зеркало из https://github.com/mozilla/gecko-dev.git
b=129067 Deleted certs still appear in Cert Manager.
r=javi sr=alecf
This commit is contained in:
Родитель
6d4667a84a
Коммит
1a9df62b37
|
@ -37,6 +37,7 @@ const nsPKIParamBlock = "@mozilla.org/security/pkiparamblock;1";
|
|||
var key;
|
||||
|
||||
var selected_certs = [];
|
||||
var selected_cert_index = [];
|
||||
var certdb;
|
||||
|
||||
var caTreeView;
|
||||
|
@ -92,14 +93,6 @@ function LoadCerts()
|
|||
verifiedCol.setAttribute('label', verifiedColText);
|
||||
}
|
||||
|
||||
function ReloadCerts()
|
||||
{
|
||||
caTreeView.loadCerts(nsIX509Cert.CA_CERT);
|
||||
serverTreeView.loadCerts(nsIX509Cert.SERVER_CERT);
|
||||
emailTreeView.loadCerts(nsIX509Cert.EMAIL_CERT);
|
||||
userTreeView.loadCerts(nsIX509Cert.USER_CERT);
|
||||
}
|
||||
|
||||
function getSelectedTab()
|
||||
{
|
||||
var selTab = document.getElementById('certMgrTabbox').selectedItem;
|
||||
|
@ -160,8 +153,11 @@ function getSelectedCerts()
|
|||
} else if (websites_tab.selected) {
|
||||
cert = serverTreeView.getCert(j);
|
||||
}
|
||||
if (cert)
|
||||
selected_certs[selected_certs.length] = cert;
|
||||
if (cert) {
|
||||
var sc = selected_certs.length;
|
||||
selected_certs[sc] = cert;
|
||||
selected_cert_index[sc] = j;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -252,6 +248,8 @@ function backupCerts()
|
|||
{
|
||||
getSelectedCerts();
|
||||
var numcerts = selected_certs.length;
|
||||
if (!numcerts)
|
||||
return;
|
||||
var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
|
||||
var fp = Components.classes[nsFilePicker].createInstance(nsIFilePicker);
|
||||
fp.init(window,
|
||||
|
@ -277,6 +275,8 @@ function editCerts()
|
|||
{
|
||||
getSelectedCerts();
|
||||
var numcerts = selected_certs.length;
|
||||
if (!numcerts)
|
||||
return;
|
||||
for (var t=0; t<numcerts; t++) {
|
||||
var cert = selected_certs[t];
|
||||
var certkey = cert.dbKey;
|
||||
|
@ -305,18 +305,21 @@ function restoreCerts()
|
|||
certdb.importPKCS12File(null, fp.file);
|
||||
}
|
||||
userTreeView.loadCerts(nsIX509Cert.USER_CERT);
|
||||
userTreeView.selection.clearSelection();
|
||||
}
|
||||
|
||||
function deleteCerts()
|
||||
{
|
||||
getSelectedCerts();
|
||||
var numcerts = selected_certs.length;
|
||||
if (!numcerts)
|
||||
return;
|
||||
|
||||
var params = Components.classes[nsDialogParamBlock].createInstance(nsIDialogParamBlock);
|
||||
|
||||
var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
|
||||
var selTab = document.getElementById('certMgrTabbox').selectedItem;
|
||||
var selTabID = selTab.getAttribute('id');
|
||||
var numcerts = selected_certs.length;
|
||||
|
||||
params.SetNumberStrings(numcerts+1);
|
||||
|
||||
|
@ -347,16 +350,56 @@ function deleteCerts()
|
|||
var cert = selected_certs[t];
|
||||
params.SetString(t+1, cert.dbKey);
|
||||
}
|
||||
|
||||
|
||||
// The dialog will modify the params.
|
||||
// Every param item where the corresponding cert could get deleted,
|
||||
// will still contain the db key.
|
||||
// Certs which could not get deleted, will have their corrensponding
|
||||
// param string erased.
|
||||
window.openDialog('chrome://pippki/content/deletecert.xul', "",
|
||||
'chrome,resizable=1,modal',params);
|
||||
|
||||
ReloadCerts();
|
||||
if (params.GetInt(1) == 1) {
|
||||
// user closed dialog with OK
|
||||
var treeView = null;
|
||||
var loadParam = null;
|
||||
|
||||
var selTab = document.getElementById('certMgrTabbox').selectedItem;
|
||||
var selTabID = selTab.getAttribute('id');
|
||||
if (selTabID == 'mine_tab') {
|
||||
treeView = userTreeView;
|
||||
loadParam = nsIX509Cert.USER_CERT;
|
||||
} else if (selTabID == "others_tab") {
|
||||
treeView = emailTreeView;
|
||||
loadParam = nsIX509Cert.EMAIL_CERT;
|
||||
} else if (selTabID == "websites_tab") {
|
||||
treeView = serverTreeView;
|
||||
loadParam = nsIX509Cert.SERVER_CERT;
|
||||
} else if (selTabID == "ca_tab") {
|
||||
treeView = caTreeView;
|
||||
loadParam = nsIX509Cert.CA_CERT;
|
||||
}
|
||||
|
||||
for (var t=numcerts-1; t>=0; t--)
|
||||
{
|
||||
var s = params.GetString(t+1);
|
||||
if (s.length) {
|
||||
// This cert was deleted.
|
||||
treeView.removeCert(selected_cert_index[t]);
|
||||
}
|
||||
}
|
||||
|
||||
treeView.selection.clearSelection();
|
||||
}
|
||||
}
|
||||
|
||||
function viewCerts()
|
||||
{
|
||||
getSelectedCerts();
|
||||
var numcerts = selected_certs.length;
|
||||
if (!numcerts)
|
||||
return;
|
||||
|
||||
var numcerts = selected_certs.length;
|
||||
for (var t=0; t<numcerts; t++) {
|
||||
selected_certs[t].view();
|
||||
|
|
|
@ -29,20 +29,21 @@ const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
|
|||
var certdb;
|
||||
var certs = [];
|
||||
var helpUrl;
|
||||
var gParams;
|
||||
|
||||
function setWindowName()
|
||||
{
|
||||
var params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
|
||||
gParams = window.arguments[0].QueryInterface(nsIDialogParamBlock);
|
||||
|
||||
// Get the cert from the cert database
|
||||
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
|
||||
|
||||
var typeFlag = params.GetString(0);
|
||||
var numberOfCerts = params.GetInt(0);
|
||||
var typeFlag = gParams.GetString(0);
|
||||
var numberOfCerts = gParams.GetInt(0);
|
||||
var dbkey;
|
||||
for(var x=0; x<numberOfCerts;x++)
|
||||
{
|
||||
dbkey = params.GetString(x+1);
|
||||
dbkey = gParams.GetString(x+1);
|
||||
certs[x] = certdb.getCertByDBKey(dbkey , null);
|
||||
}
|
||||
|
||||
|
@ -94,6 +95,8 @@ function setWindowName()
|
|||
var text;
|
||||
for(x=0;x<certs.length;x++)
|
||||
{
|
||||
if (!certs[x])
|
||||
continue;
|
||||
text = document.createElement("text");
|
||||
text.setAttribute("value",certs[x].commonName);
|
||||
box.appendChild(text);
|
||||
|
@ -105,10 +108,33 @@ function setWindowName()
|
|||
|
||||
function doOK()
|
||||
{
|
||||
// On returning our param list will contain keys of those certs that were deleted.
|
||||
// It will contain empty strings for those certs that are still alive.
|
||||
|
||||
for(var i=0;i<certs.length;i++)
|
||||
{
|
||||
certdb.deleteCertificate(certs[i]);
|
||||
if (certs[i]) {
|
||||
try {
|
||||
certdb.deleteCertificate(certs[i]);
|
||||
}
|
||||
catch (e) {
|
||||
gParams.SetString(i+1, "");
|
||||
}
|
||||
certs[i] = null;
|
||||
}
|
||||
}
|
||||
gParams.SetInt(1, 1); // means OK
|
||||
window.close();
|
||||
}
|
||||
|
||||
function doCancel()
|
||||
{
|
||||
var numberOfCerts = gParams.GetInt(0);
|
||||
for(var x=0; x<numberOfCerts;x++)
|
||||
{
|
||||
gParams.SetString(x+1, "");
|
||||
}
|
||||
gParams.SetInt(1, 0); // means CANCEL
|
||||
window.close();
|
||||
}
|
||||
|
||||
|
|
|
@ -53,7 +53,7 @@
|
|||
<button id="ok-button" label="&certmgr.ok.label;"
|
||||
oncommand="doOK();"/>
|
||||
<button id="cancel-button" label="&certmgr.cancel.label;"
|
||||
oncommand="window.close();"/>
|
||||
oncommand="doCancel();"/>
|
||||
<button id="help-button" label="&certmgr.help.label;"
|
||||
oncommand="doHelp();"/>
|
||||
</hbox>
|
||||
|
|
|
@ -43,7 +43,8 @@ interface nsICertTree : nsITreeView {
|
|||
void loadCerts(in unsigned long type);
|
||||
|
||||
nsIX509Cert getCert(in unsigned long index);
|
||||
|
||||
|
||||
void removeCert(in PRUint32 index);
|
||||
};
|
||||
|
||||
%{C++
|
||||
|
|
|
@ -78,12 +78,17 @@ nsCertTree::FreeCertArray()
|
|||
if (mCertArray) {
|
||||
PRUint32 count;
|
||||
nsresult rv = mCertArray->Count(&count);
|
||||
NS_ASSERTION(NS_SUCCEEDED(rv), "Count failed");
|
||||
if (NS_FAILED(rv))
|
||||
{
|
||||
NS_ASSERTION(0, "Count failed");
|
||||
return;
|
||||
}
|
||||
PRInt32 i;
|
||||
for (i = count - 1; i >= 0; i--)
|
||||
{
|
||||
mCertArray->RemoveElementAt(i);
|
||||
}
|
||||
}
|
||||
mCertArray = nsnull;
|
||||
}
|
||||
|
||||
// CmpByToken
|
||||
|
@ -248,14 +253,10 @@ NS_IMETHODIMP
|
|||
nsCertTree::LoadCerts(PRUint32 aType)
|
||||
{
|
||||
nsresult rv;
|
||||
PRBool rowsChanged = PR_FALSE;
|
||||
PRInt32 numChanged = 0;
|
||||
if (mTreeArray) {
|
||||
FreeCertArray();
|
||||
nsMemory::Free(mTreeArray);
|
||||
mTreeArray = NULL;
|
||||
rowsChanged = PR_TRUE;
|
||||
numChanged = mNumRows;
|
||||
mNumRows = 0;
|
||||
}
|
||||
nsCOMPtr<nsIX509CertDB> certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
|
||||
|
@ -264,8 +265,14 @@ nsCertTree::LoadCerts(PRUint32 aType)
|
|||
CmpByTok_IssuerOrg_Name,
|
||||
getter_AddRefs(mCertArray));
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
return UpdateUIContents();
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsCertTree::UpdateUIContents()
|
||||
{
|
||||
PRUint32 count;
|
||||
rv = mCertArray->Count(&count);
|
||||
nsresult rv = mCertArray->Count(&count);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
mNumOrgs = CountOrganizations();
|
||||
mTreeArray = (treeArrayEl *)nsMemory::Alloc(
|
||||
|
@ -290,14 +297,42 @@ nsCertTree::LoadCerts(PRUint32 aType)
|
|||
orgCert = nextCert;
|
||||
}
|
||||
mNumRows = count + mNumOrgs;
|
||||
if (rowsChanged) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("[%d,%d]", mNumRows, numChanged));
|
||||
numChanged = mNumRows - numChanged;
|
||||
if (mTree) mTree->RowCountChanged(0, numChanged);
|
||||
}
|
||||
if (mTree)
|
||||
mTree->Invalidate();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertTree::RemoveCert(PRUint32 index)
|
||||
{
|
||||
if (!mCertArray || !mTreeArray || index < 0) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
int i, idx = 0, cIndex = 0, nc;
|
||||
nsIX509Cert *rawPtr = nsnull;
|
||||
// Loop over the threads
|
||||
for (i=0; i<mNumOrgs; i++) {
|
||||
if (index == idx)
|
||||
return NS_OK; // index is for thread
|
||||
idx++; // get past the thread
|
||||
nc = (mTreeArray[i].open) ? mTreeArray[i].numChildren : 0;
|
||||
if (index < idx + nc) { // cert is within range of this thread
|
||||
PRInt32 certIndex = cIndex + index - idx;
|
||||
mCertArray->RemoveElementAt(certIndex);
|
||||
nsMemory::Free(mTreeArray);
|
||||
mTreeArray = NULL;
|
||||
return UpdateUIContents();
|
||||
}
|
||||
if (mTreeArray[i].open)
|
||||
idx += mTreeArray[i].numChildren;
|
||||
cIndex += mTreeArray[i].numChildren;
|
||||
if (idx > index)
|
||||
break;
|
||||
}
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Begin nsITreeView methods
|
||||
|
|
|
@ -75,6 +75,7 @@ private:
|
|||
nsIX509Cert *GetCertAtIndex(PRInt32 _index);
|
||||
|
||||
void FreeCertArray();
|
||||
nsresult UpdateUIContents();
|
||||
|
||||
#ifdef DEBUG_CERT_TREE
|
||||
/* for debugging purposes */
|
||||
|
|
|
@ -683,6 +683,7 @@ nsNSSCertificate::~nsNSSCertificate()
|
|||
if (mCertType == nsNSSCertificate::USER_CERT) {
|
||||
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
|
||||
PK11_DeleteTokenCertAndKey(mCert, cxt);
|
||||
CERT_DestroyCertificate(mCert);
|
||||
} else
|
||||
#ifdef NSS_3_4
|
||||
if (!PK11_IsReadOnly(mCert->slot))
|
||||
|
@ -718,6 +719,16 @@ nsNSSCertificate::GetCertType(PRUint32 *aCertType)
|
|||
nsresult
|
||||
nsNSSCertificate::MarkForPermDeletion()
|
||||
{
|
||||
// make sure user is logged in to the token
|
||||
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
|
||||
if (!PK11_IsLoggedIn(mCert->slot, ctx))
|
||||
{
|
||||
if (SECSuccess != PK11_Authenticate(mCert->slot, PR_TRUE, ctx))
|
||||
{
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
mPermDelete = PR_TRUE;
|
||||
return NS_OK;
|
||||
}
|
||||
|
@ -3477,7 +3488,10 @@ nsNSSCertificateDB::DeleteCertificate(nsIX509Cert *aCert)
|
|||
|
||||
PRUint32 certType = getCertType(cert);
|
||||
nssCert->SetCertType(certType);
|
||||
nssCert->MarkForPermDeletion();
|
||||
if (NS_FAILED(nssCert->MarkForPermDeletion()))
|
||||
{
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
if (cert->slot && certType != nsIX509Cert::USER_CERT) {
|
||||
// To delete a cert of a slot (builtin, most likely), mark it as
|
||||
|
|
Загрузка…
Ссылка в новой задаче