);
prefBranch = prefService.getBranch(null);
var bundle = document.getElementById("pippki_bundle");
var autoupdateEnabledString;
var autoupdateErrCntString;
for (i=0; i<crls.length; i++) {
crlEntry = crls.queryElementAt(i, nsICRLInfo);
var org = crlEntry.organization;
var orgUnit = crlEntry.organizationalUnit;
var lastUpdate = crlEntry.lastUpdateLocale;
var nextUpdate = crlEntry.nextUpdateLocale;
autoupdateEnabledString = autoupdateEnabledBaseString + crlEntry.nameInDb;
autoupdateErrCntString = autoupdateErrCntBaseString + crlEntry.nameInDb;
var enabled = false;
var enabledStr = bundle.getString("crlAutoupdateNotEnabled");
var status = "";
try{
enabled = prefBranch.getBoolPref(autoupdateEnabledString)
if(enabled){
enabledStr = bundle.getString("crlAutoupdateEnabled");
}
var cnt;
cnt = prefBranch.getIntPref(autoupdateErrCntString);
if(cnt > 0){
status = bundle.getString("crlAutoupdateFailed");
} else {
status = bundle.getString("crlAutoupdateOk");
}
}catch(exception){}
AddItem("crlList", [org, orgUnit, lastUpdate, nextUpdate, enabledStr, status], "crltree_", i);
}
}
function AddItem(children,cells,prefix,idfier)
{
var kids = document.getElementById(children);
var item = document.createElement("treeitem");
var row = document.createElement("treerow");
for(var i = 0; i < cells.length; i++)
{
var cell = document.createElement("treecell");
cell.setAttribute("class", "propertylist");
cell.setAttribute("label", cells[i])
row.appendChild(cell);
}
item.appendChild(row);
item.setAttribute("id",prefix + idfier);
kids.appendChild(item);
}
function DeleteCrlSelected() {
var crlEntry;
// delete selected item
var crltree = document.getElementById("crltree");
var i = crltree.currentIndex;
if(i<0){
return;
}
crlEntry = crls.queryElementAt(i, nsICRLInfo);
var autoupdateEnabled = false;
var autoupdateParamAvailable = false;
var id = crlEntry.nameInDb;
//First, check if autoupdate was enabled for this crl
try {
autoupdateEnabled = prefBranch.getBoolPref(autoupdateEnabledBaseString + id);
//Note, if the pref is not present, we get an exception right here,
//and autoupdateEnabled remains false
autoupdateParamAvailable = true;
prefBranch.clearUserPref(autoupdateEnabledBaseString + id);
prefBranch.clearUserPref(autoupdateTimeTypeBaseString + id);
prefBranch.clearUserPref(autoupdateTimeBaseString + id);
prefBranch.clearUserPref(autoupdateURLBaseString + id);
prefBranch.clearUserPref(autoupdateDayCntString + id);
prefBranch.clearUserPref(autoupdateFreqCntString + id);
prefBranch.clearUserPref(autoupdateErrCntBaseString + id);
prefBranch.clearUserPref(autoupdateErrDetailBaseString + id);
} catch(Exception){}
//Once we have deleted the prefs that can be deleted, we save the
//file if relevant, restart the scheduler, and once we are successful
//in doind that, we try to delete the crl
try{
if(autoupdateParamAvailable){
prefService.savePrefFile(null);
}
if(autoupdateEnabled){
crlManager.rescheduleCRLAutoUpdate();
}
// Now, try to delete it
crlManager.deleteCrl(i);
DeleteItemSelected("crltree", "crltree_", "crlList");
//To do: If delete fails, we should be able to retrieve the deleted
//settings
//XXXXXXXXXXXXXXXXXXXXX
}catch(exception) {
//To Do: Possibly show an error ...
//XXXXXXXXXXXX
}
EnableCrlActions();
}
function EnableCrlActions() {
var tree = document.getElementById("crltree");
if (tree.view.selection.count) {
document.getElementById("deleteCrl").removeAttribute("disabled");
document.getElementById("editPrefs").removeAttribute("disabled");
document.getElementById("updateCRL").removeAttribute("disabled");
} else {
document.getElementById("deleteCrl").setAttribute("disabled", "true");
document.getElementById("editPrefs").setAttribute("disabled", "true");
document.getElementById("updateCRL").setAttribute("disabled", "true");
}
}
function DeleteItemSelected(tree, prefix, kids) {
var i;
var delnarray = [];
var rv = "";
var cookietree = document.getElementById(tree);
var rangeCount = cookietree.view.selection.getRangeCount();
for(i = 0; i < rangeCount; ++i)
{
var start = {}, end = {};
cookietree.view.selection.getRangeAt(i, start, end);
for (var k = start.value; k <= end.value; ++k) {
var item = cookietree.contentView.getItemAtIndex(k);
delnarray[i] = document.getElementById(item.id);
var itemid = parseInt(item.id.substring(prefix.length, item.id.length));
rv += (itemid + ",");
}
}
for(i = 0; i < delnarray.length; i++)
{
document.getElementById(kids).removeChild(delnarray[i]);
}
return rv;
}
function EditAutoUpdatePrefs() {
var crlEntry;
// delete selected item
var crltree = document.getElementById("crltree");
var i = crltree.currentIndex;
if(i<0){
return;
}
crlEntry = crls.queryElementAt(i, nsICRLInfo);
var params = Components.classes[nsPKIParamBlock].createInstance(nsIPKIParamBlock);
params.setISupportAtIndex(1, crlEntry);
window.openDialog("chrome://pippki/content/pref-crlupdate.xul","",
"chrome,centerscreen,modal", params);
}
function UpdateCRL()
{
var crlEntry;
var crltree = document.getElementById("crltree");
var i = crltree.currentIndex;
if(i<0){
return;
}
crlEntry = crls.queryElementAt(i, nsICRLInfo);
crlManager.updateCRLFromURL(crlEntry.lastFetchURL, crlEntry.nameInDb);
}
function ImportCRL()
{
// prompt for the URL to import from
var promptService = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService);
var CRLLocation = {value:null};
var dummy = { value: 0 };
var strBundle = document.getElementById('pippki_bundle');
var addCRL = promptService.prompt(window, strBundle.getString('crlImportNewCRLTitle'),
strBundle.getString('crlImportNewCRLLabel'), CRLLocation, null, dummy);
if (addCRL)
crlManager.updateCRLFromURL(CRLLocation.value, "");
}

71
security/manager/pki/resources/content/crlManager.xul
Просмотреть файл

@ -1,71 +0,0 @@
<?xml version="1.0"?>
<!-- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE dialog [
<!ENTITY % prefValDTD SYSTEM "chrome://pippki/locale/validation.dtd">
%prefValDTD;
<!ENTITY % prefCertMgrDTD SYSTEM "chrome://pippki/locale/certManager.dtd">
%prefCertMgrDTD;
]>
<dialog id="crlviewer"
windowtype="mozilla:crlmanager"
title="&validation.crlmanager.label;"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
style="width: 65ch;"
onload="onLoad();"
buttons="accept"
buttonlabelaccept="&certmgr.close.label;"
persist="screenX screenY width height">
<stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
<script type="application/javascript" src="chrome://pippki/content/crlManager.js"/>
<description value="&validation.crlmanager.description;"/>
<separator class="thin"/>
<tree id="crltree" style="height: 10em;"
onselect="EnableCrlActions()" flex="1">
<treecols>
<treecol id="Col1" flex="3" label="&certmgr.certdetail.o;"/>
<splitter class="tree-splitter"/>
<treecol id="Col2" flex="5" label="&certmgr.certdetail.ou;"/>
<splitter class="tree-splitter"/>
<treecol id="Col3" flex="2" label="&validation.crllastupdate.label;"/>
<splitter class="tree-splitter"/>
<treecol id="Col4" flex="2" label="&validation.crlnextupdate.label;"/>
<splitter class="tree-splitter"/>
<treecol id="Col5" flex="2" label="&validation.crlautoupdateenabled.label;"/>
<splitter class="tree-splitter"/>
<treecol id="Col6" flex="3" label="&validation.crlautoupdatestatus.label;"/>
</treecols>
<treechildren id="crlList"/>
</tree>
<separator class="thin"/>
<hbox id="dialogButtons">
<button id="deleteCrl" disabled="true"
label="&validation.deletecrl.label;"
accesskey="&validation.deletecrl.accesskey;"
oncommand="DeleteCrlSelected();"/>
<button id="editPrefs" class="push" disabled="true"
label="&validation.advanced.label;"
accesskey="&validation.advanced.accesskey;"
oncommand="EditAutoUpdatePrefs();"/>
<button id="updateCRL" class="push" disabled="true"
label="&validation.updatecrl.label;"
accesskey="&validation.updatecrl.accesskey;"
oncommand="UpdateCRL();"/>
<button id="importCRL" class="push"
label="&certmgr.restore2.label;"
accesskey="&certmgr.restore2.accesskey;"
oncommand="ImportCRL();"/>
<spacer flex="2"/>
<button dlgtype="accept"/>
</hbox>
</dialog>

242
security/manager/pki/resources/content/pref-crlupdate.js
Просмотреть файл

@ -1,242 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const nsICRLManager = Components.interfaces.nsICRLManager;
const nsCRLManager = "@mozilla.org/security/crlmanager;1";
const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
const nsICRLInfo = Components.interfaces.nsICRLInfo;
const nsIPrefService = Components.interfaces.nsIPrefService;
var crl;
var bundle;
var prefService;
var prefBranch;
var updateTypeRadio;
var enabledCheckBox;
var timeBasedRadio;
var freqBasedRadio;
var crlManager;
var autoupdateEnabledString = "security.crl.autoupdate.enable.";
var autoupdateTimeTypeString = "security.crl.autoupdate.timingType.";
var autoupdateTimeString = "security.crl.autoupdate.nextInstant.";
var autoupdateURLString = "security.crl.autoupdate.url.";
var autoupdateErrCntString = "security.crl.autoupdate.errCount.";
var autoupdateErrDetailString = "security.crl.autoupdate.errDetail.";
var autoupdateDayCntString = "security.crl.autoupdate.dayCnt.";
var autoupdateFreqCntString = "security.crl.autoupdate.freqCnt.";
function doPrompt(msg)
{
let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
getService(Components.interfaces.nsIPromptService);
prompts.alert(window, null, msg);
}
function onLoad()
{
crlManager = Components.classes[nsCRLManager].getService(nsICRLManager);
var pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);
var isupport = pkiParams.getISupportAtIndex(1);
crl = isupport.QueryInterface(nsICRLInfo);
autoupdateEnabledString = autoupdateEnabledString + crl.nameInDb;
autoupdateTimeTypeString = autoupdateTimeTypeString + crl.nameInDb;
autoupdateTimeString = autoupdateTimeString + crl.nameInDb;
autoupdateDayCntString = autoupdateDayCntString + crl.nameInDb;
autoupdateFreqCntString = autoupdateFreqCntString + crl.nameInDb;
autoupdateURLString = autoupdateURLString + crl.nameInDb;
autoupdateErrCntString = autoupdateErrCntString + crl.nameInDb;
autoupdateErrDetailString = autoupdateErrDetailString + crl.nameInDb;
bundle = document.getElementById("pippki_bundle");
prefService = Components.classes["@mozilla.org/preferences-service;1"].getService(nsIPrefService);
prefBranch = prefService.getBranch(null);
updateTypeRadio = document.getElementById("autoUpdateType");
enabledCheckBox = document.getElementById("enableCheckBox");
timeBasedRadio = document.getElementById("timeBasedRadio");
freqBasedRadio = document.getElementById("freqBasedRadio");
//Read the existing prefs, if any
initializeSelection();
}
function updateSelectedTimingControls()
{
var freqBox = document.getElementById("nextUpdateFreq");
var timeBox = document.getElementById("nextUpdateDay");
if(updateTypeRadio.selectedItem.id == "freqBasedRadio"){
freqBox.removeAttribute("disabled");
timeBox.disabled = true;
} else {
timeBox.removeAttribute("disabled");
freqBox.disabled = true;
}
}
function initializeSelection()
{
var menuItemNode;
var hasAdvertisedURL = false;
var hasNextUpdate = true;
var lastFetchMenuNode;
var advertisedMenuNode;
try {
var isEnabled = prefBranch.getBoolPref(autoupdateEnabledString);
enabledCheckBox.checked = isEnabled;
} catch(exception){
enabledCheckBox.checked = false;
}
//Always the last fetch url, for now.
var URLDisplayed = document.getElementById("urlName");
URLDisplayed.value = crl.lastFetchURL;
//Decide how many update timing types to be shown
//If no next update specified, hide the first choice. Default shows both
if(crl.nextUpdateLocale == null || crl.nextUpdateLocale.length == 0) {
timeBasedRadio.disabled = true;
hasNextUpdate = false;
}
//Set up the initial selections based on defaults and prefs, if any
try{
var timingPref = prefBranch.getIntPref(autoupdateTimeTypeString);
if(timingPref != null) {
if(timingPref == crlManager.TYPE_AUTOUPDATE_TIME_BASED) {
if(hasNextUpdate){
updateTypeRadio.selectedItem = timeBasedRadio;
}
} else {
updateTypeRadio.selectedItem = freqBasedRadio;
}
} else {
if(hasNextUpdate){
updateTypeRadio.selectedItem = timeBasedRadio;
} else {
updateTypeRadio.selectedItem = freqBasedRadio;
}
}
}catch(exception){
if(!hasNextUpdate) {
updateTypeRadio.selectedItem = freqBasedRadio;
} else {
updateTypeRadio.selectedItem = timeBasedRadio;
}
}
updateSelectedTimingControls();
//Now, retrieving the day count
var timeBasedBox = document.getElementById("nextUpdateDay");
try {
var dayCnt = prefBranch.getCharPref(autoupdateDayCntString);
//doPrompt(dayCnt);
if(dayCnt != null){
timeBasedBox.value = dayCnt;
} else {
timeBasedBox.value = 1;
}
} catch(exception) {
timeBasedBox.value = 1;
}
var freqBasedBox = document.getElementById("nextUpdateFreq");
try {
var freqCnt = prefBranch.getCharPref(autoupdateFreqCntString);
//doPrompt(freqCnt);
if(freqCnt != null){
freqBasedBox.value = freqCnt;
} else {
freqBasedBox.value = 1;
}
} catch(exception) {
freqBasedBox.value = 1;
}
var errorCountText = document.getElementById("FailureCnt");
var errorDetailsText = document.getElementById("FailureDetails");
var cnt = 0;
var text;
try{
cnt = prefBranch.getIntPref(autoupdateErrCntString);
txt = prefBranch.getCharPref(autoupdateErrDetailString);
}catch(exception){}
if( cnt > 0 ){
errorCountText.setAttribute("value",cnt);
errorDetailsText.setAttribute("value",txt);
} else {
errorCountText.setAttribute("value", bundle.getString("NoUpdateFailure"));
var reasonBox = document.getElementById("reasonbox");
reasonBox.hidden = true;
}
}
function onCancel()
{
// Close dialog by returning true
return true;
}
function onAccept()
{
if(!validatePrefs())
return false;
//set enable pref
prefBranch.setBoolPref(autoupdateEnabledString, enabledCheckBox.checked );
//set URL TYPE and value prefs - always to last fetch url - till we have anything else available
prefBranch.setCharPref(autoupdateURLString, crl.lastFetchURL);
var timingTypeId = updateTypeRadio.selectedItem.id;
var updateTime;
var dayCnt = (document.getElementById("nextUpdateDay")).value;
var freqCnt = (document.getElementById("nextUpdateFreq")).value;
if(timingTypeId == "timeBasedRadio"){
prefBranch.setIntPref(autoupdateTimeTypeString, crlManager.TYPE_AUTOUPDATE_TIME_BASED);
updateTime = crlManager.computeNextAutoUpdateTime(crl, crlManager.TYPE_AUTOUPDATE_TIME_BASED, dayCnt);
} else {
prefBranch.setIntPref(autoupdateTimeTypeString, crlManager.TYPE_AUTOUPDATE_FREQ_BASED);
updateTime = crlManager.computeNextAutoUpdateTime(crl, crlManager.TYPE_AUTOUPDATE_FREQ_BASED, freqCnt);
}
//doPrompt(updateTime);
prefBranch.setCharPref(autoupdateTimeString, updateTime);
prefBranch.setCharPref(autoupdateDayCntString, dayCnt);
prefBranch.setCharPref(autoupdateFreqCntString, freqCnt);
//Save Now
prefService.savePrefFile(null);
crlManager.rescheduleCRLAutoUpdate();
//Close dialog by returning true
return true;
}
function validatePrefs()
{
var dayCnt = (document.getElementById("nextUpdateDay")).value;
var freqCnt = (document.getElementById("nextUpdateFreq")).value;
var tmp = parseFloat(dayCnt);
if(!(tmp > 0.0)){
doPrompt(bundle.getString("crlAutoUpdateDayCntError"));
return false;
}
tmp = parseFloat(freqCnt);
if(!(tmp > 0.0)){
doPrompt(bundle.getString("crlAutoUpdtaeFreqCntError"));
return false;
}
return true;
}

64
security/manager/pki/resources/content/pref-crlupdate.xul
Просмотреть файл

@ -1,64 +0,0 @@
<?xml version="1.0"?>
<!-- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/validation.dtd">
<dialog id="crlUpdatePref"
title="&validation.crl.autoupdate.title;"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
onload="onLoad();"
buttons="accept,cancel"
ondialogaccept="return onAccept();"
ondialogcancel="return onCancel();">
<stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
<script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
<script type="application/javascript" src="chrome://pippki/content/pref-crlupdate.js" />
<vbox style="margin: 5px;" flex="1">
<checkbox label="&validation.crl.autoupdate.enable.label;"
checked="false" id="enableCheckBox"/>
<separator/>
<vbox>
<radiogroup id="autoUpdateType" flex="1" oncommand="updateSelectedTimingControls();" >
<hbox align="center" id="timeBasedBox">
<radio label="&validation.crl.autoupdate.time.label1;"
id="timeBasedRadio" value="1" group="autoUpdateType"/>
<textbox width="20" value="1" id="nextUpdateDay" />
<text value="&validation.crl.autoupdate.time.label2;" />
</hbox>
<hbox align="center" id="freqBasedBox">
<radio label="&validation.crl.autoupdate.freq.label1;"
id="freqBasedRadio" value="2" group="autoUpdateType"/>
<textbox width="20" value="1" id="nextUpdateFreq" />
<text value="&validation.crl.autoupdate.freq.label2;" />
</hbox>
</radiogroup>
</vbox>
<separator/>
<vbox>
<text value="&validation.crl.autoupdate.url.label;" />
<textbox readonly="true" id="urlName" />
</vbox>
<separator/>
<hbox>
<text value="&crl.autoupdate.fail.cnt.label;" />
<text id="FailureCnt" />
</hbox>
<hbox id="reasonbox">
<text value="&crl.autoupdate.fail.reason.label;" />
<text id="FailureDetails" />
</hbox>
</vbox>
</dialog>

34
security/manager/pki/resources/content/serverCrlNextupdate.js
Просмотреть файл

@ -1,34 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
const nsIX509Cert = Components.interfaces.nsIX509Cert;
var dialogParams;
var pkiParams;
var bundle;
function onLoad()
{
pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);
dialogParams = pkiParams.QueryInterface(nsIDialogParamBlock);
var isupport = pkiParams.getISupportAtIndex(1);
var cert = isupport.QueryInterface(nsIX509Cert);
var connectURL = dialogParams.GetString(1);
var gBundleBrand = document.getElementById("brand_bundle");
var brandName = gBundleBrand.getString("brandShortName");
bundle = document.getElementById("pippki_bundle");
var message1 = bundle.getFormattedString("crlNextUpdateMsg1",
[brandName, connectURL]);
var message2 = bundle.getFormattedString("crlNextUpdateMsg2",
[cert.issuerOrganization]);
setText("message1", message1);
setText("message2", message2);
}

38
security/manager/pki/resources/content/serverCrlNextupdate.xul
Просмотреть файл

@ -1,38 +0,0 @@
<?xml version="1.0"?>
<!-- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!-- CHANGE THIS WHEN MOVING FILES -->
<!DOCTYPE dialog [
<!ENTITY % pipPkiDTD SYSTEM "chrome://pippki/locale/pippki.dtd">
%pipPkiDTD;
]>
<dialog
id="serverCrlNextupdate"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
style="width: 30em;"
buttons="accept"
defaultButton="accept"
ondialoghelp="openHelp('exp_crl');"
onload="onLoad();"
>
<stringbundleset id="stringbundleset">
<stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
<stringbundle id="brand_bundle" src="chrome://branding/locale/brand.properties"/>
</stringbundleset>
<script type="application/javascript" src="chrome://pippki/content/pippki.js" />
<script type="application/javascript" src="chrome://pippki/content/serverCrlNextupdate.js" />
<description id="message1"/>
<separator/>
<description id="message2"/>
<separator/>
<label value="&serverCrlNextupdate.message;"/>
</dialog>

8
security/manager/pki/resources/jar.mn
Просмотреть файл

@ -46,16 +46,8 @@ pippki.jar:
content/pippki/choosetoken.js (content/choosetoken.js)
content/pippki/escrowWarn.xul (content/escrowWarn.xul)
content/pippki/escrowWarn.js (content/escrowWarn.js)
content/pippki/crlManager.xul (content/crlManager.xul)
content/pippki/crlManager.js (content/crlManager.js)
content/pippki/serverCrlNextupdate.js (content/serverCrlNextupdate.js)
content/pippki/serverCrlNextupdate.xul (content/serverCrlNextupdate.xul)
content/pippki/createCertInfo.xul (content/createCertInfo.xul)
content/pippki/createCertInfo.js (content/createCertInfo.js)
content/pippki/crlImportDialog.xul (content/crlImportDialog.xul)
content/pippki/crlImportDialog.js (content/crlImportDialog.js)
content/pippki/pref-crlupdate.xul (content/pref-crlupdate.xul)
content/pippki/pref-crlupdate.js (content/pref-crlupdate.js)
content/pippki/protectedAuth.xul (content/protectedAuth.xul)
content/pippki/protectedAuth.js (content/protectedAuth.js)
content/pippki/formsigning.xul (content/formsigning.xul)

22
security/manager/pki/src/nsNSSDialogs.cpp
Просмотреть файл

@ -31,7 +31,6 @@
#include "nsNSSDialogHelper.h"
#include "nsIWindowWatcher.h"
#include "nsIX509CertValidity.h"
#include "nsICRLInfo.h"
#include "nsEmbedCID.h"
#include "nsIPromptService.h"
@ -139,27 +138,6 @@ nsNSSDialogs::GetPassword(nsIInterfaceRequestor *ctx,
return rv;
}
NS_IMETHODIMP
nsNSSDialogs::CrlImportStatusDialog(nsIInterfaceRequestor *ctx, nsICRLInfo *crl)
{
nsresult rv;
nsCOMPtr<nsIPKIParamBlock> block =
do_CreateInstance(NS_PKIPARAMBLOCK_CONTRACTID,&rv);
if (NS_FAILED(rv))
return rv;
rv = block->SetISupportAtIndex(1, crl);
if (NS_FAILED(rv))
return rv;
rv = nsNSSDialogHelper::openDialog(nullptr,
"chrome://pippki/content/crlImportDialog.xul",
block,
false);
return NS_OK;
}
NS_IMETHODIMP
nsNSSDialogs::ConfirmDownloadCACert(nsIInterfaceRequestor *ctx,
nsIX509Cert *cert,

2
security/manager/ssl/public/moz.build
Просмотреть файл

@ -16,8 +16,6 @@ XPIDL_SOURCES += [
'nsICMSMessage2.idl',
'nsICMSMessageErrors.idl',
'nsICMSSecureMessage.idl',
'nsICRLInfo.idl',
'nsICRLManager.idl',
'nsICertOverrideService.idl',
'nsICertPickDialogs.idl',
'nsICertificateDialogs.idl',

58
security/manager/ssl/public/nsICRLInfo.idl
Просмотреть файл

@ -1,58 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
/**
* Information on a Certificate Revocation List (CRL)
* issued by a Aertificate Authority (CA).
*/
[scriptable, uuid(c185d920-4a3e-11d5-ba27-00108303b117)]
interface nsICRLInfo : nsISupports {
/**
* The issuing CA's organization.
*/
readonly attribute AString organization;
/**
* The issuing CA's organizational unit.
*/
readonly attribute AString organizationalUnit;
/**
* The time this CRL was created at.
*/
readonly attribute PRTime lastUpdate;
/**
* The time the suggested next update for this CRL.
*/
readonly attribute PRTime nextUpdate;
/**
* lastUpdate formatted as a human readable string
* formatted according to the environment locale.
*/
readonly attribute AString lastUpdateLocale;
/**
* nextUpdate formatted as a human readable string
* formatted according to the environment locale.
*/
readonly attribute AString nextUpdateLocale;
/**
* The key identifying the CRL in the database.
*/
readonly attribute AString nameInDb;
/**
* The URL this CRL was last fetched from.
*/
readonly attribute AUTF8String lastFetchURL;
};

78
security/manager/ssl/public/nsICRLManager.idl
Просмотреть файл

@ -1,78 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
interface nsIURI;
interface nsIArray;
interface nsICRLInfo;
%{C++
#define NS_CRLMANAGER_CID { /* 5b256c10-22d8-4109-af92-1253035e9fcb */ \
0x5b256c10, \
0x22d8, \
0x4109, \
{0xaf, 0x92, 0x12, 0x53, 0x03, 0x5e, 0x9f, 0xcb} \
}
#define NS_CRLMANAGER_CONTRACTID "@mozilla.org/security/crlmanager;1"
%}
[scriptable, uuid(486755db-627a-4678-a21b-f6a63bb9c56a)]
interface nsICRLManager : nsISupports {
/*
* importCrl
*
* Import a CRL into the certificate database.
*/
void importCrl([array, size_is(length)] in octet data,
in unsigned long length,
in nsIURI uri,
in unsigned long type,
in boolean doSilentDownload,
in wstring crlKey);
/*
* update crl from url
* update an existing crl from the last fetched url. Needed for the update
* button in crl manager
*/
boolean updateCRLFromURL(in wstring url, in wstring key);
/*
* getCrls
*
* Get a list of Crl entries in the DB.
*/
nsIArray getCrls();
/*
* deleteCrl
*
* Delete the crl.
*/
void deleteCrl(in unsigned long crlIndex);
/* This would reschedule the autoupdate of crls with auto update enable.
* Most likely to be called when update prefs are changed, or when a crl
* is deleted, etc. However, this might not be the most relevant place for
* this api, but unless we have a separate crl handler object....
*/
void rescheduleCRLAutoUpdate();
const unsigned long TYPE_AUTOUPDATE_TIME_BASED = 1;
const unsigned long TYPE_AUTOUPDATE_FREQ_BASED = 2;
wstring computeNextAutoUpdateTime(in nsICRLInfo info,
in unsigned long autoUpdateType,
in double noOfDays);
};

13
security/manager/ssl/public/nsICertificateDialogs.idl
Просмотреть файл

@ -6,12 +6,11 @@
interface nsIInterfaceRequestor;
interface nsIX509Cert;
interface nsICRLInfo;
/**
* Functions that implement user interface dialogs to manage certificates.
*/
[scriptable, uuid(a03ca940-09be-11d5-ac5d-000064657374)]
[scriptable, uuid(da871dab-f69e-4173-ab26-99fcd47b0e85)]
interface nsICertificateDialogs : nsISupports
{
/**
@ -80,16 +79,6 @@ interface nsICertificateDialogs : nsISupports
*/
void viewCert(in nsIInterfaceRequestor ctx,
in nsIX509Cert cert);
/**
* UI shown after a Certificate Revocation List (CRL) has been
* successfully imported.
*
* @param ctx A user interface context.
* @param crl Information describing the CRL that was imported.
*/
void crlImportStatusDialog(in nsIInterfaceRequestor ctx,
in nsICRLInfo crl);
};
%{C++

2
security/manager/ssl/src/moz.build
Просмотреть файл

@ -28,8 +28,6 @@ CPP_SOURCES += [
'nsClientAuthRemember.cpp',
'nsCMS.cpp',
'nsCMSSecureMessage.cpp',
'nsCRLInfo.cpp',
'nsCRLManager.cpp',
'nsCrypto.cpp',
'nsCryptoHash.cpp',
'nsDataSignatureVerifier.cpp',

152
security/manager/ssl/src/nsCRLInfo.cpp
Просмотреть файл

@ -1,152 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "prerror.h"
#include "prprf.h"
#include "nsCRLInfo.h"
#include "nsIDateTimeFormat.h"
#include "nsDateTimeFormatCID.h"
#include "nsCOMPtr.h"
#include "nsComponentManagerUtils.h"
#include "nsReadableUtils.h"
#include "nsNSSShutDown.h"
#include "nspr.h"
#include "pk11func.h"
#include "certdb.h"
#include "cert.h"
#include "secerr.h"
#include "nssb64.h"
#include "secasn1.h"
#include "secder.h"
NS_IMPL_ISUPPORTS1(nsCRLInfo, nsICRLInfo)
nsCRLInfo::nsCRLInfo()
{
/* member initializers and constructor code */
}
nsCRLInfo::nsCRLInfo(CERTSignedCrl *signedCrl)
{
nsNSSShutDownPreventionLock locker;
CERTCrl *crl = &(signedCrl->crl);
nsAutoString org;
nsAutoString orgUnit;
nsAutoString nameInDb;
nsAutoString nextUpdateLocale;
nsAutoString lastUpdateLocale;
nsAutoCString lastFetchURL;
PRTime lastUpdate = 0;
PRTime nextUpdate = 0;
SECStatus sec_rv;
// Get the information we need here //
char * o = CERT_GetOrgName(&(crl->name));
if (o) {
org = NS_ConvertASCIItoUTF16(o);
PORT_Free(o);
}
char * ou = CERT_GetOrgUnitName(&(crl->name));
if (ou) {
orgUnit = NS_ConvertASCIItoUTF16(ou);
//At present, the ou is being used as the unique key - but this
//would change, one support for delta crls come in.
nameInDb = orgUnit;
PORT_Free(ou);
}
nsCOMPtr<nsIDateTimeFormat> dateFormatter = do_CreateInstance(NS_DATETIMEFORMAT_CONTRACTID);
// Last Update time
if (crl->lastUpdate.len) {
sec_rv = DER_UTCTimeToTime(&lastUpdate, &(crl->lastUpdate));
if (sec_rv == SECSuccess && dateFormatter) {
dateFormatter->FormatPRTime(nullptr, kDateFormatShort, kTimeFormatNone,
lastUpdate, lastUpdateLocale);
}
}
if (crl->nextUpdate.len) {
// Next update time
sec_rv = DER_UTCTimeToTime(&nextUpdate, &(crl->nextUpdate));
if (sec_rv == SECSuccess && dateFormatter) {
dateFormatter->FormatPRTime(nullptr, kDateFormatShort, kTimeFormatNone,
nextUpdate, nextUpdateLocale);
}
}
char * url = signedCrl->url;
if(url) {
lastFetchURL = url;
}
mOrg.Assign(org.get());
mOrgUnit.Assign(orgUnit.get());
mLastUpdateLocale.Assign(lastUpdateLocale.get());
mNextUpdateLocale.Assign(nextUpdateLocale.get());
mLastUpdate = lastUpdate;
mNextUpdate = nextUpdate;
mNameInDb.Assign(nameInDb.get());
mLastFetchURL = lastFetchURL;
}
nsCRLInfo::~nsCRLInfo()
{
/* destructor code */
}
/* readonly attribute */
NS_IMETHODIMP nsCRLInfo::GetOrganization(nsAString & aOrg)
{
aOrg = mOrg;
return NS_OK;
}
/* readonly attribute */
NS_IMETHODIMP nsCRLInfo::GetOrganizationalUnit(nsAString & aOrgUnit)
{
aOrgUnit = mOrgUnit;
return NS_OK;
}
NS_IMETHODIMP nsCRLInfo::GetLastUpdateLocale(nsAString & aLastUpdateLocale)
{
aLastUpdateLocale = mLastUpdateLocale;
return NS_OK;
}
NS_IMETHODIMP nsCRLInfo::GetNextUpdateLocale(nsAString & aNextUpdateLocale)
{
aNextUpdateLocale = mNextUpdateLocale;
return NS_OK;
}
NS_IMETHODIMP nsCRLInfo::GetLastUpdate(PRTime* aLastUpdate)
{
NS_ENSURE_ARG(aLastUpdate);
*aLastUpdate = mLastUpdate;
return NS_OK;
}
NS_IMETHODIMP nsCRLInfo::GetNextUpdate(PRTime* aNextUpdate)
{
NS_ENSURE_ARG(aNextUpdate);
*aNextUpdate = mNextUpdate;
return NS_OK;
}
NS_IMETHODIMP nsCRLInfo::GetNameInDb(nsAString & aNameInDb)
{
aNameInDb = mNameInDb;
return NS_OK;
}
NS_IMETHODIMP nsCRLInfo::GetLastFetchURL(nsACString & aLastFetchURL)
{
aLastFetchURL = mLastFetchURL;
return NS_OK;
}

45
security/manager/ssl/src/nsCRLInfo.h
Просмотреть файл

@ -1,45 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef _NSCLRLINFO_H_
#define _NSCRLINFO_H_
#include "nsICRLInfo.h"
#include "certt.h"
#include "nsString.h"
#define CRL_AUTOUPDATE_TIMIINGTYPE_PREF "security.crl.autoupdate.timingType"
#define CRL_AUTOUPDATE_TIME_PREF "security.crl.autoupdate.nextInstant"
#define CRL_AUTOUPDATE_URL_PREF "security.crl.autoupdate.url"
#define CRL_AUTOUPDATE_DAYCNT_PREF "security.crl.autoupdate.dayCnt"
#define CRL_AUTOUPDATE_FREQCNT_PREF "security.crl.autoupdate.freqCnt"
#define CRL_AUTOUPDATE_ERRCNT_PREF "security.crl.autoupdate.errCount"
#define CRL_AUTOUPDATE_ERRDETAIL_PREF "security.crl.autoupdate.errDetail"
#define CRL_AUTOUPDATE_ENABLED_PREF "security.crl.autoupdate.enable."
#define CRL_AUTOUPDATE_DEFAULT_DELAY 30000UL
class nsCRLInfo : public nsICRLInfo
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICRLINFO
nsCRLInfo();
nsCRLInfo(CERTSignedCrl *);
virtual ~nsCRLInfo();
/* additional members */
private:
nsString mOrg;
nsString mOrgUnit;
nsString mLastUpdateLocale;
nsString mNextUpdateLocale;
PRTime mLastUpdate;
PRTime mNextUpdate;
nsString mNameInDb;
nsCString mLastFetchURL;
nsString mNextAutoUpdateDate;
};
#endif

441
security/manager/ssl/src/nsCRLManager.cpp
Просмотреть файл

@ -1,441 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsCRLManager.h"
#include "nsCRLInfo.h"
#include "nsCOMPtr.h"
#include "nsComponentManagerUtils.h"
#include "nsReadableUtils.h"
#include "nsNSSComponent.h"
#include "nsCOMPtr.h"
#include "nsICertificateDialogs.h"
#include "nsIMutableArray.h"
#include "nsIPrefService.h"
#include "nsIPrefBranch.h"
#include "nsNSSShutDown.h"
#include "nsThreadUtils.h"
#include "nspr.h"
#include "pk11func.h"
#include "certdb.h"
#include "cert.h"
#include "secerr.h"
#include "nssb64.h"
#include "secasn1.h"
#include "secder.h"
#include "ssl.h"
#include "ocsp.h"
#include "plbase64.h"
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
NS_IMPL_ISUPPORTS1(nsCRLManager, nsICRLManager)
nsCRLManager::nsCRLManager()
{
}
nsCRLManager::~nsCRLManager()
{
}
NS_IMETHODIMP
nsCRLManager::ImportCrl (uint8_t *aData, uint32_t aLength, nsIURI * aURI, uint32_t aType, bool doSilentDownload, const PRUnichar* crlKey)
{
if (!NS_IsMainThread()) {
NS_ERROR("nsCRLManager::ImportCrl called off the main thread");
return NS_ERROR_NOT_SAME_THREAD;
}
nsNSSShutDownPreventionLock locker;
nsresult rv;
PLArenaPool *arena = nullptr;
CERTCertificate *caCert;
SECItem derName = { siBuffer, nullptr, 0 };
SECItem derCrl;
CERTSignedData sd;
SECStatus sec_rv;
CERTSignedCrl *crl;
nsAutoCString url;
nsCOMPtr<nsICRLInfo> crlData;
bool importSuccessful;
int32_t errorCode;
nsString errorMessage;
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv)) return rv;
aURI->GetSpec(url);
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) {
goto loser;
}
memset(&sd, 0, sizeof(sd));
derCrl.data = (unsigned char*)aData;
derCrl.len = aLength;
sec_rv = CERT_KeyFromDERCrl(arena, &derCrl, &derName);
if (sec_rv != SECSuccess) {
goto loser;
}
caCert = CERT_FindCertByName(CERT_GetDefaultCertDB(), &derName);
if (!caCert) {
if (aType == SEC_KRL_TYPE){
goto loser;
}
} else {
sec_rv = SEC_ASN1DecodeItem(arena,
&sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
&derCrl);
if (sec_rv != SECSuccess) {
goto loser;
}
sec_rv = CERT_VerifySignedData(&sd, caCert, PR_Now(),
nullptr);
if (sec_rv != SECSuccess) {
goto loser;
}
}
crl = SEC_NewCrl(CERT_GetDefaultCertDB(), const_cast<char*>(url.get()), &derCrl,
aType);
if (!crl) {
goto loser;
}
crlData = new nsCRLInfo(crl);
SSL_ClearSessionCache();
SEC_DestroyCrl(crl);
importSuccessful = true;
goto done;
loser:
importSuccessful = false;
errorCode = PR_GetError();
switch (errorCode) {
case SEC_ERROR_CRL_EXPIRED:
nssComponent->GetPIPNSSBundleString("CrlImportFailureExpired", errorMessage);
break;
case SEC_ERROR_CRL_BAD_SIGNATURE:
nssComponent->GetPIPNSSBundleString("CrlImportFailureBadSignature", errorMessage);
break;
case SEC_ERROR_CRL_INVALID:
nssComponent->GetPIPNSSBundleString("CrlImportFailureInvalid", errorMessage);
break;
case SEC_ERROR_OLD_CRL:
nssComponent->GetPIPNSSBundleString("CrlImportFailureOld", errorMessage);
break;
case SEC_ERROR_CRL_NOT_YET_VALID:
nssComponent->GetPIPNSSBundleString("CrlImportFailureNotYetValid", errorMessage);
break;
default:
nssComponent->GetPIPNSSBundleString("CrlImportFailureReasonUnknown", errorMessage);
errorMessage.AppendInt(errorCode,16);
break;
}
done:
if(!doSilentDownload){
if (!importSuccessful){
nsString message;
nsString temp;
nssComponent->GetPIPNSSBundleString("CrlImportFailure1x", message);
message.Append(NS_LITERAL_STRING("\n").get());
message.Append(errorMessage);
nssComponent->GetPIPNSSBundleString("CrlImportFailure2", temp);
message.Append(NS_LITERAL_STRING("\n").get());
message.Append(temp);
nsNSSComponent::ShowAlertWithConstructedString(message);
} else {
nsCOMPtr<nsICertificateDialogs> certDialogs;
// Not being able to display the success dialog should not
// be a fatal error, so don't return a failure code.
{
nsPSMUITracker tracker;
if (tracker.isUIForbidden()) {
rv = NS_ERROR_NOT_AVAILABLE;
}
else {
rv = ::getNSSDialogs(getter_AddRefs(certDialogs),
NS_GET_IID(nsICertificateDialogs), NS_CERTIFICATEDIALOGS_CONTRACTID);
}
}
if (NS_SUCCEEDED(rv)) {
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
certDialogs->CrlImportStatusDialog(cxt, crlData);
}
}
} else {
if (!crlKey) {
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsIPrefService> prefSvc = do_GetService(NS_PREFSERVICE_CONTRACTID,&rv);
nsCOMPtr<nsIPrefBranch> pref = do_GetService(NS_PREFSERVICE_CONTRACTID,&rv);
if (NS_FAILED(rv)){
return rv;
}
nsAutoCString updateErrCntPrefStr(CRL_AUTOUPDATE_ERRCNT_PREF);
LossyAppendUTF16toASCII(crlKey, updateErrCntPrefStr);
if(importSuccessful){
PRUnichar *updateTime;
nsAutoCString updateTimeStr;
nsCString updateURL;
int32_t timingTypePref;
double dayCnt;
char *dayCntStr;
nsAutoCString updateTypePrefStr(CRL_AUTOUPDATE_TIMIINGTYPE_PREF);
nsAutoCString updateTimePrefStr(CRL_AUTOUPDATE_TIME_PREF);
nsAutoCString updateUrlPrefStr(CRL_AUTOUPDATE_URL_PREF);
nsAutoCString updateDayCntPrefStr(CRL_AUTOUPDATE_DAYCNT_PREF);
nsAutoCString updateFreqCntPrefStr(CRL_AUTOUPDATE_FREQCNT_PREF);
LossyAppendUTF16toASCII(crlKey, updateTypePrefStr);
LossyAppendUTF16toASCII(crlKey, updateTimePrefStr);
LossyAppendUTF16toASCII(crlKey, updateUrlPrefStr);
LossyAppendUTF16toASCII(crlKey, updateDayCntPrefStr);
LossyAppendUTF16toASCII(crlKey, updateFreqCntPrefStr);
pref->GetIntPref(updateTypePrefStr.get(),&timingTypePref);
//Compute and update the next download instant
if(timingTypePref == TYPE_AUTOUPDATE_TIME_BASED){
pref->GetCharPref(updateDayCntPrefStr.get(),&dayCntStr);
}else{
pref->GetCharPref(updateFreqCntPrefStr.get(),&dayCntStr);
}
dayCnt = atof(dayCntStr);
nsMemory::Free(dayCntStr);
bool toBeRescheduled = false;
if(NS_SUCCEEDED(ComputeNextAutoUpdateTime(crlData, timingTypePref, dayCnt, &updateTime))){
updateTimeStr.AssignWithConversion(updateTime);
pref->SetCharPref(updateTimePrefStr.get(),updateTimeStr.get());
//Now, check if this update time is already in the past. This would
//imply we have downloaded the same crl, or there is something wrong
//with the next update date. We will not reschedule this crl in this
//session anymore - or else, we land into a loop. It would anyway be
//imported once the browser is restarted.
if(int64_t(updateTime) > int64_t(PR_Now())){
toBeRescheduled = true;
}
nsMemory::Free(updateTime);
}
//Update the url to download from, next time
crlData->GetLastFetchURL(updateURL);
pref->SetCharPref(updateUrlPrefStr.get(),updateURL.get());
pref->SetIntPref(updateErrCntPrefStr.get(),0);
if (toBeRescheduled) {
nsAutoString hashKey(crlKey);
nssComponent->RemoveCrlFromList(hashKey);
nssComponent->DefineNextTimer();
}
} else{
int32_t errCnt;
nsAutoCString errMsg;
nsAutoCString updateErrDetailPrefStr(CRL_AUTOUPDATE_ERRDETAIL_PREF);
LossyAppendUTF16toASCII(crlKey, updateErrDetailPrefStr);
errMsg.AssignWithConversion(errorMessage.get());
rv = pref->GetIntPref(updateErrCntPrefStr.get(),&errCnt);
if(NS_FAILED(rv))
errCnt = 0;
pref->SetIntPref(updateErrCntPrefStr.get(),errCnt+1);
pref->SetCharPref(updateErrDetailPrefStr.get(),errMsg.get());
}
prefSvc->SavePrefFile(nullptr);
}
return rv;
}
NS_IMETHODIMP
nsCRLManager::UpdateCRLFromURL( const PRUnichar *url, const PRUnichar* key, bool *res)
{
nsresult rv;
nsAutoString downloadUrl(url);
nsAutoString dbKey(key);
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if(NS_FAILED(rv)){
*res = false;
return rv;
}
rv = nssComponent->DownloadCRLDirectly(downloadUrl, dbKey);
if(NS_FAILED(rv)){
*res = false;
} else {
*res = true;
}
return NS_OK;
}
NS_IMETHODIMP
nsCRLManager::RescheduleCRLAutoUpdate(void)
{
nsresult rv;
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if(NS_FAILED(rv)){
return rv;
}
rv = nssComponent->DefineNextTimer();
return rv;
}
/**
* getCRLs
*
* Export a set of certs and keys from the database to a PKCS#12 file.
*/
NS_IMETHODIMP
nsCRLManager::GetCrls(nsIArray ** aCrls)
{
nsNSSShutDownPreventionLock locker;
SECStatus sec_rv;
CERTCrlHeadNode *head = nullptr;
CERTCrlNode *node = nullptr;
nsresult rv;
nsCOMPtr<nsIMutableArray> crlsArray =
do_CreateInstance(NS_ARRAY_CONTRACTID, &rv);
if (NS_FAILED(rv)) {
return rv;
}
// Get the list of certs //
sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1);
if (sec_rv != SECSuccess) {
return NS_ERROR_FAILURE;
}
if (head) {
for (node=head->first; node; node = node->next) {
nsCOMPtr<nsICRLInfo> entry = new nsCRLInfo((node->crl));
crlsArray->AppendElement(entry, false);
}
PORT_FreeArena(head->arena, false);
}
*aCrls = crlsArray;
NS_IF_ADDREF(*aCrls);
return NS_OK;
}
/**
* deleteCrl
*
* Delete a Crl entry from the cert db.
*/
NS_IMETHODIMP
nsCRLManager::DeleteCrl(uint32_t aCrlIndex)
{
nsNSSShutDownPreventionLock locker;
CERTSignedCrl *realCrl = nullptr;
CERTCrlHeadNode *head = nullptr;
CERTCrlNode *node = nullptr;
SECStatus sec_rv;
uint32_t i;
// Get the list of certs //
sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1);
if (sec_rv != SECSuccess) {
return NS_ERROR_FAILURE;
}
if (head) {
for (i = 0, node=head->first; node; i++, node = node->next) {
if (i != aCrlIndex) {
continue;
}
realCrl = SEC_FindCrlByName(CERT_GetDefaultCertDB(), &(node->crl->crl.derName), node->type);
SEC_DeletePermCRL(realCrl);
SEC_DestroyCrl(realCrl);
SSL_ClearSessionCache();
}
PORT_FreeArena(head->arena, false);
}
return NS_OK;
}
NS_IMETHODIMP
nsCRLManager::ComputeNextAutoUpdateTime(nsICRLInfo *info,
uint32_t autoUpdateType, double dayCnt, PRUnichar **nextAutoUpdate)
{
if (!info)
return NS_ERROR_FAILURE;
NS_ENSURE_ARG_POINTER(nextAutoUpdate);
PRTime microsecInDayCnt;
PRTime now = PR_Now();
PRTime tempTime;
int64_t diff = 0;
int64_t secsInDay = 86400UL;
int64_t temp;
int64_t cycleCnt = 0;
double tmpData = double(secsInDay);
tmpData *= dayCnt;
microsecInDayCnt = int64_t(tmpData) * PR_USEC_PER_SEC;
PRTime lastUpdate;
PRTime nextUpdate;
nsresult rv;
rv = info->GetLastUpdate(&lastUpdate);
if (NS_FAILED(rv))
return rv;
rv = info->GetNextUpdate(&nextUpdate);
if (NS_FAILED(rv))
return rv;
switch (autoUpdateType) {
case TYPE_AUTOUPDATE_FREQ_BASED:
diff = now - lastUpdate; //diff is the no of micro sec between now and last update
cycleCnt = diff / microsecInDayCnt; //temp is the number of full cycles from lst update
temp = diff % microsecInDayCnt;
if(temp != 0) {
++cycleCnt; //no of complete cycles till next autoupdate instant
}
temp = cycleCnt * microsecInDayCnt; //micro secs from last update
tempTime = lastUpdate + temp;
break;
case TYPE_AUTOUPDATE_TIME_BASED:
tempTime = nextUpdate - microsecInDayCnt;
break;
default:
return NS_ERROR_NOT_IMPLEMENTED;
}
//Now, a basic constraing is that the next auto update date can never be after
//next update, if one is defined
if(nextUpdate > 0) {
if(tempTime > nextUpdate) {
tempTime = nextUpdate;
}
}
// Return value as string; no pref type for Int64/PRTime
char *tempTimeStr = PR_smprintf("%lli", tempTime);
*nextAutoUpdate = ToNewUnicode(nsDependentCString(tempTimeStr));
PR_smprintf_free(tempTimeStr);
return NS_OK;
}

20
security/manager/ssl/src/nsCRLManager.h
Просмотреть файл

@ -1,20 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef _NSCRLMANAGER_H_
#define _NSCRLMANAGER_H_
#include "nsICRLManager.h"
class nsCRLManager : public nsICRLManager
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICRLMANAGER
nsCRLManager();
virtual ~nsCRLManager();
};
#endif

464
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -11,28 +11,12 @@
#include "nsNSSComponent.h"
#include "CertVerifier.h"
#include "nsNSSCallbacks.h"
#include "nsNSSIOLayer.h"
#include "nsCertVerificationThread.h"
#include "nsNetUtil.h"
#include "nsAppDirectoryServiceDefs.h"
#include "nsDirectoryService.h"
#include "nsIStreamListener.h"
#include "nsIStringBundle.h"
#include "nsIDirectoryService.h"
#include "nsCURILoader.h"
#include "nsDirectoryServiceDefs.h"
#include "nsIX509Cert.h"
#include "nsIX509CertDB.h"
#include "nsNSSCertificate.h"
#include "nsNSSHelper.h"
#include "prlog.h"
#include "nsICertOverrideService.h"
#include "nsIPrefService.h"
#include "nsIPrefBranch.h"
#include "nsIDateTimeFormat.h"
#include "nsDateTimeFormatCID.h"
#include "nsThreadUtils.h"
#ifndef MOZ_DISABLE_CRYPTOLEGACY
#include "nsIDOMNode.h"
@ -50,22 +34,13 @@
#endif
#include "nsCRT.h"
#include "nsCRLInfo.h"
#include "nsCertOverrideService.h"
#include "nsNTLMAuthModule.h"
#include "nsIWindowWatcher.h"
#include "nsIPrompt.h"
#include "nsCertificatePrincipal.h"
#include "nsReadableUtils.h"
#include "nsIDateTimeFormat.h"
#include "prtypes.h"
#include "nsIEntropyCollector.h"
#include "nsIBufEntropyCollector.h"
#include "nsIServiceManager.h"
#include "nsIFile.h"
#include "nsITokenPasswordDialogs.h"
#include "nsICRLManager.h"
#include "nsNSSShutDown.h"
#include "GeneratedEvents.h"
#include "SharedSSLState.h"
@ -76,19 +51,15 @@
#include "secmod.h"
#include "secmime.h"
#include "ocsp.h"
#include "nssckbi.h"
#include "base64.h"
#include "secerr.h"
#include "sslerr.h"
#include "nsXULAppAPI.h"
#include <algorithm>
#ifdef XP_WIN
#include "nsILocalFileWin.h"
#endif
#include "pkcs12.h"
#include "p12plcy.h"
using namespace mozilla;
@ -113,35 +84,6 @@ extern char* pk11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void *arg);
#define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties"
#define NSSERR_STRBUNDLE_URL "chrome://pipnss/locale/nsserrors.properties"
class CRLDownloadEvent : public nsRunnable {
public:
CRLDownloadEvent(const nsCSubstring &urlString, nsIStreamListener *listener)
: mURLString(urlString)
, mListener(listener)
{}
// Note that nsNSSComponent is a singleton object across all threads,
// and automatic downloads are always scheduled sequentially - that is,
// once one crl download is complete, the next one is scheduled
NS_IMETHOD Run()
{
if (!mListener || mURLString.IsEmpty())
return NS_OK;
nsCOMPtr<nsIURI> uri;
nsresult rv = NS_NewURI(getter_AddRefs(uri), mURLString);
if (NS_SUCCEEDED(rv)){
NS_OpenURI(mListener, nullptr, uri);
}
return NS_OK;
}
private:
nsCString mURLString;
nsCOMPtr<nsIStreamListener> mListener;
};
#ifndef MOZ_DISABLE_CRYPTOLEGACY
//This class is used to run the callback code
//passed to the event handlers for smart card notification
@ -264,7 +206,6 @@ bool EnsureNSSInitialized(EnsureNSSOperator op)
nsNSSComponent::nsNSSComponent()
:mutex("nsNSSComponent.mutex"),
mNSSInitialized(false),
mCrlTimerLock("nsNSSComponent.mCrlTimerLock"),
#ifndef MOZ_DISABLE_CRYPTOLEGACY
mThreadList(nullptr),
#endif
@ -275,10 +216,6 @@ nsNSSComponent::nsNSSComponent()
gPIPNSSLog = PR_NewLogModule("pipnss");
#endif
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::ctor\n"));
mUpdateTimerInitialized = false;
crlDownloadTimerOn = false;
crlsScheduledForDownload = nullptr;
mTimer = nullptr;
mObserversRegistered = false;
#ifndef NSS_NO_LIBPKIX
@ -326,22 +263,6 @@ nsNSSComponent::~nsNSSComponent()
deleteBackgroundThreads();
if (mUpdateTimerInitialized) {
{
MutexAutoLock lock(mCrlTimerLock);
if (crlDownloadTimerOn) {
mTimer->Cancel();
}
crlDownloadTimerOn = false;
}
if (crlsScheduledForDownload) {
crlsScheduledForDownload->Reset();
delete crlsScheduledForDownload;
}
mUpdateTimerInitialized = false;
}
// All cleanup code requiring services needs to happen in xpcom_shutdown
ShutdownNSS();
@ -1111,285 +1032,6 @@ nsNSSComponent::SkipOcspOff()
return NS_OK;
}
nsresult
nsNSSComponent::PostCRLImportEvent(const nsCSubstring &urlString,
nsIStreamListener *listener)
{
//Create the event
nsCOMPtr<nsIRunnable> event = new CRLDownloadEvent(urlString, listener);
//Get a handle to the ui thread
return NS_DispatchToMainThread(event);
}
nsresult
nsNSSComponent::DownloadCRLDirectly(nsAutoString url, nsAutoString key)
{
//This api is meant to support direct interactive update of crl from the crl manager
//or other such ui.
nsCOMPtr<nsIStreamListener> listener =
new PSMContentDownloader(PSMContentDownloader::PKCS7_CRL);
NS_ConvertUTF16toUTF8 url8(url);
return PostCRLImportEvent(url8, listener);
}
nsresult nsNSSComponent::DownloadCrlSilently()
{
//Add this attempt to the hashtable
nsStringKey hashKey(mCrlUpdateKey.get());
crlsScheduledForDownload->Put(&hashKey,(void *)nullptr);
//Set up the download handler
RefPtr<PSMContentDownloader> psmDownloader(
new PSMContentDownloader(PSMContentDownloader::PKCS7_CRL));
psmDownloader->setSilentDownload(true);
psmDownloader->setCrlAutodownloadKey(mCrlUpdateKey);
//Now get the url string
NS_ConvertUTF16toUTF8 url8(mDownloadURL);
return PostCRLImportEvent(url8, psmDownloader);
}
nsresult nsNSSComponent::getParamsForNextCrlToDownload(nsAutoString *url, PRTime *time, nsAutoString *key)
{
const char *updateEnabledPref = CRL_AUTOUPDATE_ENABLED_PREF;
const char *updateTimePref = CRL_AUTOUPDATE_TIME_PREF;
const char *updateURLPref = CRL_AUTOUPDATE_URL_PREF;
char **allCrlsToBeUpdated;
uint32_t noOfCrls;
PRTime nearestUpdateTime = 0;
nsAutoString crlKey;
char *tempUrl;
nsresult rv;
nsCOMPtr<nsIPrefBranch> pref = do_GetService(NS_PREFSERVICE_CONTRACTID,&rv);
if(NS_FAILED(rv)){
return rv;
}
rv = pref->GetChildList(updateEnabledPref, &noOfCrls, &allCrlsToBeUpdated);
if ( (NS_FAILED(rv)) || (noOfCrls==0) ){
return NS_ERROR_FAILURE;
}
for(uint32_t i=0;i<noOfCrls;i++) {
//First check if update pref is enabled for this crl
bool autoUpdateEnabled = false;
rv = pref->GetBoolPref(*(allCrlsToBeUpdated+i), &autoUpdateEnabled);
if (NS_FAILED(rv) || !autoUpdateEnabled) {
continue;
}
nsAutoString tempCrlKey;
//Now, generate the crl key. Same key would be used as hashkey as well
nsAutoCString enabledPrefCString(*(allCrlsToBeUpdated+i));
enabledPrefCString.ReplaceSubstring(updateEnabledPref,".");
tempCrlKey.AssignWithConversion(enabledPrefCString.get());
//Check if this crl has already been scheduled. Its presence in the hashtable
//implies that it has been scheduled already this client session, and
//is either in the process of being downloaded, or its download failed
//for some reason. In the second case, we will not retry in the current client session
nsStringKey hashKey(tempCrlKey.get());
if(crlsScheduledForDownload->Exists(&hashKey)){
continue;
}
char *tempTimeString;
PRTime tempTime;
nsAutoCString timingPrefCString(updateTimePref);
LossyAppendUTF16toASCII(tempCrlKey, timingPrefCString);
// No PRTime/Int64 type in prefs; stored as string; parsed here as int64_t
rv = pref->GetCharPref(timingPrefCString.get(), &tempTimeString);
if (NS_FAILED(rv)){
// Assume corrupted. Force download. Pref should be reset after download.
tempTime = PR_Now();
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
("get %s failed: forcing download\n", timingPrefCString.get()));
} else {
tempTime = (PRTime)nsCRT::atoll(tempTimeString);
nsMemory::Free(tempTimeString);
// nsCRT::atoll parses the first token in the string; three possibilities
// -1- Alpha char: returns 0; change to PR_Now() and force update.
// -2- Number (between epoch and PR_Now(), e.g. 0 - 1332280017 for
// Tue Mar 20, 2012, 2:46pm approx): includes formatted date
// values (previous method of storing update date, e.g year, month
// or day, 2012, 1-31, 1-12 etc). Less than PR_Now() forces
// autoupdate.
// -3- Number (larger than PR_Now()): no forced autoupdate
// Note: corrupt values within range of -2- will have an implicit
// unflagged recovery. Corrupt values in range of -3- will be unflagged
// and unrecovered by this code.
if (tempTime == 0)
tempTime = PR_Now();
#ifdef PR_LOGGING
PRExplodedTime explodedTime;
PR_ExplodeTime(tempTime, PR_GMTParameters, &explodedTime);
// Note: tm_month starts from 0 = Jan, hence +1
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
("%s tempTime(%lli) "
"(m/d/y h:m:s = %02d/%02d/%d %02d:%02d:%02d GMT\n",
timingPrefCString.get(), tempTime,
explodedTime.tm_month+1, explodedTime.tm_mday,
explodedTime.tm_year, explodedTime.tm_hour,
explodedTime.tm_min, explodedTime.tm_sec));
#endif
}
if(nearestUpdateTime == 0 || tempTime < nearestUpdateTime){
nsAutoCString urlPrefCString(updateURLPref);
LossyAppendUTF16toASCII(tempCrlKey, urlPrefCString);
rv = pref->GetCharPref(urlPrefCString.get(), &tempUrl);
if (NS_FAILED(rv) || (!tempUrl)){
continue;
}
nearestUpdateTime = tempTime;
crlKey = tempCrlKey;
}
}
if(noOfCrls > 0)
NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(noOfCrls, allCrlsToBeUpdated);
if(nearestUpdateTime > 0){
*time = nearestUpdateTime;
url->AssignWithConversion((const char *)tempUrl);
nsMemory::Free(tempUrl);
*key = crlKey;
rv = NS_OK;
} else{
rv = NS_ERROR_FAILURE;
}
return rv;
}
NS_IMETHODIMP
nsNSSComponent::Notify(nsITimer *timer)
{
//Timer has fired. So set the flag accordingly
{
MutexAutoLock lock(mCrlTimerLock);
crlDownloadTimerOn = false;
}
//First, handle this download
DownloadCrlSilently();
//Dont Worry if successful or not
//Set the next timer
DefineNextTimer();
return NS_OK;
}
nsresult
nsNSSComponent::RemoveCrlFromList(nsAutoString key)
{
nsStringKey hashKey(key.get());
if(crlsScheduledForDownload->Exists(&hashKey)){
crlsScheduledForDownload->Remove(&hashKey);
}
return NS_OK;
}
nsresult
nsNSSComponent::DefineNextTimer()
{
PRTime nextFiring;
PRTime now = PR_Now();
uint32_t interval;
uint32_t primaryDelay = CRL_AUTOUPDATE_DEFAULT_DELAY;
nsresult rv;
if(!mTimer){
mTimer = do_CreateInstance("@mozilla.org/timer;1", &rv);
if(NS_FAILED(rv))
return rv;
}
//If some timer is already running, cancel it. Thus, the request that came last,
//wins. This would ensure that in no way we end up setting two different timers
//This part should be synchronized because this function might be called from separate
//threads
MutexAutoLock lock(mCrlTimerLock);
if (crlDownloadTimerOn) {
mTimer->Cancel();
}
rv = getParamsForNextCrlToDownload(&mDownloadURL, &nextFiring, &mCrlUpdateKey);
//If there are no more crls to be updated any time in future
if(NS_FAILED(rv)){
// Return - no error - just implies nothing to schedule
return NS_OK;
}
//Define the firing interval, from NOW
if ( now < nextFiring) {
interval = uint32_t(nextFiring - now);
//Now, we are doing 32 operations - so, don't need LL_ functions...
interval = interval/PR_USEC_PER_MSEC;
}else {
interval = primaryDelay;
}
mTimer->InitWithCallback(static_cast<nsITimerCallback*>(this),
interval,
nsITimer::TYPE_ONE_SHOT);
crlDownloadTimerOn = true;
return NS_OK;
}
//Note that the StopCRLUpdateTimer and InitializeCRLUpdateTimer functions should never be called
//simultaneously from diff threads - they are NOT threadsafe. But, since there is no chance of
//that happening, there is not much benefit it trying to make it so at this point
nsresult
nsNSSComponent::StopCRLUpdateTimer()
{
//If it is at all running.
if (mUpdateTimerInitialized) {
if (crlsScheduledForDownload) {
crlsScheduledForDownload->Reset();
delete crlsScheduledForDownload;
crlsScheduledForDownload = nullptr;
}
{
MutexAutoLock lock(mCrlTimerLock);
if (crlDownloadTimerOn) {
mTimer->Cancel();
}
crlDownloadTimerOn = false;
}
mUpdateTimerInitialized = false;
}
return NS_OK;
}
nsresult
nsNSSComponent::InitializeCRLUpdateTimer()
{
nsresult rv;
//First check if this is already initialized. Then we stop it.
if (!mUpdateTimerInitialized) {
mTimer = do_CreateInstance("@mozilla.org/timer;1", &rv);
if(NS_FAILED(rv)){
return rv;
}
crlsScheduledForDownload = new nsHashtable(16, true);
DefineNextTimer();
mUpdateTimerInitialized = true;
}
return NS_OK;
}
static void configureMD5(bool enabled)
{
if (enabled) { // set flags
@ -1754,7 +1396,6 @@ nsNSSComponent::Init()
return NS_ERROR_OUT_OF_MEMORY;
}
InitializeCRLUpdateTimer();
RegisterPSMContentListener();
nsCOMPtr<nsIEntropyCollector> ec
@ -1776,13 +1417,12 @@ nsNSSComponent::Init()
}
/* nsISupports Implementation for the class */
NS_IMPL_THREADSAFE_ISUPPORTS6(nsNSSComponent,
NS_IMPL_THREADSAFE_ISUPPORTS5(nsNSSComponent,
nsISignatureVerifier,
nsIEntropyCollector,
nsINSSComponent,
nsIObserver,
nsISupportsWeakReference,
nsITimerCallback)
nsISupportsWeakReference)
/* Callback functions for decoder. For now, use empty/default functions. */
@ -1980,8 +1620,6 @@ nsNSSComponent::Observe(nsISupports *aSubject, const char *aTopic,
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to Initialize NSS after profile switch.\n"));
}
}
InitializeCRLUpdateTimer();
}
else if (nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
@ -2227,8 +1865,6 @@ nsNSSComponent::DoProfileBeforeChange(nsISupports* aSubject)
}
}
StopCRLUpdateTimer();
if (needsCleanup) {
ShutdownNSS();
}
@ -2352,8 +1988,7 @@ setPassword(PK11SlotInfo *slot, nsIInterfaceRequestor *ctx)
PSMContentDownloader::PSMContentDownloader(uint32_t type)
: mByteData(nullptr),
mType(type),
mDoSilentDownload(false)
mType(type)
{
}
@ -2443,14 +2078,12 @@ PSMContentDownloader::OnStopRequest(nsIRequest* request,
//Check if the download succeeded - it might have failed due to
//network issues, etc.
if (NS_FAILED(aStatus)){
handleContentDownloadError(aStatus);
return aStatus;
}
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnStopRequest\n"));
nsCOMPtr<nsIX509CertDB> certdb;
nsCOMPtr<nsICRLManager> crlManager;
nsresult rv;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
@ -2462,9 +2095,6 @@ PSMContentDownloader::OnStopRequest(nsIRequest* request,
certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
break;
case PSMContentDownloader::PKCS7_CRL:
crlManager = do_GetService(NS_CRLMANAGER_CONTRACTID);
default:
break;
}
@ -2476,8 +2106,6 @@ PSMContentDownloader::OnStopRequest(nsIRequest* request,
return certdb->ImportUserCertificate((uint8_t*)mByteData, mBufferOffset, ctx);
case PSMContentDownloader::X509_EMAIL_CERT:
return certdb->ImportEmailCertificate((uint8_t*)mByteData, mBufferOffset, ctx);
case PSMContentDownloader::PKCS7_CRL:
return crlManager->ImportCrl((uint8_t*)mByteData, mBufferOffset, mURI, SEC_CRL_TYPE, mDoSilentDownload, mCrlAutoDownloadKey.get());
default:
rv = NS_ERROR_FAILURE;
break;
@ -2486,85 +2114,8 @@ PSMContentDownloader::OnStopRequest(nsIRequest* request,
return rv;
}
nsresult
PSMContentDownloader::handleContentDownloadError(nsresult errCode)
{
nsString tmpMessage;
nsresult rv;
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if(NS_FAILED(rv)){
return rv;
}
//Handling errors for crl download only, for now.
switch (mType){
case PSMContentDownloader::PKCS7_CRL:
//TO DO: Handle network errors in details
//XXXXXXXXXXXXXXXXXX
nssComponent->GetPIPNSSBundleString("CrlImportFailureNetworkProblem", tmpMessage);
if (mDoSilentDownload) {
//This is the case for automatic download. Update failure history
nsAutoCString updateErrCntPrefStr(CRL_AUTOUPDATE_ERRCNT_PREF);
nsAutoCString updateErrDetailPrefStr(CRL_AUTOUPDATE_ERRDETAIL_PREF);
nsCString errMsg;
int32_t errCnt;
nsCOMPtr<nsIPrefBranch> pref = do_GetService(NS_PREFSERVICE_CONTRACTID,&rv);
if(NS_FAILED(rv)){
return rv;
}
LossyAppendUTF16toASCII(mCrlAutoDownloadKey, updateErrCntPrefStr);
LossyAppendUTF16toASCII(mCrlAutoDownloadKey, updateErrDetailPrefStr);
errMsg.AssignWithConversion(tmpMessage.get());
rv = pref->GetIntPref(updateErrCntPrefStr.get(),&errCnt);
if( (NS_FAILED(rv)) || (errCnt == 0) ){
pref->SetIntPref(updateErrCntPrefStr.get(),1);
}else{
pref->SetIntPref(updateErrCntPrefStr.get(),errCnt+1);
}
pref->SetCharPref(updateErrDetailPrefStr.get(),errMsg.get());
nsCOMPtr<nsIPrefService> prefSvc(do_QueryInterface(pref));
prefSvc->SavePrefFile(nullptr);
}else{
nsString message;
nssComponent->GetPIPNSSBundleString("CrlImportFailure1x", message);
message.Append(NS_LITERAL_STRING("\n").get());
message.Append(tmpMessage);
nssComponent->GetPIPNSSBundleString("CrlImportFailure2", tmpMessage);
message.Append(NS_LITERAL_STRING("\n").get());
message.Append(tmpMessage);
nsNSSComponent::ShowAlertWithConstructedString(message);
}
break;
default:
break;
}
return NS_OK;
}
void
PSMContentDownloader::setSilentDownload(bool flag)
{
mDoSilentDownload = flag;
}
void
PSMContentDownloader::setCrlAutodownloadKey(nsAutoString key)
{
mCrlAutoDownloadKey = key;
}
/* other mime types that we should handle sometime:
application/x-pkcs7-crl
application/x-pkcs7-mime
application/pkcs7-signature
application/pre-encrypted
@ -2585,12 +2136,7 @@ getPSMContentType(const char * aContentType)
return PSMContentDownloader::X509_USER_CERT;
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
return PSMContentDownloader::X509_EMAIL_CERT;
else if (!nsCRT::strcasecmp(aContentType, "application/x-pkcs7-crl"))
return PSMContentDownloader::PKCS7_CRL;
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-crl"))
return PSMContentDownloader::PKCS7_CRL;
else if (!nsCRT::strcasecmp(aContentType, "application/pkix-crl"))
return PSMContentDownloader::PKCS7_CRL;
return PSMContentDownloader::UNKNOWN_TYPE;
}

41
security/manager/ssl/src/nsNSSComponent.h
Просмотреть файл

@ -14,7 +14,6 @@
#include "nsIURIContentListener.h"
#include "nsIStreamListener.h"
#include "nsIEntropyCollector.h"
#include "nsString.h"
#include "nsIStringBundle.h"
#include "nsIPrefBranch.h"
#include "nsIObserver.h"
@ -22,17 +21,17 @@
#include "nsWeakReference.h"
#ifndef MOZ_DISABLE_CRYPTOLEGACY
#include "nsIDOMEventTarget.h"
#include "nsSmartCardMonitor.h"
#endif
#include "nsINSSErrorsService.h"
#include "nsITimer.h"
#include "nsNetUtil.h"
#include "nsHashtable.h"
#include "nsNSSCallbacks.h"
#include "nsNSSShutDown.h"
#include "ScopedNSSTypes.h"
#include "nsNSSHelper.h"
#include "nsClientAuthRemember.h"
#include "prerror.h"
class nsIPrompt;
class SmartCardThreadList;
namespace mozilla { namespace psm {
@ -79,7 +78,6 @@ public:
PSMContentDownloader(uint32_t type);
virtual ~PSMContentDownloader();
void setSilentDownload(bool flag);
void setCrlAutodownloadKey(nsAutoString key);
NS_DECL_ISUPPORTS
NS_DECL_NSIREQUESTOBSERVER
@ -90,17 +88,13 @@ public:
enum {X509_USER_CERT = 2};
enum {X509_EMAIL_CERT = 3};
enum {X509_SERVER_CERT = 4};
enum {PKCS7_CRL = 5};
protected:
char* mByteData;
int32_t mBufferOffset;
int32_t mBufferSize;
uint32_t mType;
bool mDoSilentDownload;
nsString mCrlAutoDownloadKey;
nsCOMPtr<nsIURI> mURI;
nsresult handleContentDownloadError(nsresult errCode);
};
class nsNSSComponent;
@ -133,12 +127,6 @@ class NS_NO_VTABLE nsINSSComponent : public nsISupports {
// values in the preferences.
NS_IMETHOD SkipOcspOff() = 0;
NS_IMETHOD RemoveCrlFromList(nsAutoString) = 0;
NS_IMETHOD DefineNextTimer() = 0;
NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString) = 0;
NS_IMETHOD LogoutAuthenticatedPK11() = 0;
#ifndef MOZ_DISABLE_CRYPTOLEGACY
@ -171,8 +159,7 @@ class nsNSSComponent : public nsISignatureVerifier,
public nsIEntropyCollector,
public nsINSSComponent,
public nsIObserver,
public nsSupportsWeakReference,
public nsITimerCallback
public nsSupportsWeakReference
{
typedef mozilla::Mutex Mutex;
@ -186,7 +173,6 @@ public:
NS_DECL_NSISIGNATUREVERIFIER
NS_DECL_NSIENTROPYCOLLECTOR
NS_DECL_NSIOBSERVER
NS_DECL_NSITIMERCALLBACK
NS_METHOD Init();
@ -208,12 +194,7 @@ public:
nsAString &outString);
NS_IMETHOD SkipOcsp();
NS_IMETHOD SkipOcspOff();
nsresult InitializeCRLUpdateTimer();
nsresult StopCRLUpdateTimer();
NS_IMETHOD RemoveCrlFromList(nsAutoString);
NS_IMETHOD DefineNextTimer();
NS_IMETHOD LogoutAuthenticatedPK11();
NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString);
#ifndef MOZ_DISABLE_CRYPTOLEGACY
NS_IMETHOD LaunchSmartCardThread(SECMODModule *module);
@ -247,9 +228,6 @@ private:
nsresult RegisterPSMContentListener();
nsresult RegisterObservers();
nsresult DeregisterObservers();
nsresult DownloadCrlSilently();
nsresult PostCRLImportEvent(const nsCSubstring &urlString, nsIStreamListener *psmDownloader);
nsresult getParamsForNextCrlToDownload(nsAutoString *url, PRTime *time, nsAutoString *key);
// Methods that we use to handle the profile change notifications (and to
// synthesize a full profile change when we're just doing a profile startup):
@ -264,15 +242,8 @@ private:
nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
nsCOMPtr<nsIURIContentListener> mPSMContentListener;
nsCOMPtr<nsIPrefBranch> mPrefBranch;
nsCOMPtr<nsITimer> mTimer;
bool mNSSInitialized;
bool mObserversRegistered;
nsAutoString mDownloadURL;
nsAutoString mCrlUpdateKey;
Mutex mCrlTimerLock;
nsHashtable *crlsScheduledForDownload;
bool crlDownloadTimerOn;
bool mUpdateTimerInitialized;
static int mInstanceCount;
nsNSSShutDownList *mShutdownObjectList;
#ifndef MOZ_DISABLE_CRYPTOLEGACY

8
security/manager/ssl/src/nsNSSModule.cpp
Просмотреть файл

@ -32,7 +32,6 @@
#include "nsCertPicker.h"
#include "nsCURILoader.h"
#include "nsICategoryManager.h"
#include "nsCRLManager.h"
#include "nsNTLMAuthModule.h"
#include "nsStreamCipher.h"
#include "nsKeyModule.h"
@ -196,7 +195,6 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCMSDecoder)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCMSEncoder)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCMSMessage)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertPicker)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCRLManager)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNTLMAuthModule, InitTest)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCryptoHash)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCryptoHMAC)
@ -238,7 +236,6 @@ NS_DEFINE_NAMED_CID(NS_CMSMESSAGE_CID);
NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
NS_DEFINE_NAMED_CID(NS_CERT_PICKER_CID);
NS_DEFINE_NAMED_CID(NS_CRLMANAGER_CID);
NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID);
NS_DEFINE_NAMED_CID(NS_STREAMCIPHER_CID);
NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID);
@ -277,7 +274,6 @@ static const mozilla::Module::CIDEntry kNSSCIDs[] = {
{ &kNS_CRYPTO_HASH_CID, false, nullptr, nsCryptoHashConstructor },
{ &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor },
{ &kNS_CERT_PICKER_CID, false, nullptr, nsCertPickerConstructor },
{ &kNS_CRLMANAGER_CID, false, nullptr, nsCRLManagerConstructor },
{ &kNS_NTLMAUTHMODULE_CID, false, nullptr, nsNTLMAuthModuleConstructor },
{ &kNS_STREAMCIPHER_CID, false, nullptr, nsStreamCipherConstructor },
{ &kNS_KEYMODULEOBJECT_CID, false, nullptr, nsKeyObjectConstructor },
@ -320,7 +316,6 @@ static const mozilla::Module::ContractIDEntry kNSSContracts[] = {
{ NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID },
{ NS_CERT_PICKER_CONTRACTID, &kNS_CERT_PICKER_CID },
{ "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },
{ NS_CRLMANAGER_CONTRACTID, &kNS_CRLMANAGER_CID },
{ NS_CRYPTO_FIPSINFO_SERVICE_CONTRACTID, &kNS_PKCS11MODULEDB_CID },
{ NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
{ NS_STREAMCIPHER_CONTRACTID, &kNS_STREAMCIPHER_CID },
@ -337,9 +332,6 @@ static const mozilla::Module::CategoryEntry kNSSCategories[] = {
{ NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-server-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
{ NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-user-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
{ NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-email-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
{ NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-pkcs7-crl", "@mozilla.org/uriloader/psm-external-content-listener;1" },
{ NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-crl", "@mozilla.org/uriloader/psm-external-content-listener;1" },
{ NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/pkix-crl", "@mozilla.org/uriloader/psm-external-content-listener;1" },
{ nullptr }
};