mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

b=168448 PSM embedding freeze/ step 1/ move stuff & change data types 

r=javi sr=alecf
This commit is contained in:
kaie%netscape.com 2002-09-17 18:51:22 +00:00
Родитель 5a2aa3aa54
Коммит 31db9b541b
108 изменённых файлов: 7254 добавлений и 4331 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
mailnews/extensions/smime/resources/content/certFetchingStatus.js
Просмотреть файл

@ -123,7 +123,7 @@ function importCert(ber_value)
var cert_bytes = ber_value.get(cert_length);
if (cert_bytes) {
gCertDB.importEmailCertificate2(cert_length.value, cert_bytes);
gCertDB.importEmailCertificate(cert_bytes, cert_length.value, null);
}
}

9
mailnews/extensions/smime/resources/content/msgCompSecurityInfo.js
Просмотреть файл

@ -48,6 +48,8 @@ var gCount;
var gSMimeContractID = "@mozilla.org/messenger-smime/smimejshelper;1";
var gISMimeJSHelper = Components.interfaces.nsISMimeJSHelper;
var gIX509Cert = Components.interfaces.nsIX509Cert;
const nsICertificateDialogs = Components.interfaces.nsICertificateDialogs;
const nsCertificateDialogs = "@mozilla.org/nsCertificateDialogs;1"
function getStatusExplanation(value)
{
@ -257,6 +259,11 @@ function onSelectionChange(event)
}
}
function viewCertHelper(parent, cert) {
var cd = Components.classes[nsCertificateDialogs].getService(nsICertificateDialogs);
cd->viewCert(parent, cert);
}
function viewSelectedCert()
{
if (gListBox.selectedItems.length > 0)
@ -265,7 +272,7 @@ function viewSelectedCert()
var cert = gCerts.value[selected];
if (cert)
{
cert.view();
viewCertHelper(cert);
}
}
}

11
mailnews/extensions/smime/resources/content/msgReadSecurityInfo.js
Просмотреть файл

@ -39,6 +39,8 @@ const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
const nsIX509Cert = Components.interfaces.nsIX509Cert;
const nsICMSMessageErrors = Components.interfaces.nsICMSMessageErrors;
const nsICertificateDialogs = Components.interfaces.nsICertificateDialogs;
const nsCertificateDialogs = "@mozilla.org/nsCertificateDialogs;1"
var gSignerCert = null;
var gEncryptionCert = null;
@ -231,17 +233,22 @@ function onLoad()
}
}
function viewCertHelper(parent, cert) {
var cd = Components.classes[nsCertificateDialogs].getService(nsICertificateDialogs);
cd->viewCert(parent, cert);
}
function viewSignatureCert()
{
if (gSignerCert) {
gSignerCert.view();
viewCertHelper(gSignerCert);
}
}
function viewEncryptionCert()
{
if (gEncryptionCert) {
gEncryptionCert.view();
viewCertHelper(gEncryptionCert);
}
}

7
mailnews/extensions/smime/src/nsMsgComposeSecure.cpp
Просмотреть файл

@ -25,8 +25,8 @@
#include "nsMsgComposeSecure.h"
#include "nspr.h"
#include "nsCOMPtr.h"
#include "nsICMS.h"
#include "nsIX509Cert.h"
#include "nsISMimeCert.h"
#include "nsIMimeConverter.h"
#include "nsMimeStringResources.h"
#include "nsMimeTypes.h"
@ -915,7 +915,10 @@ nsresult nsMsgComposeSecure::MimeCryptoHackCerts(const char *aRecipients,
// Make sure self's configured cert is prepared for being used
// as an email recipient cert.
mSelfEncryptionCert->SaveSMimeProfile();
nsCOMPtr<nsISMimeCert> sc = do_QueryInterface(mSelfEncryptionCert);
if (sc) {
sc->SaveSMimeProfile();
}
}
/* If the message is to be encrypted, then get the recipient certs */

4
mailnews/extensions/smime/src/nsMsgComposeSecure.h
Просмотреть файл

@ -25,10 +25,12 @@
#include "nsIMsgComposeSecure.h"
#include "nsIMsgSMIMECompFields.h"
#include "nsCOMPtr.h"
#include "nsICMS.h"
#include "nsICMSEncoder.h"
#include "nsIX509Cert.h"
#include "nsIMimeConverter.h"
#include "nsIStringBundle.h"
#include "nsIHash.h"
#include "nsICMSMessage.h"
class nsIMsgCompFields;

4
mailnews/mime/src/mimecms.cpp
Просмотреть файл

@ -35,7 +35,9 @@
*
* ***** END LICENSE BLOCK ***** */
#include "nsICMS.h"
#include "nsICMSMessage.h"
#include "nsICMSMessageErrors.h"
#include "nsICMSDecoder.h"
#include "mimecms.h"
#include "mimemsig.h"
#include "nsCRT.h"

3
mailnews/mime/src/mimecms.h
Просмотреть файл

@ -39,7 +39,8 @@
#define _MIMECMS_H_
#include "mimecryp.h"
#include "nsICMS.h"
class nsICMSMessage;
/* The MimeEncryptedCMS class implements a type of MIME object where the
object is passed through a CMS decryption engine to decrypt or verify

4
mailnews/mime/src/mimemcms.cpp
Просмотреть файл

@ -35,6 +35,10 @@
*
* ***** END LICENSE BLOCK ***** */
#include "nsICMSMessage.h"
#include "nsICMSMessageErrors.h"
#include "nsICMSDecoder.h"
#include "nsIHash.h"
#include "mimemcms.h"
#include "mimecryp.h"
#include "nsMimeTypes.h"

3
mailnews/mime/src/mimemcms.h
Просмотреть файл

@ -38,9 +38,10 @@
#ifndef _MIMEMPKC_H_
#define _MIMEMPKC_H_
#include "nsICMS.h"
#include "mimemsig.h"
class nsICMSMessage;
/* The MimeMultipartSignedCMS class implements a multipart/signed MIME
container with protocol=application/x-CMS-signature, which passes the
signed object through CMS code to verify the signature. See mimemsig.h

11
security/manager/boot/public/nsISecurityWarningDialogs.idl
Просмотреть файл

@ -39,22 +39,22 @@ interface nsISecurityWarningDialogs : nsISupports
/**
* alertEnteringSecure
*/
void alertEnteringSecure(in nsIInterfaceRequestor ctx);
boolean alertEnteringSecure(in nsIInterfaceRequestor ctx);
/**
* alertEnteringWeak
*/
void alertEnteringWeak(in nsIInterfaceRequestor ctx);
boolean alertEnteringWeak(in nsIInterfaceRequestor ctx);
/**
* alertLeavingSecure
*/
void alertLeavingSecure(in nsIInterfaceRequestor ctx);
boolean alertLeavingSecure(in nsIInterfaceRequestor ctx);
/**
* alertMixedMode
*/
void alertMixedMode(in nsIInterfaceRequestor ctx);
boolean alertMixedMode(in nsIInterfaceRequestor ctx);
/**
* confirmPostToInsecure
@ -67,3 +67,6 @@ interface nsISecurityWarningDialogs : nsISupports
boolean confirmPostToInsecureFromSecure(in nsIInterfaceRequestor ctx);
};
%{C++
#define NS_SECURITYWARNINGDIALOGS_CONTRACTID "@mozilla.org/nsSecurityWarningDialogs;1"
%}

15
security/manager/boot/src/nsSecureBrowserUIImpl.cpp
Просмотреть файл

@ -66,7 +66,6 @@
#include "nsIFormSubmitObserver.h"
#include "nsISecurityWarningDialogs.h"
#include "nsIProxyObjectManager.h"
#include "nsINSSDialogs.h"
#include "nsCRT.h"
#define SECURITY_STRING_BUNDLE_URL "chrome://communicator/locale/security.properties"
@ -1287,7 +1286,7 @@ nsresult nsSecureBrowserUIImpl::
GetNSSDialogs(nsISecurityWarningDialogs **result)
{
nsresult rv;
nsCOMPtr<nsISecurityWarningDialogs> my_result(do_GetService(NS_NSSDIALOGS_CONTRACTID, &rv));
nsCOMPtr<nsISecurityWarningDialogs> my_result(do_GetService(NS_SECURITYWARNINGDIALOGS_CONTRACTID, &rv));
if (NS_FAILED(rv))
return rv;
@ -1319,7 +1318,8 @@ AlertEnteringSecure()
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
dialogs->AlertEnteringSecure(ctx);
PRBool canceled;
dialogs->AlertEnteringSecure(ctx, &canceled);
return;
}
@ -1334,7 +1334,8 @@ AlertEnteringWeak()
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
dialogs->AlertEnteringWeak(ctx);
PRBool canceled;
dialogs->AlertEnteringWeak(ctx, &canceled);
return;
}
@ -1349,7 +1350,8 @@ AlertLeavingSecure()
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
dialogs->AlertLeavingSecure(ctx);
PRBool canceled;
dialogs->AlertLeavingSecure(ctx, &canceled);
return;
}
@ -1364,7 +1366,8 @@ AlertMixedMode()
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
dialogs->AlertMixedMode(ctx);
PRBool canceled;
dialogs->AlertMixedMode(ctx, &canceled);
return;
}

40
security/manager/pki/macbuild/PIPPKI.xml
Просмотреть файл

@ -997,6 +997,15 @@
</VALUE></PANELDATA>
</SETTINGLIST>
<FILELIST>
<FILE>
<PATHTYPE>PathRelative</PATHTYPE>
<PATHROOT>Project</PATHROOT>
<ACCESSPATH>::src:</ACCESSPATH>
<PATH>:nsNSSDialogHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>PathRelative</PATHTYPE>
<PATHROOT>Project</PATHROOT>
@ -1098,6 +1107,13 @@
</FILE>
</FILELIST>
<LINKORDER>
<FILEREF>
<PATHTYPE>PathRelative</PATHTYPE>
<PATHROOT>Project</PATHROOT>
<ACCESSPATH>::src:</ACCESSPATH>
<PATH>:nsNSSDialogHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>PathRelative</PATHTYPE>
<PATHROOT>Project</PATHROOT>
@ -2121,6 +2137,15 @@
</VALUE></PANELDATA>
</SETTINGLIST>
<FILELIST>
<FILE>
<PATHTYPE>PathRelative</PATHTYPE>
<PATHROOT>Project</PATHROOT>
<ACCESSPATH>::src:</ACCESSPATH>
<PATH>:nsNSSDialogHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>PathRelative</PATHTYPE>
<PATHROOT>Project</PATHROOT>
@ -2222,6 +2247,13 @@
</FILE>
</FILELIST>
<LINKORDER>
<FILEREF>
<PATHTYPE>PathRelative</PATHTYPE>
<PATHROOT>Project</PATHROOT>
<ACCESSPATH>::src:</ACCESSPATH>
<PATH>:nsNSSDialogHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>PathRelative</PATHTYPE>
<PATHROOT>Project</PATHROOT>
@ -2310,6 +2342,14 @@
<GROUPLIST>
<GROUP><NAME>src</NAME>
<FILEREF>
<TARGETNAME>PIPPKIDebug.shlb</TARGETNAME>
<PATHTYPE>PathRelative</PATHTYPE>
<PATHROOT>Project</PATHROOT>
<ACCESSPATH>::src:</ACCESSPATH>
<PATH>:nsNSSDialogHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPPKIDebug.shlb</TARGETNAME>
<PATHTYPE>PathRelative</PATHTYPE>

2
security/manager/pki/resources/content/PageInfoOverlay.xul
Просмотреть файл

@ -35,7 +35,7 @@
// Display the server certificate (static)
viewCert : function () {
var cert = security._cert;
if (cert) cert.view();
viewCertHelper(window, cert);
},
_getSecurityInfo : function() {

2
security/manager/pki/resources/content/certManager.js
Просмотреть файл

@ -409,7 +409,7 @@ function viewCerts()
return;
for (var t=0; t<numcerts; t++) {
selected_certs[t].view();
viewCertHelper(window, selected_certs[t]);
}
}

1
security/manager/pki/resources/content/certManager.xul
Просмотреть файл

@ -39,6 +39,7 @@
<script type="application/x-javascript" src="chrome://help/content/contextHelp.js"/>
<script type="application/x-javascript" src="chrome://global/content/strres.js"/>
<script type="application/x-javascript" src="chrome://global/content/pippki.js"/>
<script type="application/x-javascript" src="chrome://pippki/content/certManager.js"/>
<vbox flex="1">

4
security/manager/pki/resources/content/crlImportDialog.js
Просмотреть файл

@ -23,7 +23,7 @@
const nsPKIParamBlock = "@mozilla.org/security/pkiparamblock;1";
const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
const nsIX509Cert = Components.interfaces.nsIX509Cert;
const nsICrlEntry = Components.interfaces.nsICrlEntry;
const nsICRLInfo = Components.interfaces.nsICRLInfo;
const nsIPref = Components.interfaces.nsIPref;
var pkiParams;
@ -36,7 +36,7 @@ function onLoad()
pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);
isupport = pkiParams.getISupportAtIndex(1);
if (isupport) {
crl = isupport.QueryInterface(nsICrlEntry);
crl = isupport.QueryInterface(nsICRLInfo);
}
var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
var yesButton = bundle.GetStringFromName("yesButton");

27
security/manager/pki/resources/content/crlManager.js
Просмотреть файл

@ -20,15 +20,15 @@
* David Drinan <ddrinan@netscape.com>
*/
const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
const nsICrlEntry = Components.interfaces.nsICrlEntry;
const nsICRLManager = Components.interfaces.nsICRLManager;
const nsCRLManager = "@mozilla.org/security/crlmanager;1";
const nsICRLInfo = Components.interfaces.nsICRLInfo;
const nsISupportsArray = Components.interfaces.nsISupportsArray;
const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
const nsPKIParamBlock = "@mozilla.org/security/pkiparamblock;1";
const nsIPref = Components.interfaces.nsIPref;
var certdb;
var crlManager;
var crls;
var prefs;
@ -46,15 +46,15 @@ function onLoad()
var crlEntry;
var i;
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
crlManager = Components.classes[nsCRLManager].getService(nsICRLManager);
prefs = Components.classes["@mozilla.org/preferences;1"].getService(nsIPref);
crls = certdb.getCrls();
crls = crlManager.getCrls();
var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
var autoupdateEnabledString;
var autoupdateErrCntString;
for (i=0; i<crls.Count(); i++) {
crlEntry = crls.GetElementAt(i).QueryInterface(nsICrlEntry);
crlEntry = crls.QueryElementAt(i, nsICRLInfo);
var org = crlEntry.org;
var orgUnit = crlEntry.orgUnit;
var lastUpdate = crlEntry.lastUpdateLocale;
@ -108,7 +108,7 @@ function DeleteCrlSelected() {
if(i<0){
return;
}
crlEntry = crls.GetElementAt(i).QueryInterface(nsICrlEntry);
crlEntry = crls.QueryElementAt(i, nsICRLInfo);
var autoupdateEnabled = false;
var autoupdateParamAvailable = false;
@ -139,11 +139,11 @@ function DeleteCrlSelected() {
}
if(autoupdateEnabled){
certdb.rescheduleCRLAutoUpdate();
crlManager.rescheduleCRLAutoUpdate();
}
// Now, try to delete it
certdb.deleteCrl(i);
crlManager.deleteCrl(i);
DeleteItemSelected("crltree", "crltree_", "crlList");
//To do: If delete fails, we should be able to retrieve the deleted
//settings
@ -203,7 +203,7 @@ function EditAutoUpdatePrefs() {
if(i<0){
return;
}
crlEntry = crls.GetElementAt(i).QueryInterface(nsICrlEntry);
crlEntry = crls.QueryElementAt(i, nsICRLInfo);
var params = Components.classes[nsPKIParamBlock].createInstance(nsIPKIParamBlock);
params.setISupportAtIndex(1, crlEntry);
window.openDialog("chrome://pippki/content/pref-crlupdate.xul","",
@ -212,11 +212,12 @@ function EditAutoUpdatePrefs() {
function UpdateCRL()
{
var crlEntry;
var crltree = document.getElementById("crltree");
var i = crltree.currentIndex;
if(i<0){
return;
}
crlEntry = crls.GetElementAt(i).QueryInterface(nsICrlEntry);
certdb.updateCRLFromURL(crlEntry.lastFetchURL, crlEntry.nameInDb);
crlEntry = crls.QueryElementAt(i, nsICRLInfo);
crlManager.updateCRLFromURL(crlEntry.lastFetchURL, crlEntry.nameInDb);
}

2
security/manager/pki/resources/content/domainMismatch.js
Просмотреть файл

@ -55,7 +55,7 @@ function onLoad()
function viewCert()
{
cert.view();
viewCertHelper(window, cert);
}
function doOK()

2
security/manager/pki/resources/content/downloadcert.js
Просмотреть файл

@ -53,7 +53,7 @@ function onLoad()
function viewCert()
{
cert.view();
viewCertHelper(window, cert);
}
function doOK()

2
security/manager/pki/resources/content/escrowWarn.js
Просмотреть файл

@ -62,5 +62,5 @@ function doCancel()
function viewCert()
{
cert.view();
viewCertHelper(window, cert);
}

2
security/manager/pki/resources/content/newserver.js
Просмотреть файл

@ -89,5 +89,5 @@ function doCancel()
function viewCert()
{
cert.view();
viewCertHelper(window, cert);
}

10
security/manager/pki/resources/content/pippki.js
Просмотреть файл

@ -35,3 +35,13 @@ function setText(id, value) {
element.appendChild(textNode);
}
const nsICertificateDialogs = Components.interfaces.nsICertificateDialogs;
const nsCertificateDialogs = "@mozilla.org/nsCertificateDialogs;1"
function viewCertHelper(parent, cert) {
if (!cert)
return;
var cd = Components.classes[nsCertificateDialogs].getService(nsICertificateDialogs);
cd.viewCert(parent, cert);
}

21
security/manager/pki/resources/content/pref-crlupdate.js
Просмотреть файл

@ -20,11 +20,10 @@
* Rangan Sen <rangansen@netscape.com>
*/
const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
const nsICRLManager = Components.interfaces.nsICRLManager;
const nsCRLManager = "@mozilla.org/security/crlmanager;1";
const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
const nsIX509Cert = Components.interfaces.nsIX509Cert;
const nsICrlEntry = Components.interfaces.nsICrlEntry;
const nsICRLInfo = Components.interfaces.nsICRLInfo;
const nsIPref = Components.interfaces.nsIPref;
var crl;
@ -34,7 +33,7 @@ var updateTypeRadio;
var enabledCheckBox;
var timeBasedRadio;
var freqBasedRadio;
var certdb;
var crlManager;
var autoupdateEnabledString = "security.crl.autoupdate.enable.";
var autoupdateTimeTypeString = "security.crl.autoupdate.timingType.";
@ -47,10 +46,10 @@ var autoupdateFreqCntString = "security.crl.autoupdate.freqCnt.";
function onLoad()
{
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
crlManager = Components.classes[nsCRLManager].getService(nsICRLManager);
var pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);
var isupport = pkiParams.getISupportAtIndex(1);
crl = isupport.QueryInterface(nsICrlEntry);
crl = isupport.QueryInterface(nsICRLInfo);
autoupdateEnabledString = autoupdateEnabledString + crl.nameInDb;
autoupdateTimeTypeString = autoupdateTimeTypeString + crl.nameInDb;
@ -217,13 +216,13 @@ function onAccept()
var updateTime;
var dayCnt = (document.getElementById("nextUpdateDay")).value;
var freqCnt = (document.getElementById("nextUpdateFreq")).value;
if(timingTypeId == "timeBasedRadio"){
prefs.SetIntPref(autoupdateTimeTypeString,crl.TYPE_AUTOUPDATE_TIME_BASED);
updateTime = crl.ComputeNextAutoUpdateTime(crl.TYPE_AUTOUPDATE_TIME_BASED, dayCnt);
updateTime = crlManager.computeNextAutoUpdateTime(crl, crl.TYPE_AUTOUPDATE_TIME_BASED, dayCnt);
} else {
prefs.SetIntPref(autoupdateTimeTypeString,crl.TYPE_AUTOUPDATE_FREQ_BASED);
updateTime = crl.ComputeNextAutoUpdateTime(crl.TYPE_AUTOUPDATE_FREQ_BASED, freqCnt);
updateTime = crlManager.computeNextAutoUpdateTime(crl, crl.TYPE_AUTOUPDATE_FREQ_BASED, freqCnt);
}
//alert(updateTime);
@ -234,7 +233,7 @@ function onAccept()
//Save Now
prefs.savePrefFile(null);
certdb.rescheduleCRLAutoUpdate();
crlManager.rescheduleCRLAutoUpdate();
//Close dialog by returning true
return true;
}

2
security/manager/pki/resources/content/serverCertExpired.js
Просмотреть файл

@ -69,5 +69,5 @@ function viewCert()
var isupport = pkiParams.getISupportAtIndex(1);
cert = isupport.QueryInterface(nsIX509Cert);
}
cert.view();
viewCertHelper(window, cert);
}

5
security/manager/pki/src/Makefile.in
Просмотреть файл

@ -52,7 +52,8 @@ CPPSRCS = \
nsNSSDialogs.cpp \
nsPKIModule.cpp \
nsPKIParamBlock.cpp \
nsASN1Tree.cpp \
nsASN1Tree.cpp \
nsNSSDialogHelper.cpp \
$(NULL)
REQUIRES = nspr \
@ -66,7 +67,7 @@ REQUIRES = nspr \
necko \
pipnss \
layout \
pipboot \
pipboot \
$(NULL)
include $(topsrcdir)/config/rules.mk

2
security/manager/pki/src/nsASN1Tree.h
Просмотреть файл

@ -37,6 +37,8 @@
#include "nscore.h"
#include "nsIX509Cert.h"
#include "nsIASN1Tree.h"
#include "nsIASN1Object.h"
#include "nsIASN1Sequence.h"
#include "nsITreeView.h"
#include "nsITreeBoxObject.h"
#include "nsITreeSelection.h"

67
security/manager/pki/src/nsNSSDialogHelper.cpp Normal file
Просмотреть файл

@ -0,0 +1,67 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Terry Hayes <thayes@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*/
#include "nsNSSDialogHelper.h"
#include "nsIWindowWatcher.h"
#include "nsCOMPtr.h"
#include "nsIComponentManager.h"
#include "nsIServiceManager.h"
#include "nsIInterfaceRequestor.h"
#include "nsIInterfaceRequestorUtils.h"
const char* nsNSSDialogHelper::kDefaultOpenWindowParam = "centerscreen,chrome,modal,titlebar";
nsresult
nsNSSDialogHelper::openDialog(
nsIDOMWindowInternal *window,
const char *url,
nsISupports *params)
{
nsresult rv;
nsCOMPtr<nsIWindowWatcher> windowWatcher =
do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv);
if (NS_FAILED(rv)) return rv;
nsIDOMWindowInternal *parent = window;
nsCOMPtr<nsIDOMWindowInternal> activeParent;
if (!parent) {
nsCOMPtr<nsIDOMWindow> active;
windowWatcher->GetActiveWindow(getter_AddRefs(active));
if (active) {
active->QueryInterface(NS_GET_IID(nsIDOMWindowInternal), getter_AddRefs(activeParent));
parent = activeParent;
}
}
nsCOMPtr<nsIDOMWindow> newWindow;
rv = windowWatcher->OpenWindow(parent,
url,
"_blank",
nsNSSDialogHelper::kDefaultOpenWindowParam,
params,
getter_AddRefs(newWindow));
return rv;
}

44
security/manager/pki/src/nsNSSDialogHelper.h Normal file
Просмотреть файл

@ -0,0 +1,44 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Terry Hayes <thayes@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*/
#include "nsIDOMWindowInternal.h"
/**
* Common class that uses the window watcher service to open a
* standard dialog, with or without a parent context. The params
* parameter can be an nsISupportsArray so any number of additional
* arguments can be used.
*/
class nsNSSDialogHelper
{
public:
const static char *kDefaultOpenWindowParam;
//The params is going to be either a nsIPKIParamBlock or
//nsIDialogParamBlock
static nsresult openDialog(
nsIDOMWindowInternal *window,
const char *url,
nsISupports *params);
};

116
security/manager/pki/src/nsNSSDialogs.cpp
Просмотреть файл

@ -43,11 +43,13 @@
#include "nsILocaleService.h"
#include "nsIDateTimeFormat.h"
#include "nsDateTimeFormatCID.h"
#include "nsIWindowWatcher.h"
#include "nsNSSDialogs.h"
#include "nsPKIParamBlock.h"
#include "nsIKeygenThread.h"
#include "nsNSSDialogHelper.h"
#include "nsIX509CertValidity.h"
#include "nsICRLInfo.h"
#define PIPSTRING_BUNDLE_URL "chrome://pippki/locale/pippki.properties"
#define STRING_BUNDLE_URL "chrome://communicator/locale/security.properties"
@ -62,59 +64,6 @@ static NS_DEFINE_CID(kCStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
static NS_DEFINE_CID(kDateTimeFormatCID, NS_DATETIMEFORMAT_CID);
/**
* Common class that uses the window watcher service to open a
* standard dialog, with or without a parent context. The params
* parameter can be an nsISupportsArray so any number of additional
* arguments can be used.
*/
class nsNSSDialogHelper
{
public:
const static char *kDefaultOpenWindowParam;
//The params is going to be either a nsIPKIParamBlock or
//nsIDialogParamBlock
static nsresult openDialog(
nsIDOMWindowInternal *window,
const char *url,
nsISupports *params);
};
const char* nsNSSDialogHelper::kDefaultOpenWindowParam = "centerscreen,chrome,modal,titlebar";
nsresult
nsNSSDialogHelper::openDialog(
nsIDOMWindowInternal *window,
const char *url,
nsISupports *params)
{
nsresult rv;
nsCOMPtr<nsIWindowWatcher> windowWatcher =
do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv);
if (NS_FAILED(rv)) return rv;
nsIDOMWindowInternal *parent = window;
nsCOMPtr<nsIDOMWindowInternal> activeParent;
if (!parent) {
nsCOMPtr<nsIDOMWindow> active;
windowWatcher->GetActiveWindow(getter_AddRefs(active));
if (active) {
active->QueryInterface(NS_GET_IID(nsIDOMWindowInternal), getter_AddRefs(activeParent));
parent = activeParent;
}
}
nsCOMPtr<nsIDOMWindow> newWindow;
rv = windowWatcher->OpenWindow(parent,
url,
"_blank",
nsNSSDialogHelper::kDefaultOpenWindowParam,
params,
getter_AddRefs(newWindow));
return rv;
}
/* ==== */
static NS_DEFINE_CID(kPKIParamBlockCID, NS_PKIPARAMBLOCK_CID);
@ -127,16 +76,15 @@ nsNSSDialogs::~nsNSSDialogs()
{
}
NS_IMPL_THREADSAFE_ISUPPORTS10(nsNSSDialogs, nsINSSDialogs,
nsITokenPasswordDialogs,
nsISecurityWarningDialogs,
nsIBadCertListener,
nsICertificateDialogs,
nsIClientAuthDialogs,
nsICertPickDialogs,
nsITokenDialogs,
nsIDOMCryptoDialogs,
nsIGeneratingKeypairInfoDialogs);
NS_IMPL_THREADSAFE_ISUPPORTS9(nsNSSDialogs, nsITokenPasswordDialogs,
nsISecurityWarningDialogs,
nsIBadCertListener,
nsICertificateDialogs,
nsIClientAuthDialogs,
nsICertPickDialogs,
nsITokenDialogs,
nsIDOMCryptoDialogs,
nsIGeneratingKeypairInfoDialogs);
nsresult
nsNSSDialogs::Init()
@ -224,10 +172,8 @@ nsNSSDialogs::GetPassword(nsIInterfaceRequestor *ctx,
return rv;
}
/* boolean unknownIssuer (in nsITransportSecurityInfo socketInfo,
in nsIX509Cert cert, out addType); */
NS_IMETHODIMP
nsNSSDialogs::UnknownIssuer(nsITransportSecurityInfo *socketInfo,
nsNSSDialogs::UnknownIssuer(nsIInterfaceRequestor *socketInfo,
nsIX509Cert *cert, PRInt16 *outAddType,
PRBool *_retval)
{
@ -284,12 +230,8 @@ nsNSSDialogs::UnknownIssuer(nsITransportSecurityInfo *socketInfo,
return NS_OK;
}
/* boolean mismatchDomain (in nsITransportSecurityInfo socketInfo,
in wstring targetURL,
in nsIX509Cert cert); */
NS_IMETHODIMP
nsNSSDialogs::MismatchDomain(nsITransportSecurityInfo *socketInfo,
nsNSSDialogs::MismatchDomain(nsIInterfaceRequestor *socketInfo,
const PRUnichar *targetURL,
nsIX509Cert *cert, PRBool *_retval)
{
@ -328,10 +270,8 @@ nsNSSDialogs::MismatchDomain(nsITransportSecurityInfo *socketInfo,
return NS_OK;
}
/* boolean certExpired (in nsITransportSecurityInfo socketInfo,
in nsIX509Cert cert); */
NS_IMETHODIMP
nsNSSDialogs::CertExpired(nsITransportSecurityInfo *socketInfo,
nsNSSDialogs::CertExpired(nsIInterfaceRequestor *socketInfo,
nsIX509Cert *cert, PRBool *_retval)
{
nsresult rv;
@ -422,7 +362,7 @@ nsNSSDialogs::CertExpired(nsITransportSecurityInfo *socketInfo,
}
NS_IMETHODIMP
nsNSSDialogs::CrlNextupdate(nsITransportSecurityInfo *socketInfo,
nsNSSDialogs::CrlNextupdate(nsIInterfaceRequestor *socketInfo,
const PRUnichar * targetURL, nsIX509Cert *cert)
{
nsresult rv;
@ -445,7 +385,7 @@ nsNSSDialogs::CrlNextupdate(nsITransportSecurityInfo *socketInfo,
}
NS_IMETHODIMP
nsNSSDialogs::CrlImportStatusDialog(nsIInterfaceRequestor *ctx, nsICrlEntry *crl)
nsNSSDialogs::CrlImportStatusDialog(nsIInterfaceRequestor *ctx, nsICRLInfo *crl)
{
nsresult rv;
@ -464,7 +404,7 @@ nsNSSDialogs::CrlImportStatusDialog(nsIInterfaceRequestor *ctx, nsICrlEntry *crl
}
nsresult
nsNSSDialogs::AlertEnteringSecure(nsIInterfaceRequestor *ctx)
nsNSSDialogs::AlertEnteringSecure(nsIInterfaceRequestor *ctx, PRBool *canceled)
{
nsresult rv;
@ -472,11 +412,12 @@ nsNSSDialogs::AlertEnteringSecure(nsIInterfaceRequestor *ctx)
NS_LITERAL_STRING("EnterSecureMessage").get(),
NS_LITERAL_STRING("EnterSecureShowAgain").get());
*canceled = PR_FALSE;
return rv;
}
nsresult
nsNSSDialogs::AlertEnteringWeak(nsIInterfaceRequestor *ctx)
nsNSSDialogs::AlertEnteringWeak(nsIInterfaceRequestor *ctx, PRBool *canceled)
{
nsresult rv;
@ -484,11 +425,12 @@ nsNSSDialogs::AlertEnteringWeak(nsIInterfaceRequestor *ctx)
NS_LITERAL_STRING("WeakSecureMessage").get(),
NS_LITERAL_STRING("WeakSecureShowAgain").get());
*canceled = PR_FALSE;
return rv;
}
nsresult
nsNSSDialogs::AlertLeavingSecure(nsIInterfaceRequestor *ctx)
nsNSSDialogs::AlertLeavingSecure(nsIInterfaceRequestor *ctx, PRBool *canceled)
{
nsresult rv;
@ -496,12 +438,13 @@ nsNSSDialogs::AlertLeavingSecure(nsIInterfaceRequestor *ctx)
NS_LITERAL_STRING("LeaveSecureMessage").get(),
NS_LITERAL_STRING("LeaveSecureShowAgain").get());
*canceled = PR_FALSE;
return rv;
}
nsresult
nsNSSDialogs::AlertMixedMode(nsIInterfaceRequestor *ctx)
nsNSSDialogs::AlertMixedMode(nsIInterfaceRequestor *ctx, PRBool *canceled)
{
nsresult rv;
@ -509,6 +452,7 @@ nsNSSDialogs::AlertMixedMode(nsIInterfaceRequestor *ctx)
NS_LITERAL_STRING("MixedContentMessage").get(),
NS_LITERAL_STRING("MixedContentShowAgain").get());
*canceled = PR_FALSE;
return rv;
}
@ -918,7 +862,8 @@ nsNSSDialogs::GetPKCS12FilePassword(nsIInterfaceRequestor *ctx,
/* void viewCert (in nsIX509Cert cert); */
NS_IMETHODIMP
nsNSSDialogs::ViewCert(nsIX509Cert *cert)
nsNSSDialogs::ViewCert(nsIInterfaceRequestor *ctx,
nsIX509Cert *cert)
{
nsresult rv;
@ -930,7 +875,10 @@ nsNSSDialogs::ViewCert(nsIX509Cert *cert)
if (NS_FAILED(rv))
return rv;
rv = nsNSSDialogHelper::openDialog(nsnull,
// Get the parent window for the dialog
nsCOMPtr<nsIDOMWindowInternal> parent = do_GetInterface(ctx);
rv = nsNSSDialogHelper::openDialog(parent,
"chrome://pippki/content/certViewer.xul",
block);
return rv;
@ -1024,3 +972,5 @@ nsNSSDialogs::ConfirmKeyEscrow(nsIX509Cert *escrowAuthority, PRBool *_retval)
}
return rv;
}

13
security/manager/pki/src/nsNSSDialogs.h
Просмотреть файл

@ -24,8 +24,15 @@
#ifndef __NS_NSSDIALOGS_H__
#define __NS_NSSDIALOGS_H__
#include "nsINSSDialogs.h"
#include "nsITokenPasswordDialogs.h"
#include "nsISecurityWarningDialogs.h"
#include "nsIBadCertListener.h"
#include "nsICertificateDialogs.h"
#include "nsIClientAuthDialogs.h"
#include "nsICertPickDialogs.h"
#include "nsITokenDialogs.h"
#include "nsIDOMCryptoDialogs.h"
#include "nsIGeneratingKeypairInfoDialogs.h"
#include "nsCOMPtr.h"
#include "nsIStringBundle.h"
@ -37,8 +44,7 @@
{ 0x93, 0x7e, 0xc4, 0x5f, 0x14, 0xde, 0xf7, 0x78 }}
class nsNSSDialogs
: public nsINSSDialogs,
public nsITokenPasswordDialogs,
: public nsITokenPasswordDialogs,
public nsIBadCertListener,
public nsISecurityWarningDialogs,
public nsICertificateDialogs,
@ -50,7 +56,6 @@ class nsNSSDialogs
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSINSSDIALOGS
NS_DECL_NSITOKENPASSWORDDIALOGS
NS_DECL_NSIBADCERTLISTENER
NS_DECL_NSISECURITYWARNINGDIALOGS

62
security/manager/pki/src/nsPKIModule.cpp
Просмотреть файл

@ -32,12 +32,70 @@ NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSDialogs, Init)
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsPKIParamBlock, Init)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSASN1Tree)
#define NSS_DIALOGS_DESCRIPTION "PSM Dialog Impl"
static const nsModuleComponentInfo components[] =
{
{
"NSS Dialogs",
NSS_DIALOGS_DESCRIPTION,
NS_NSSDIALOGS_CID,
NS_NSSDIALOGS_CONTRACTID,
NS_TOKENPASSWORDSDIALOG_CONTRACTID,
nsNSSDialogsConstructor
},
{
NSS_DIALOGS_DESCRIPTION,
NS_NSSDIALOGS_CID,
NS_SECURITYWARNINGDIALOGS_CONTRACTID,
nsNSSDialogsConstructor
},
{
NSS_DIALOGS_DESCRIPTION,
NS_NSSDIALOGS_CID,
NS_BADCERTLISTENER_CONTRACTID,
nsNSSDialogsConstructor
},
{
NSS_DIALOGS_DESCRIPTION,
NS_NSSDIALOGS_CID,
NS_CERTIFICATEDIALOGS_CONTRACTID,
nsNSSDialogsConstructor
},
{
NSS_DIALOGS_DESCRIPTION,
NS_NSSDIALOGS_CID,
NS_CLIENTAUTHDIALOGS_CONTRACTID,
nsNSSDialogsConstructor
},
{
NSS_DIALOGS_DESCRIPTION,
NS_NSSDIALOGS_CID,
NS_CERTPICKDIALOGS_CONTRACTID,
nsNSSDialogsConstructor
},
{
NSS_DIALOGS_DESCRIPTION,
NS_NSSDIALOGS_CID,
NS_TOKENDIALOGS_CONTRACTID,
nsNSSDialogsConstructor
},
{
NSS_DIALOGS_DESCRIPTION,
NS_NSSDIALOGS_CID,
NS_DOMCRYPTODIALOGS_CONTRACTID,
nsNSSDialogsConstructor
},
{
NSS_DIALOGS_DESCRIPTION,
NS_NSSDIALOGS_CID,
NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID,
nsNSSDialogsConstructor
},

270
security/manager/ssl/macbuild/PIPNSS.xml
Просмотреть файл

@ -977,6 +977,69 @@
</VALUE></PANELDATA>
</SETTINGLIST>
<FILELIST>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCRLInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCRLManager.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertCache.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertificateDB.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertTrust.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertValidity.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsOCSPResponder.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsUsageArrayHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCallbacks.cpp</PATH>
@ -1196,6 +1259,51 @@
</FILE>
</FILELIST>
<LINKORDER>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCRLInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCRLManager.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertCache.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertificateDB.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertTrust.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertValidity.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsOCSPResponder.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsUsageArrayHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCallbacks.cpp</PATH>
@ -2277,6 +2385,69 @@
</VALUE></PANELDATA>
</SETTINGLIST>
<FILELIST>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCRLInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCRLManager.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertCache.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertificateDB.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertTrust.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertValidity.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsOCSPResponder.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsUsageArrayHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCallbacks.cpp</PATH>
@ -2496,6 +2667,51 @@
</FILE>
</FILELIST>
<LINKORDER>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCRLInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCRLManager.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertCache.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertificateDB.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertTrust.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertValidity.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsOCSPResponder.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsUsageArrayHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCallbacks.cpp</PATH>
@ -2818,6 +3034,60 @@
<PATH>nsNSSCertificate.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCRLInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCRLManager.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertCache.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertificateDB.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertTrust.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsNSSCertValidity.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsOCSPResponder.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsUsageArrayHelper.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>

690
security/manager/ssl/macbuild/pipnssIDL.xml
Просмотреть файл

@ -736,7 +736,49 @@
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsINSSDialogs.idl</PATH>
<PATH>nsICertificateDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICertPickDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIClientAuthDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIDOMCryptoDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIGeneratingKeypairInfoDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsITokenDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsITokenPasswordDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
@ -799,14 +841,126 @@
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIUserCertPicker.idl</PATH>
<PATH>nsIASN1Object.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMS.idl</PATH>
<PATH>nsIASN1PrintableItem.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIASN1Sequence.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSDecoder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSEncoder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSMessageErrors.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSMessage.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICRLInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIHash.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsINSSCertCache.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIOCSPResponder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPK11Token.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPKCS11ModuleDB.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPKCS11Module.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIX509CertValidity.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICRLManager.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsISMimeCert.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIUserCertPicker.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
@ -825,7 +979,37 @@
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsINSSDialogs.idl</PATH>
<PATH>nsICertificateDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICertPickDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIClientAuthDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIDOMCryptoDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIGeneratingKeypairInfoDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsITokenDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsITokenPasswordDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
@ -870,12 +1054,92 @@
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIUserCertPicker.idl</PATH>
<PATH>nsIASN1Object.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMS.idl</PATH>
<PATH>nsIASN1PrintableItem.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIASN1Sequence.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSDecoder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSEncoder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSMessageErrors.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSMessage.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICRLInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIHash.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsINSSCertCache.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIOCSPResponder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPK11Token.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPKCS11ModuleDB.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPKCS11Module.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIX509CertValidity.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICRLManager.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsISMimeCert.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIUserCertPicker.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
</LINKORDER>
@ -1563,7 +1827,49 @@
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsINSSDialogs.idl</PATH>
<PATH>nsICertificateDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICertPickDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIClientAuthDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIDOMCryptoDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIGeneratingKeypairInfoDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsITokenDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsITokenPasswordDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
@ -1626,14 +1932,126 @@
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIUserCertPicker.idl</PATH>
<PATH>nsIASN1Object.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMS.idl</PATH>
<PATH>nsIASN1PrintableItem.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIASN1Sequence.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSDecoder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSEncoder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSMessageErrors.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSMessage.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICRLInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIHash.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsINSSCertCache.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIOCSPResponder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPK11Token.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPKCS11ModuleDB.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPKCS11Module.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIX509CertValidity.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICRLManager.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsISMimeCert.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIUserCertPicker.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
@ -1652,7 +2070,37 @@
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsINSSDialogs.idl</PATH>
<PATH>nsICertificateDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICertPickDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIClientAuthDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIDOMCryptoDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIGeneratingKeypairInfoDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsITokenDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsITokenPasswordDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
@ -1697,12 +2145,92 @@
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIUserCertPicker.idl</PATH>
<PATH>nsIASN1Object.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMS.idl</PATH>
<PATH>nsIASN1PrintableItem.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIASN1Sequence.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSDecoder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSEncoder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSMessageErrors.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSMessage.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICRLInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIHash.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsINSSCertCache.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIOCSPResponder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPK11Token.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPKCS11ModuleDB.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPKCS11Module.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIX509CertValidity.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICRLManager.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsISMimeCert.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIUserCertPicker.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
</LINKORDER>
@ -1742,7 +2270,43 @@
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsINSSDialogs.idl</PATH>
<PATH>nsICertificateDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICertPickDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIClientAuthDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIDOMCryptoDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIGeneratingKeypairInfoDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsITokenDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsITokenPasswordDialogs.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
@ -1786,13 +2350,109 @@
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIUserCertPicker.idl</PATH>
<PATH>nsIASN1Object.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMS.idl</PATH>
<PATH>nsIASN1PrintableItem.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIASN1Sequence.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSDecoder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSEncoder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSMessageErrors.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICMSMessage.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICRLInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIHash.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsINSSCertCache.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIOCSPResponder.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPK11Token.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPKCS11ModuleDB.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIPKCS11Module.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIX509CertValidity.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICRLManager.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsISMimeCert.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsIUserCertPicker.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
</GROUPLIST>

26
security/manager/ssl/public/Makefile.in
Просмотреть файл

@ -50,13 +50,35 @@ XPIDLSRCS = \
nsIX509CertDB.idl \
nsIPKCS11Slot.idl \
nsIPK11TokenDB.idl \
nsINSSDialogs.idl \
nsICertificateDialogs.idl \
nsICertPickDialogs.idl \
nsIClientAuthDialogs.idl \
nsIDOMCryptoDialogs.idl \
nsIGeneratingKeypairInfoDialogs.idl \
nsITokenDialogs.idl \
nsITokenPasswordDialogs.idl \
nsISSLStatus.idl \
nsICertTree.idl \
nsIKeygenThread.idl \
nsICMSSecureMessage.idl \
nsICMS.idl \
nsIUserCertPicker.idl \
nsIASN1Object.idl \
nsIASN1PrintableItem.idl \
nsIASN1Sequence.idl \
nsICMSDecoder.idl \
nsICMSEncoder.idl \
nsICMSMessageErrors.idl \
nsICMSMessage.idl \
nsICRLInfo.idl \
nsIHash.idl \
nsINSSCertCache.idl \
nsIOCSPResponder.idl \
nsIPK11Token.idl \
nsIPKCS11ModuleDB.idl \
nsIPKCS11Module.idl \
nsIX509CertValidity.idl \
nsICRLManager.idl \
nsISMimeCert.idl \
$(NULL)
include $(topsrcdir)/config/rules.mk

71
security/manager/ssl/public/nsIASN1Object.idl Normal file
Просмотреть файл

@ -0,0 +1,71 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "nsISupports.idl"
[scriptable, uuid(ba8bf582-1dd1-11b2-898c-f40246bc9a63)]
interface nsIASN1Object : nsISupports {
const unsigned long ASN1_END_CONTENTS = 0;
const unsigned long ASN1_BOOLEAN = 1;
const unsigned long ASN1_INTEGER = 2;
const unsigned long ASN1_BIT_STRING = 3;
const unsigned long ASN1_OCTET_STRING = 4;
const unsigned long ASN1_NULL = 5;
const unsigned long ASN1_OBJECT_ID = 6;
const unsigned long ASN1_ENUMERATED = 10;
const unsigned long ASN1_UTF8_STRING = 12;
const unsigned long ASN1_SEQUENCE = 16;
const unsigned long ASN1_SET = 17;
const unsigned long ASN1_PRINTABLE_STRING = 19;
const unsigned long ASN1_T61_STRING = 20;
const unsigned long ASN1_IA5_STRING = 22;
const unsigned long ASN1_UTC_TIME = 23;
const unsigned long ASN1_GEN_TIME = 24;
const unsigned long ASN1_VISIBLE_STRING = 26;
const unsigned long ASN1_UNIVERSAL_STRING = 28;
const unsigned long ASN1_BMP_STRING = 30;
const unsigned long ASN1_HIGH_TAG_NUMBER = 31;
const unsigned long ASN1_CONTEXT_SPECIFIC = 32;
const unsigned long ASN1_APPLICATION = 33;
const unsigned long ASN1_PRIVATE = 34;
// This will be either one of the const
// values above.
attribute unsigned long type;
attribute unsigned long tag;
attribute wstring displayName;
attribute wstring displayValue;
};

44
security/manager/ssl/public/nsIASN1PrintableItem.idl Normal file
Просмотреть файл

@ -0,0 +1,44 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "nsISupports.idl"
#include "nsIASN1Object.idl"
[scriptable, uuid(114e1142-1dd2-11b2-ac26-b6db19d9184a)]
interface nsIASN1PrintableItem : nsIASN1Object {
[noscript] void setData(in charPtr data, in unsigned long len);
[noscript] void getData(out charPtr data, out unsigned long len);
};

62
security/manager/ssl/public/nsIASN1Sequence.idl Normal file
Просмотреть файл

@ -0,0 +1,62 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "nsISupports.idl"
//
// Overview of how this ASN1 interface is intended to
// work.
//
// First off, the nsIASN1Sequence is any type in ASN1
// that consists of sub-elements (ie SEQUENCE, SET)
// nsIASN1Printable Items are all the other types that
// can be viewed by themselves without interpreting further.
// Examples would include INTEGER, UTF-8 STRING, OID.
// These are not intended to directly reflect the numberous
// types that exist in ASN1, but merely an interface to ease
// producing a tree display the ASN1 structure of any DER
// object.
//
interface nsISupportsArray;
#include "nsIASN1Object.idl"
[scriptable, uuid(b6b957e6-1dd1-11b2-89d7-e30624f50b00)]
interface nsIASN1Sequence : nsIASN1Object {
attribute nsISupportsArray ASN1Objects;
attribute boolean processObjects;
attribute boolean showObjects;
};

14
security/manager/ssl/public/nsIBadCertListener.idl
Просмотреть файл

@ -36,7 +36,7 @@
#include "nsISupports.idl"
interface nsIX509Cert;
interface nsITransportSecurityInfo;
interface nsIInterfaceRequestor;
[scriptable, uuid(86960956-edb0-11d4-998b-00b0d02354a0)]
interface nsIBadCertListener : nsISupports {
@ -44,18 +44,22 @@ interface nsIBadCertListener : nsISupports {
const short UNINIT_ADD_FLAG = -1;
const short ADD_TRUSTED_FOR_SESSION =1;
const short ADD_TRUSTED_PERMANENTLY = 2;
boolean unknownIssuer(in nsITransportSecurityInfo socketInfo,
boolean unknownIssuer(in nsIInterfaceRequestor socketInfo,
in nsIX509Cert cert,
out short certAddType);
boolean mismatchDomain(in nsITransportSecurityInfo socketInfo,
boolean mismatchDomain(in nsIInterfaceRequestor socketInfo,
in wstring targetURL,
in nsIX509Cert cert);
boolean certExpired(in nsITransportSecurityInfo socketInfo,
boolean certExpired(in nsIInterfaceRequestor socketInfo,
in nsIX509Cert cert);
void crlNextupdate(in nsITransportSecurityInfo socketInfo,
void crlNextupdate(in nsIInterfaceRequestor socketInfo,
in wstring targetURL, in nsIX509Cert cert);
};
%{C++
#define NS_BADCERTLISTENER_CONTRACTID "@mozilla.org/nsBadCertListener;1"
%}

61
security/manager/ssl/public/nsICMSDecoder.idl Normal file
Просмотреть файл

@ -0,0 +1,61 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): David Drinan <ddrinan@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
%{ C++
typedef void (*NSSCMSContentCallback)(void *arg, const char *buf, unsigned long len);
#define NS_CMSDECODER_CONTRACTID "@mozilla.org/nsCMSDecoder;1"
%}
native NSSCMSContentCallback(NSSCMSContentCallback);
interface nsICMSMessage;
/**
* nsICMSDecoder
* Interface to decode an CMS message
*/
[uuid(65244a06-a342-11d5-ba47-00108303b117)]
interface nsICMSDecoder : nsISupports
{
void start(in NSSCMSContentCallback cb, in voidPtr arg);
void update(in string aBuf, in long aLen);
void finish(out nsICMSMessage msg);
};

62
security/manager/ssl/public/nsICMSEncoder.idl Normal file
Просмотреть файл

@ -0,0 +1,62 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): David Drinan <ddrinan@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
%{ C++
typedef void (*NSSCMSContentCallback)(void *arg, const char *buf, unsigned long len);
#define NS_CMSENCODER_CONTRACTID "@mozilla.org/nsCMSEncoder;1"
%}
native NSSCMSContentCallback(NSSCMSContentCallback);
interface nsICMSMessage;
/**
* nsICMSEncoder
* Interface to Encode an CMS message
*/
[uuid(a15789aa-8903-462b-81e9-4aa2cff4d5cb)]
interface nsICMSEncoder : nsISupports
{
void start(in nsICMSMessage aMsg, in NSSCMSContentCallback cb, in voidPtr arg);
void update(in string aBuf, in long aLen);
void finish();
void encode(in nsICMSMessage aMsg);
};

67
security/manager/ssl/public/nsICMSMessage.idl Normal file
Просмотреть файл

@ -0,0 +1,67 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): David Drinan <ddrinan@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
%{ C++
#define NS_CMSMESSAGE_CONTRACTID "@mozilla.org/nsCMSMessage;1"
%}
[ptr] native UnsignedCharPtr(unsigned char);
interface nsIX509Cert;
interface nsISupportsArray;
/**
* nsICMSMessage
* Interface to a CMS Message
*/
[uuid(a4557478-ae16-11d5-ba4b-00108303b117)]
interface nsICMSMessage : nsISupports
{
void contentIsSigned(out boolean aSigned);
void contentIsEncrypted(out boolean aEncrypted);
void getSignerCommonName(out string aName);
void getSignerEmailAddress(out string aEmail);
void getSignerCert(out nsIX509Cert scert);
void getEncryptionCert(out nsIX509Cert ecert);
void verifySignature();
void verifyDetachedSignature(in UnsignedCharPtr aDigestData, in unsigned long aDigestDataLen);
void CreateEncrypted(in nsISupportsArray aRecipientCerts);
void CreateSigned(in nsIX509Cert scert, in nsIX509Cert ecert, in UnsignedCharPtr aDigestData, in unsigned long aDigestDataLen);
};

87
security/manager/ssl/public/nsICMS.idl → security/manager/ssl/public/nsICMSMessageErrors.idl
Просмотреть файл

@ -36,57 +36,6 @@
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
interface nsISupportsArray;
interface nsIX509Cert;
%{ C++
typedef void (*NSSCMSContentCallback)(void *arg, const char *buf, unsigned long len);
%}
native NSSCMSContentCallback(NSSCMSContentCallback);
[ptr] native UnsignedCharPtr(unsigned char);
/*
* nsIHash
* Generic hashing interface
*/
[uuid(a31a3028-ae28-11d5-ba4b-00108303b117)]
interface nsIHash : nsISupports
{
const short HASH_AlgNULL = 0;
const short HASH_AlgMD2 = 1;
const short HASH_AlgMD5 = 2;
const short HASH_AlgSHA1 = 3;
const unsigned long MD2_LEN = 16;
const unsigned long MD5_LEN = 16;
const unsigned long SHA1_LEN = 20;
const unsigned long MAX_HASH_LEN = SHA1_LEN;
unsigned long resultLen(in short aAlg);
void create(in short aAlg);
void begin();
void update(in UnsignedCharPtr aBuf, in unsigned long aLen);
void end(in UnsignedCharPtr aHash, out unsigned long aLen, in unsigned long aMaxLen);
};
/**
* nsICMSMessage
* Interface to a CMS Message
*/
[uuid(a4557478-ae16-11d5-ba4b-00108303b117)]
interface nsICMSMessage : nsISupports
{
void contentIsSigned(out boolean aSigned);
void contentIsEncrypted(out boolean aEncrypted);
void getSignerCommonName(out string aName);
void getSignerEmailAddress(out string aEmail);
void getSignerCert(out nsIX509Cert scert);
void getEncryptionCert(out nsIX509Cert ecert);
void verifySignature();
void verifyDetachedSignature(in UnsignedCharPtr aDigestData, in unsigned long aDigestDataLen);
void CreateEncrypted(in nsISupportsArray aRecipientCerts);
void CreateSigned(in nsIX509Cert scert, in nsIX509Cert ecert, in UnsignedCharPtr aDigestData, in unsigned long aDigestDataLen);
};
/**
* nsICMSMessageErrors
@ -115,41 +64,7 @@ interface nsICMSMessageErrors : nsISupports
const long ENCRYPT_NO_BULK_ALG = 1056;
};
/**
* nsICMSDecoder
* Interface to decode an CMS message
*/
[uuid(65244a06-a342-11d5-ba47-00108303b117)]
interface nsICMSDecoder : nsISupports
{
void start(in NSSCMSContentCallback cb, in voidPtr arg);
void update(in string aBuf, in long aLen);
void finish(out nsICMSMessage msg);
};
/**
* nsICMSEncoder
* Interface to Encode an CMS message
*/
[uuid(a15789aa-8903-462b-81e9-4aa2cff4d5cb)]
interface nsICMSEncoder : nsISupports
{
void start(in nsICMSMessage aMsg, in NSSCMSContentCallback cb, in voidPtr arg);
void update(in string aBuf, in long aLen);
void finish();
void encode(in nsICMSMessage aMsg);
};
/**
* NS_CMSMESSAGE_CONTRACTID - contract id of a class that
* implements nsICMSMessage
*/
%{C++
#define NS_CMSDECODER_CONTRACTID "@mozilla.org/nsCMSDecoder;1"
#define NS_CMSENCODER_CONTRACTID "@mozilla.org/nsCMSEncoder;1"
#define NS_CMSMESSAGE_CONTRACTID "@mozilla.org/nsCMSMessage;1"
#define NS_HASH_CONTRACTID "@mozilla.org/nsHash;1"
%{ C++
/**
* CMS specific nsresult error codes
*/

4
security/manager/ssl/public/nsICMSSecureMessage.idl
Просмотреть файл

@ -69,10 +69,6 @@ interface nsICMSSecureMessage : nsISupports
string receiveMessage(in string msg);
};
/**
* NS_CMSMESSAGE_CONTRACTID - contract id of a class that
* implements nsICMSMessage
*/
%{C++
#define NS_CMSSECUREMESSAGE_CONTRACTID "@mozilla.org/nsCMSSecureMessage;1"
%}

49
security/manager/ssl/public/nsICRLInfo.idl Normal file
Просмотреть файл

@ -0,0 +1,49 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "nsISupports.idl"
[scriptable, uuid(c185d920-4a3e-11d5-ba27-00108303b117)]
interface nsICRLInfo : nsISupports {
readonly attribute wstring org;
readonly attribute wstring orgUnit;
readonly attribute PRTime lastUpdate;
readonly attribute PRTime nextUpdate;
readonly attribute wstring lastUpdateLocale;
readonly attribute wstring nextUpdateLocale;
readonly attribute wstring nameInDb;
readonly attribute wstring lastFetchURL;
};

106
security/manager/ssl/public/nsICRLManager.idl Normal file
Просмотреть файл

@ -0,0 +1,106 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "nsISupports.idl"
interface nsIURI;
interface nsISupportsArray;
interface nsICRLInfo;
%{C++
#define NS_CRLMANAGER_CID { /* 5b256c10-22d8-4109-af92-1253035e9fcb */ \
0x5b256c10, \
0x22d8, \
0x4109, \
{0xaf, 0x92, 0x12, 0x53, 0x03, 0x5e, 0x9f, 0xcb} \
}
#define NS_CRLMANAGER_CONTRACTID "@mozilla.org/security/crlmanager;1"
%}
[scriptable, uuid(486755db-627a-4678-a21b-f6a63bb9c56a)]
interface nsICRLManager : nsISupports {
/*
* importCrl
*
* Import a CRL into the certificate database.
*/
void importCrl([array, size_is(length)] in octet data,
in unsigned long length,
in nsIURI uri,
in PRUint32 type,
in boolean doSilentDownload,
in wstring crlKey);
/*
* update crl from url
* update an existing crl from the last fetched url. Needed for the update
* button in crl manager
*/
boolean updateCRLFromURL(in wstring url, in wstring key);
/*
* getCrls
*
* Get a list of Crl entries in the DB.
*/
nsISupportsArray getCrls();
/*
* deleteCrl
*
* Delete the crl.
*/
void deleteCrl(in PRUint32 crlIndex);
/* This would reschedule the autoupdate of crls with auto update enable.
* Most likely to be called when update prefs are changed, or when a crl
* is deleted, etc. However, this might not be the most relevant place for
* this api, but unless we have a separate crl handler object....
*/
void rescheduleCRLAutoUpdate();
const unsigned long TYPE_AUTOUPDATE_TIME_BASED = 1;
const unsigned long TYPE_AUTOUPDATE_FREQ_BASED = 2;
wstring computeNextAutoUpdateTime(in nsICRLInfo info,
in unsigned long autoUpdateType,
in double noOfDays);
};

48
security/manager/ssl/public/nsICertPickDialogs.idl Normal file
Просмотреть файл

@ -0,0 +1,48 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Terry Hayes <thayes@netscape.com>
*/
#include "nsISupports.idl"
interface nsIInterfaceRequestor;
/**
* nsICertPicker
* Provides generic UI for choosing a certificate
*/
[scriptable, uuid(51d59b08-1dd2-11b2-ad4a-a51b92f8a184)]
interface nsICertPickDialogs : nsISupports
{
/**
* PickCertificate
* General purpose certificate prompter
*/
void PickCertificate(in nsIInterfaceRequestor ctx,
[array, size_is(count)] in wstring certNickList,
[array, size_is(count)] in wstring certDetailsList,
in PRUint32 count,
inout PRInt32 selectedIndex,
out boolean canceled);
};
%{C++
#define NS_CERTPICKDIALOGS_CONTRACTID "@mozilla.org/nsCertPickDialogs;1"
%}

5
security/manager/ssl/public/nsICertTree.idl
Просмотреть файл

@ -35,8 +35,9 @@
#include "nsISupports.idl"
#include "nsITreeView.idl"
#include "nsIX509Cert.idl"
#include "nsIX509CertDB.idl"
interface nsINSSCertCache;
interface nsIX509Cert;
[scriptable, uuid(4ea60761-31d6-491d-9e34-4b53a26c416c)]
interface nsICertTree : nsITreeView {

63
security/manager/ssl/public/nsICertificateDialogs.idl Normal file
Просмотреть файл

@ -0,0 +1,63 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Terry Hayes <thayes@netscape.com>
*/
#include "nsISupports.idl"
interface nsIInterfaceRequestor;
interface nsIX509Cert;
interface nsICRLInfo;
/**
* nsICertificateDialogs
* Provides UI for certificate-related dialogs.
*/
[scriptable, uuid(a03ca940-09be-11d5-ac5d-000064657374)]
interface nsICertificateDialogs : nsISupports
{
/**
* downloadCACert
* UI shown when a user is asked to download a new CA cert. Provides
* user with ability to choose trust settings for the cert.
* Trust is a bit mask, see nsIX509CertDB for possible values.
*/
boolean downloadCACert(in nsIInterfaceRequestor ctx,
in nsIX509Cert cert,
out unsigned long trust);
boolean cACertExists(in nsIInterfaceRequestor ctx);
boolean setPKCS12FilePassword(in nsIInterfaceRequestor ctx,
out wstring password);
boolean getPKCS12FilePassword(in nsIInterfaceRequestor ctx,
out wstring password);
void viewCert(in nsIInterfaceRequestor ctx,
in nsIX509Cert cert);
void crlImportStatusDialog(in nsIInterfaceRequestor ctx,
in nsICRLInfo nameInDB);
};
%{C++
#define NS_CERTIFICATEDIALOGS_CONTRACTID "@mozilla.org/nsCertificateDialogs;1"
%}

51
security/manager/ssl/public/nsIClientAuthDialogs.idl Normal file
Просмотреть файл

@ -0,0 +1,51 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Terry Hayes <thayes@netscape.com>
*/
#include "nsISupports.idl"
interface nsIInterfaceRequestor;
/**
* nsIClientAuthDialog
* Provides UI for SSL client-auth dialogs.
*/
[scriptable, uuid(fa4c7520-1433-11d5-ba24-00108303b117)]
interface nsIClientAuthDialogs : nsISupports
{
/**
* display
* UI shown when a user is asked to do SSL client auth.
*/
void ChooseCertificate(in nsIInterfaceRequestor ctx,
in wstring cn,
in wstring organization,
in wstring issuer,
[array, size_is(count)] in wstring certNickList,
[array, size_is(count)] in wstring certDetailsList,
in PRUint32 count,
out PRInt32 selectedIndex,
out boolean canceled);
};
%{C++
#define NS_CLIENTAUTHDIALOGS_CONTRACTID "@mozilla.org/nsClientAuthDialogs;1"
%}

42
security/manager/ssl/public/nsIDOMCryptoDialogs.idl Normal file
Просмотреть файл

@ -0,0 +1,42 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Terry Hayes <thayes@netscape.com>
*/
#include "nsISupports.idl"
interface nsIX509Cert;
[scriptable, uuid(1f8fe77e-1dd2-11b2-8dd2-e55f8d3465b8)]
interface nsIDOMCryptoDialogs : nsISupports
{
/**
* This method is used to warn the user the web site is
* trying to escrow the generated private key. This
* method should return true if the user wants to proceed
* and false if the user cancels the action.
*/
boolean ConfirmKeyEscrow(in nsIX509Cert escrowAuthority);
};
%{C++
#define NS_DOMCRYPTODIALOGS_CONTRACTID "@mozilla.org/nsDOMCryptoDialogs;1"
%}

41
security/manager/ssl/public/nsIGeneratingKeypairInfoDialogs.idl Normal file
Просмотреть файл

@ -0,0 +1,41 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*/
#include "nsISupports.idl"
interface nsIInterfaceRequestor;
interface nsIKeygenThread;
/**
* nsIGeneratingKeypairInfoDialogs
* This is the interface for giving feedback to the user
* while generating a key pair.
*/
[scriptable, uuid(11bf5cdc-1dd2-11b2-ba6a-c76afb326fa1)]
interface nsIGeneratingKeypairInfoDialogs : nsISupports
{
void displayGeneratingKeypairInfo(in nsIInterfaceRequestor ctx,
in nsIKeygenThread runnable);
};
%{C++
#define NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID "@mozilla.org/nsGeneratingKeypairInfoDialogs;1"
%}

68
security/manager/ssl/public/nsIHash.idl Normal file
Просмотреть файл

@ -0,0 +1,68 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2001
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): David Drinan <ddrinan@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
%{ C++
#define NS_HASH_CONTRACTID "@mozilla.org/nsHash;1"
%}
[ptr] native UnsignedCharPtr(unsigned char);
/*
* nsIHash
* Generic hashing interface
*/
[uuid(a31a3028-ae28-11d5-ba4b-00108303b117)]
interface nsIHash : nsISupports
{
const short HASH_AlgNULL = 0;
const short HASH_AlgMD2 = 1;
const short HASH_AlgMD5 = 2;
const short HASH_AlgSHA1 = 3;
const unsigned long MD2_LEN = 16;
const unsigned long MD5_LEN = 16;
const unsigned long SHA1_LEN = 20;
const unsigned long MAX_HASH_LEN = SHA1_LEN;
unsigned long resultLen(in short aAlg);
void create(in short aAlg);
void begin();
void update(in UnsignedCharPtr aBuf, in unsigned long aLen);
void end(in UnsignedCharPtr aHash, out unsigned long aLen, in unsigned long aMaxLen);
};

3
security/manager/ssl/public/nsIKeygenThread.idl
Просмотреть файл

@ -20,7 +20,8 @@
// make sure to include all the required file headers
#include "nsISupports.idl"
#include "nsIDOMWindowInternal.idl"
interface nsIDOMWindowInternal;
/**
* nsIKeygenThread

66
security/manager/ssl/public/nsINSSCertCache.idl Normal file
Просмотреть файл

@ -0,0 +1,66 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#include "nsISupports.idl"
[scriptable, uuid(6c143dac-bd65-4333-b594-7ed1e748e0f9)]
interface nsINSSCertCache : nsISupports {
/*
* cacheAllCerts
*
* Creates a cache of all certificates currently known to NSS.
*/
void cacheAllCerts();
/*
* getCachedCerts
*
* Returns the cached CERTCertList*
*/
[notxpcom, noscript] voidPtr getCachedCerts();
};
%{C++
#define NS_NSSCERTCACHE_CID { /* 3f429a14-dffe-417d-8cb8-fdf09bacd09e */ \
0x3f429a14, \
0xdffe, \
0x417d, \
{0x8c, 0xb8, 0xfd, 0xf0, 0x9b, 0xac, 0xd0, 0x9e} \
}
#define NS_NSSCERTCACHE_CONTRACTID "@mozilla.org/security/nsscertcache;1"
%}

187
security/manager/ssl/public/nsINSSDialogs.idl
Просмотреть файл

@ -1,187 +0,0 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Terry Hayes <thayes@netscape.com>
*/
#include "nsISupports.idl"
#include "nsIX509Cert.idl"
#include "nsIX509CertDB.idl"
interface nsIInterfaceRequestor;
interface nsIKeygenThread;
/**
* nsITokenPasswordDialogs
* This is the interface for setting and changing password
* on a PKCS11 token.
*/
[scriptable, uuid(be26b580-1dd1-11b2-9946-c598d0d07727)]
interface nsITokenPasswordDialogs : nsISupports
{
/**
* setPassword - sets the password/PIN on the named token.
* The canceled output value should be set to TRUE when
* the user (or implementation) cancels the operation.
*/
void setPassword(in nsIInterfaceRequestor ctx, in wstring tokenName,
out boolean canceled);
void getPassword(in nsIInterfaceRequestor ctx,
in wstring tokenName,
out wstring password,
out boolean canceled);
};
/**
* nsIGeneratingKeypairInfoDialogs
* This is the interface for giving feedback to the user
* while generating a key pair.
*/
[scriptable, uuid(11bf5cdc-1dd2-11b2-ba6a-c76afb326fa1)]
interface nsIGeneratingKeypairInfoDialogs : nsISupports
{
void displayGeneratingKeypairInfo(in nsIInterfaceRequestor ctx,
in nsIKeygenThread runnable);
};
/**
* nsINSSDialogs - a collection of functions that
* implement activities that may require interaction
* with the user.
*/
[scriptable, uuid(4a8c5584-1dd2-11b2-bfff-f232dbfab27e)]
interface nsINSSDialogs : nsISupports
{
/**
* This is the base class for NSSDialogs. It must support all
* the interfaces for dialogs that it wants to support.
*
* nsITokenPasswordDialogs is one such implementation.
*/
};
/**
* nsICertificateDialogs
* Provides UI for certificate-related dialogs.
*/
[scriptable, uuid(a03ca940-09be-11d5-ac5d-000064657374)]
interface nsICertificateDialogs : nsISupports
{
/**
* downloadCACert
* UI shown when a user is asked to download a new CA cert. Provides
* user with ability to choose trust settings for the cert.
*/
void downloadCACert(in nsIInterfaceRequestor ctx,
in nsIX509Cert cert,
out unsigned long trust,
out boolean canceled);
void cACertExists(in nsIInterfaceRequestor ctx,
out boolean canceled);
void setPKCS12FilePassword(in nsIInterfaceRequestor ctx,
out wstring password,
out boolean canceled);
void getPKCS12FilePassword(in nsIInterfaceRequestor ctx,
out wstring password,
out boolean canceled);
void viewCert(in nsIX509Cert cert);
void crlImportStatusDialog(in nsIInterfaceRequestor ctx,
in nsICrlEntry nameInDB);
};
/**
* nsIClientAuthDialog
* Provides UI for SSL client-auth dialogs.
*/
[scriptable, uuid(fa4c7520-1433-11d5-ba24-00108303b117)]
interface nsIClientAuthDialogs : nsISupports
{
/**
* display
* UI shown when a user is asked to do SSL client auth.
*/
void ChooseCertificate(in nsIInterfaceRequestor ctx,
in wstring cn,
in wstring organization,
in wstring issuer,
[array, size_is(count)] in wstring certNickList,
[array, size_is(count)] in wstring certDetailsList,
in PRUint32 count,
out PRInt32 selectedIndex,
out boolean canceled);
};
/**
* nsICertPicker
* Provides generic UI for choosing a certificate
*/
[scriptable, uuid(51d59b08-1dd2-11b2-ad4a-a51b92f8a184)]
interface nsICertPickDialogs : nsISupports
{
/**
* PickCertificate
* General purpose certificate prompter
*/
void PickCertificate(in nsIInterfaceRequestor ctx,
[array, size_is(count)] in wstring certNickList,
[array, size_is(count)] in wstring certDetailsList,
in PRUint32 count,
inout PRInt32 selectedIndex,
out boolean canceled);
};
[scriptable, uuid(bb4bae9c-39c5-11d5-ba26-00108303b117)]
interface nsITokenDialogs : nsISupports
{
void ChooseToken(in nsIInterfaceRequestor ctx,
[array, size_is(count)] in wstring tokenNameList,
in PRUint32 count,
out wstring tokenName,
out boolean canceled);
};
[scriptable, uuid(1f8fe77e-1dd2-11b2-8dd2-e55f8d3465b8)]
interface nsIDOMCryptoDialogs : nsISupports
{
/**
* This method is used to warn the user the web site is
* trying to escrow the generated private key. This
* method should return true if the user wants to proceed
* and false if the user cancels the action.
*/
boolean ConfirmKeyEscrow(in nsIX509Cert escrowAuthority);
};
/**
* NS_NSSDIALOGS_CONTRACTID - contract id of a service that
* implements nsINSSDialogs (and possibly other interfaces)
* that provide interaction with the user.
*/
%{C++
#define NS_NSSDIALOGS_CONTRACTID "@mozilla.org/nsNSSDialogs;1"
%}

44
security/manager/ssl/public/nsIOCSPResponder.idl Normal file
Просмотреть файл

@ -0,0 +1,44 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#include "nsISupports.idl"
[scriptable, uuid(96b2f5ae-4334-11d5-ba27-00108303b117)]
interface nsIOCSPResponder : nsISupports {
readonly attribute wstring responseSigner;
readonly attribute wstring serviceURL;
};

75
security/manager/ssl/public/nsIPK11Token.idl Normal file
Просмотреть файл

@ -0,0 +1,75 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Terry Hayes <thayes@netscape.com>
*/
#include "nsISupports.idl"
[scriptable, uuid(51191434-1dd2-11b2-a17c-e49c4e99a4e3)]
interface nsIPK11Token : nsISupports
{
const long ASK_EVERY_TIME = -1;
const long ASK_FIRST_TIME = 0;
const long ASK_EXPIRE_TIME = 1;
/*
* The name of the token
*/
readonly attribute wstring tokenName;
readonly attribute wstring tokenLabel;
readonly attribute wstring tokenManID;
readonly attribute wstring tokenHWVersion;
readonly attribute wstring tokenFWVersion;
readonly attribute wstring tokenSerialNumber;
/*
* Login information
*/
boolean isLoggedIn();
void login(in boolean force);
void logout();
/*
* Reset password
*/
void reset();
/*
* Password information
*/
readonly attribute long minimumPasswordLength;
readonly attribute boolean needsUserInit;
boolean checkPassword(in wstring password); /* Logs out if check fails */
void initPassword(in wstring initialPassword);
void changePassword(in wstring oldPassword, in wstring newPassword);
long getAskPasswordTimes();
long getAskPasswordTimeout();
void setAskPasswordDefaults([const] in long askTimes, [const] in long timeout);
/*
* Other attributes
*/
boolean isHardwareToken();
boolean needsLogin();
boolean isFriendly();
};

54
security/manager/ssl/public/nsIPK11TokenDB.idl
Просмотреть файл

@ -22,7 +22,9 @@
*/
#include "nsISupports.idl"
#include "nsIEnumerator.idl"
interface nsIPK11Token;
interface nsIEnumerator;
/**
* The PK11 Token Database provides access to the PK11 modules
@ -34,56 +36,6 @@
#define NS_PK11TOKENDB_CONTRACTID "@mozilla.org/security/pk11tokendb;1"
%}
[scriptable, uuid(51191434-1dd2-11b2-a17c-e49c4e99a4e3)]
interface nsIPK11Token : nsISupports
{
const long ASK_EVERY_TIME = -1;
const long ASK_FIRST_TIME = 0;
const long ASK_EXPIRE_TIME = 1;
/*
* The name of the token
*/
readonly attribute wstring tokenName;
readonly attribute wstring tokenLabel;
readonly attribute wstring tokenManID;
readonly attribute wstring tokenHWVersion;
readonly attribute wstring tokenFWVersion;
readonly attribute wstring tokenSerialNumber;
/*
* Login information
*/
boolean isLoggedIn();
void login(in boolean force);
void logout();
/*
* Reset password
*/
void reset();
/*
* Password information
*/
readonly attribute long minimumPasswordLength;
readonly attribute boolean needsUserInit;
boolean checkPassword(in wstring password); /* Logs out if check fails */
void initPassword(in wstring initialPassword);
void changePassword(in wstring oldPassword, in wstring newPassword);
long getAskPasswordTimes();
long getAskPasswordTimeout();
void setAskPasswordDefaults([const] in long askTimes, [const] in long timeout);
/*
* Other attributes
*/
boolean isHardwareToken();
boolean needsLogin();
boolean isFriendly();
};
/**
* nsIPK11TokenDB - Manages PK11 Tokens
*/

53
security/manager/ssl/public/nsIPKCS11Module.idl Normal file
Просмотреть файл

@ -0,0 +1,53 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "nsISupports.idl"
interface nsIPKCS11Slot;
interface nsIEnumerator;
[scriptable, uuid(8a44bdf9-d1a5-4734-bd5a-34ed7fe564c2)]
interface nsIPKCS11Module : nsISupports
{
readonly attribute wstring name;
readonly attribute wstring libName;
nsIPKCS11Slot findSlotByName(in wstring name);
nsIEnumerator listSlots();
};

65
security/manager/ssl/public/nsIPKCS11ModuleDB.idl Normal file
Просмотреть файл

@ -0,0 +1,65 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "nsISupports.idl"
interface nsIPKCS11Module;
interface nsIPKCS11Slot;
interface nsIEnumerator;
%{C++
#define NS_PKCS11MODULEDB_CONTRACTID "@mozilla.org/security/pkcs11moduledb;1"
%}
[scriptable, uuid(ff9fbcd7-9517-4334-b97a-ceed78909974)]
interface nsIPKCS11ModuleDB : nsISupports
{
nsIPKCS11Module getInternal();
nsIPKCS11Module getInternalFIPS();
nsIPKCS11Module findModuleByName(in wstring name);
nsIPKCS11Slot findSlotByName(in wstring name);
nsIEnumerator listModules();
readonly attribute boolean canToggleFIPS;
void toggleFIPSMode();
readonly attribute boolean isFIPSEnabled;
};

40
security/manager/ssl/public/nsIPKCS11Slot.idl
Просмотреть файл

@ -34,12 +34,8 @@
*/
#include "nsISupports.idl"
#include "nsIEnumerator.idl"
#include "nsIPK11TokenDB.idl"
%{C++
#define NS_PKCS11MODULEDB_CONTRACTID "@mozilla.org/security/pkcs11moduledb;1"
%}
interface nsIPK11Token;
[scriptable, uuid(c2d4f296-ee60-11d4-998b-00b0d02354a0)]
interface nsIPKCS11Slot : nsISupports {
@ -69,37 +65,3 @@ interface nsIPKCS11Slot : nsISupports {
};
[scriptable, uuid(8a44bdf9-d1a5-4734-bd5a-34ed7fe564c2)]
interface nsIPKCS11Module : nsISupports
{
readonly attribute wstring name;
readonly attribute wstring libName;
nsIPKCS11Slot findSlotByName(in wstring name);
nsIEnumerator listSlots();
};
[scriptable, uuid(ff9fbcd7-9517-4334-b97a-ceed78909974)]
interface nsIPKCS11ModuleDB : nsISupports
{
nsIPKCS11Module getInternal();
nsIPKCS11Module getInternalFIPS();
nsIPKCS11Module findModuleByName(in wstring name);
nsIPKCS11Slot findSlotByName(in wstring name);
nsIEnumerator listModules();
readonly attribute boolean canToggleFIPS;
void toggleFIPSMode();
readonly attribute boolean isFIPSEnabled;
};

41
security/manager/ssl/public/nsISMimeCert.idl Normal file
Просмотреть файл

@ -0,0 +1,41 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "nsISupports.idl"
[scriptable, uuid(66710f97-a4dd-49f1-a906-fe0ebc5924c0)]
interface nsISMimeCert : nsISupports {
void saveSMimeProfile();
};

39
security/manager/ssl/public/nsITokenDialogs.idl Normal file
Просмотреть файл

@ -0,0 +1,39 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Terry Hayes <thayes@netscape.com>
*/
#include "nsISupports.idl"
interface nsIInterfaceRequestor;
[scriptable, uuid(bb4bae9c-39c5-11d5-ba26-00108303b117)]
interface nsITokenDialogs : nsISupports
{
void ChooseToken(in nsIInterfaceRequestor ctx,
[array, size_is(count)] in wstring tokenNameList,
in PRUint32 count,
out wstring tokenName,
out boolean canceled);
};
%{C++
#define NS_TOKENDIALOGS_CONTRACTID "@mozilla.org/nsTokenDialogs;1"
%}

52
security/manager/ssl/public/nsITokenPasswordDialogs.idl Normal file
Просмотреть файл

@ -0,0 +1,52 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Terry Hayes <thayes@netscape.com>
*/
#include "nsISupports.idl"
interface nsIInterfaceRequestor;
/**
* nsITokenPasswordDialogs
* This is the interface for setting and changing password
* on a PKCS11 token.
*/
[scriptable, uuid(be26b580-1dd1-11b2-9946-c598d0d07727)]
interface nsITokenPasswordDialogs : nsISupports
{
/**
* setPassword - sets the password/PIN on the named token.
* The canceled output value should be set to TRUE when
* the user (or implementation) cancels the operation.
*/
void setPassword(in nsIInterfaceRequestor ctx, in wstring tokenName,
out boolean canceled);
void getPassword(in nsIInterfaceRequestor ctx,
in wstring tokenName,
out wstring password,
out boolean canceled);
};
%{C++
#define NS_TOKENPASSWORDSDIALOG_CONTRACTID "@mozilla.org/nsTokenPasswordDialogs;1"
%}

92
security/manager/ssl/public/nsIX509Cert.idl
Просмотреть файл

@ -36,77 +36,8 @@
#include "nsISupports.idl"
#include "nsISupportsArray.idl"
[scriptable, uuid(e701dfd8-1dd1-11b2-a172-ffa6cc6156ad)]
interface nsIX509CertValidity : nsISupports {
readonly attribute PRTime notBefore;
readonly attribute wstring notBeforeLocalTime;
readonly attribute wstring notBeforeGMT;
readonly attribute PRTime notAfter;
readonly attribute wstring notAfterLocalTime;
readonly attribute wstring notAfterGMT;
};
//
// Overview of how this ASN1 interface is intended to
// work.
//
// First off, the nsIASN1Sequence is any type in ASN1
// that consists of sub-elements (ie SEQUENCE, SET)
// nsIASN1Printable Items are all the other types that
// can be viewed by themselves without interpreting further.
// Examples would include INTEGER, UTF-8 STRING, OID.
// These are not intended to directly reflect the numberous
// types that exist in ASN1, but merely an interface to ease
// producing a tree display the ASN1 structure of any DER
// object.
//
[scriptable, uuid(ba8bf582-1dd1-11b2-898c-f40246bc9a63)]
interface nsIASN1Object : nsISupports {
const unsigned long ASN1_END_CONTENTS = 0;
const unsigned long ASN1_BOOLEAN = 1;
const unsigned long ASN1_INTEGER = 2;
const unsigned long ASN1_BIT_STRING = 3;
const unsigned long ASN1_OCTET_STRING = 4;
const unsigned long ASN1_NULL = 5;
const unsigned long ASN1_OBJECT_ID = 6;
const unsigned long ASN1_ENUMERATED = 10;
const unsigned long ASN1_UTF8_STRING = 12;
const unsigned long ASN1_SEQUENCE = 16;
const unsigned long ASN1_SET = 17;
const unsigned long ASN1_PRINTABLE_STRING = 19;
const unsigned long ASN1_T61_STRING = 20;
const unsigned long ASN1_IA5_STRING = 22;
const unsigned long ASN1_UTC_TIME = 23;
const unsigned long ASN1_GEN_TIME = 24;
const unsigned long ASN1_VISIBLE_STRING = 26;
const unsigned long ASN1_UNIVERSAL_STRING = 28;
const unsigned long ASN1_BMP_STRING = 30;
const unsigned long ASN1_HIGH_TAG_NUMBER = 31;
const unsigned long ASN1_CONTEXT_SPECIFIC = 32;
const unsigned long ASN1_APPLICATION = 33;
const unsigned long ASN1_PRIVATE = 34;
// This will be either one of the const
// values above.
attribute unsigned long type;
attribute unsigned long tag;
attribute wstring displayName;
attribute wstring displayValue;
};
[scriptable, uuid(b6b957e6-1dd1-11b2-89d7-e30624f50b00)]
interface nsIASN1Sequence : nsIASN1Object {
attribute nsISupportsArray ASN1Objects;
attribute boolean processObjects;
attribute boolean showObjects;
};
[scriptable, uuid(114e1142-1dd2-11b2-ac26-b6db19d9184a)]
interface nsIASN1PrintableItem : nsIASN1Object {
[noscript] void setData(in charPtr data, in unsigned long len);
[noscript] void getData(out charPtr data, out unsigned long len);
};
interface nsIX509CertValidity;
interface nsIASN1Object;
[scriptable, uuid(f0980f60-ee3d-11d4-998b-00b0d02354a0)]
interface nsIX509Cert : nsISupports {
@ -185,16 +116,10 @@ interface nsIX509Cert : nsISupports {
const unsigned long CERT_USAGE_StatusResponder = 10;
const unsigned long CERT_USAGE_AnyCA = 11;
void verifyForUsage(in PRUint32 usage,
out PRUint32 verificationResult);
/*
* This method is here to make it easier to view a cert.
* It will get the implemention of the nsICertificateDialogs
* interface and call the viewCert method passing itself
* as a parameter.
*/
void view();
* output is verification result, bitmask?
*/
PRUint32 verifyForUsage(in PRUint32 usage);
/*
* This is the attribute which describes the ASN1 layout
@ -203,11 +128,10 @@ interface nsIX509Cert : nsISupports {
*/
readonly attribute nsIASN1Object ASN1Structure;
[noscript] unsigned long getRawDER(out charPtr result);
void getRawDER(out unsigned long length,
[retval, array, size_is(length)] out octet data);
PRBool isSameCert(in nsIX509Cert other);
void saveSMimeProfile();
boolean isSameCert(in nsIX509Cert other);
};
%{C++

177
security/manager/ssl/public/nsIX509CertDB.idl
Просмотреть файл

@ -37,13 +37,10 @@
interface nsISupportsArray;
interface nsIX509Cert;
interface nsIPK11Token;
interface nsILocalFile;
interface nsIInterfaceRequestor;
interface nsIURI;
%{C++
#define NS_X509CERTDB_CID { /* da48b3c0-1284-11d5-ac67-000064657374 */ \
0xda48b3c0, \
0x1284, \
@ -52,66 +49,8 @@ interface nsIURI;
}
#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
typedef int (*nsCertCompareFunc)(void *, nsIX509Cert *a, nsIX509Cert *b);
#define NS_NSSCERTCACHE_CID { /* 3f429a14-dffe-417d-8cb8-fdf09bacd09e */ \
0x3f429a14, \
0xdffe, \
0x417d, \
{0x8c, 0xb8, 0xfd, 0xf0, 0x9b, 0xac, 0xd0, 0x9e} \
}
#define NS_NSSCERTCACHE_CONTRACTID "@mozilla.org/security/nsscertcache;1"
%}
native nsCertCompareFunc(nsCertCompareFunc);
native nsAutoString(nsAutoString);
[ref] native nsAutoStringRef(nsAutoString);
[scriptable, uuid(96b2f5ae-4334-11d5-ba27-00108303b117)]
interface nsIOCSPResponder : nsISupports {
readonly attribute wstring responseSigner;
readonly attribute wstring serviceURL;
};
[scriptable, uuid(c185d920-4a3e-11d5-ba27-00108303b117)]
interface nsICrlEntry : nsISupports {
readonly attribute wstring org;
readonly attribute wstring orgUnit;
readonly attribute wstring lastUpdateLocale;
readonly attribute wstring nextUpdateLocale;
readonly attribute wstring nameInDb;
readonly attribute wstring lastFetchURL;
const unsigned long TYPE_AUTOUPDATE_TIME_BASED = 1;
const unsigned long TYPE_AUTOUPDATE_FREQ_BASED = 2;
wstring ComputeNextAutoUpdateTime(in unsigned long autoUpdateType,
in double noOfDays);
};
[scriptable, uuid(6c143dac-bd65-4333-b594-7ed1e748e0f9)]
interface nsINSSCertCache : nsISupports {
/*
* cacheAllCerts
*
* Creates a cache of all certificates currently known to NSS.
*/
void cacheAllCerts();
/*
* getCachedCerts
*
* Returns the cached CERTCertList*
*/
[notxpcom, noscript] voidPtr getCachedCerts();
};
[scriptable, uuid(da48b3c0-1284-11d5-ac67-000064657374)]
interface nsIX509CertDB : nsISupports {
@ -121,7 +60,7 @@ interface nsIX509CertDB : nsISupports {
const unsigned long TRUSTED_EMAIL = 1 << 1;
const unsigned long TRUSTED_OBJSIGN = 1 << 2;
nsIX509Cert getCertByNickname(in nsIPK11Token aToken,
nsIX509Cert getCertByNickname(in nsISupports aToken,
in wstring aNickname);
/*
@ -131,7 +70,7 @@ interface nsIX509CertDB : nsISupports {
* retrieved by getting the dbKey attribute of
* the certificate.
*/
nsIX509Cert getCertByDBKey(in string aDBkey, in nsIPK11Token aToken);
nsIX509Cert getCertByDBKey(in string aDBkey, in nsISupports aToken);
/*
* getCertNicknames
@ -145,34 +84,11 @@ interface nsIX509CertDB : nsISupports {
* aType - type of certificate to obtain (see nsIX509Cert)
* count, certNameList - the returned array of names
*/
void getCertNicknames(in nsIPK11Token aToken,
void getCertNicknames(in nsISupports aToken,
in unsigned long aType,
out unsigned long count,
[array, size_is(count)] out wstring certNameList);
/*
* getCertsByType
*
* Obtain a list of certs from the database.
*
*/
[notxpcom, noscript] boolean getCertsByTypeFromCache(in nsINSSCertCache cache,
in unsigned long aType,
in nsCertCompareFunc aCertCmpFn,
in voidPtr aCertCmpFnArg,
out nsISupportsArray certs);
/*
* getCertsByType
*
* Obtain a list of certs from the database.
*
*/
[notxpcom, noscript] boolean getCertsByType(in unsigned long aType,
in nsCertCompareFunc aCertCmpFn,
in voidPtr aCertCmpFnArg,
out nsISupportsArray certs);
/* Get the user encryption cert */
nsIX509Cert getEmailEncryptionCert(in wstring aNickname);
@ -180,7 +96,7 @@ interface nsIX509CertDB : nsISupports {
nsIX509Cert getEmailSigningCert(in wstring aNickname);
/* Get a cert by email address */
nsIX509Cert getCertByEmailAddress(in nsIPK11Token aToken,
nsIX509Cert getCertByEmailAddress(in nsISupports aToken,
in string aEmailAddress);
/*
@ -192,31 +108,27 @@ interface nsIX509CertDB : nsISupports {
* the certs will utlimtately live. Currently, they'll
* be placed in the default token.
*/
[noscript] void importCertificates(in charPtr data,
in unsigned long length,
in unsigned long type,
in nsIInterfaceRequestor ctx);
[noscript] void importEmailCertificate(in charPtr data,
in unsigned long length,
in nsIInterfaceRequestor ctx);
[noscript] void importServerCertificate(in charPtr data,
in unsigned long length,
in nsIInterfaceRequestor ctx);
void importCertificates([array, size_is(length)] in octet data,
in unsigned long length,
in unsigned long type,
in nsIInterfaceRequestor ctx);
/*
* importEmailCertificate2
* importEmailCertificate
*
* Import a user certificate into the database.
* Scriptable version of importEmailCertificate.
*
* @param length - The number of bytes contained in the data array.
*
* @param data - Raw certificate data, containing the certificate to import.
*/
void importEmailCertificate2(in unsigned long length,
[array, size_is(length)] in octet data);
void importEmailCertificate([array, size_is(length)] in octet data,
in unsigned long length,
in nsIInterfaceRequestor ctx);
void importServerCertificate([array, size_is(length)] in octet data,
in unsigned long length,
in nsIInterfaceRequestor ctx);
/*
* importCertificate
@ -224,9 +136,9 @@ interface nsIX509CertDB : nsISupports {
* Import a user certificate into the database.
* XXX This method and the importCertificate should be merged into one.
*/
[noscript] void importUserCertificate(in charPtr data,
in unsigned long length,
in nsIInterfaceRequestor ctx);
void importUserCertificate([array, size_is(length)] in octet data,
in unsigned long length,
in nsIInterfaceRequestor ctx);
/*
* deleteCertificate
*
@ -263,7 +175,7 @@ interface nsIX509CertDB : nsISupports {
*
* Import certificate(s) from file
*/
void importCertsFromFile(in nsIPK11Token aToken,
void importCertsFromFile(in nsISupports aToken,
in nsILocalFile aFile,
in unsigned long aType);
@ -272,7 +184,7 @@ interface nsIX509CertDB : nsISupports {
*
* Import a PKCS#12 file contain cert(s) and key(s) into the database.
*/
void importPKCS12File(in nsIPK11Token aToken,
void importPKCS12File(in nsISupports aToken,
in nsILocalFile aFile);
/*
@ -280,7 +192,7 @@ interface nsIX509CertDB : nsISupports {
*
* Export a set of certs and keys from the database to a PKCS#12 file.
*/
void exportPKCS12File(in nsIPK11Token aToken,
void exportPKCS12File(in nsISupports aToken,
in nsILocalFile aFile,
in PRUint32 count,
[array, size_is(count)] in nsIX509Cert aCerts);
@ -292,50 +204,6 @@ interface nsIX509CertDB : nsISupports {
*/
nsISupportsArray getOCSPResponders();
/*
* importCrl
*
* Import a CRL into the database.
*/
[noscript] void importCrl(in charPtr data,
in unsigned long length,
in nsIURI uri,
in PRUint32 type,
in PRBool doSilentDownload,
in wstring crlKey);
/*
* update crl from url
* update an existing crl from the last fetched url. Needed for the update
* button in crl manager
*/
boolean updateCRLFromURL(in wstring url, in wstring key);
/*
* getCrls
*
* Get a list of Crl entries in the DB.
*/
nsISupportsArray getCrls();
/*
* deleteCrl
*
* Delete the crl.
*/
void deleteCrl(in PRUint32 crlIndex);
/* This would reschedule the autoupdate of crls with auto update enable.
* Most likely to be called when update prefs are changed, or when a crl
* is deleted, etc. However, this might not be the most relevant place for
* this api, but unless we have a separate crl handler object....
*/
void rescheduleCRLAutoUpdate();
/*
* Query about the status of OCSP
*/
@ -360,6 +228,5 @@ interface nsIX509CertDB : nsISupports {
*
*/
nsIX509Cert constructX509FromBase64(in string base64);
};

47
security/manager/ssl/public/nsIX509CertValidity.idl Normal file
Просмотреть файл

@ -0,0 +1,47 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "nsISupports.idl"
[scriptable, uuid(e701dfd8-1dd1-11b2-a172-ffa6cc6156ad)]
interface nsIX509CertValidity : nsISupports {
readonly attribute PRTime notBefore;
readonly attribute wstring notBeforeLocalTime;
readonly attribute wstring notBeforeGMT;
readonly attribute PRTime notAfter;
readonly attribute wstring notAfterLocalTime;
readonly attribute wstring notAfterGMT;
};

19
security/manager/ssl/src/Makefile.in
Просмотреть файл

@ -63,11 +63,20 @@ CPPSRCS = \
nsCertTree.cpp \
nsKeygenHandler.cpp \
nsCrypto.cpp \
nsPKCS11Slot.cpp \
nsKeygenThread.cpp \
nsCMSSecureMessage.cpp \
nsCMS.cpp \
nsCertPicker.cpp \
nsPKCS11Slot.cpp \
nsKeygenThread.cpp \
nsCMSSecureMessage.cpp \
nsCMS.cpp \
nsCertPicker.cpp \
nsCRLInfo.cpp \
nsNSSCertCache.cpp \
nsNSSCertHelper.cpp \
nsNSSCertificateDB.cpp \
nsNSSCertTrust.cpp \
nsNSSCertValidity.cpp \
nsOCSPResponder.cpp \
nsUsageArrayHelper.cpp \
nsCRLManager.cpp \
$(NULL)
REQUIRES = nspr \

11
security/manager/ssl/src/nsCMS.cpp
Просмотреть файл

@ -41,6 +41,7 @@
#include "nsNSSCertificate.h"
#include "smime.h"
#include "cms.h"
#include "nsICMSMessageErrors.h"
#include "prlog.h"
#ifdef PR_LOGGING
@ -361,7 +362,15 @@ NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsISupportsArray * aRecipientCerts)
}
for (i=0; i<recipientCertCount; i++) {
nssRecipientCert = NS_STATIC_CAST(nsNSSCertificate*, aRecipientCerts->ElementAt(i));
nsCOMPtr<nsIX509Cert> x509cert = do_QueryElementAt(aRecipientCerts, i);
nssRecipientCert =
NS_STATIC_CAST(nsNSSCertificate*,
NS_STATIC_CAST(nsIX509Cert*, x509cert));
if (!nssRecipientCert)
return NS_ERROR_FAILURE;
recipientCerts[i] = nssRecipientCert->GetCert();
}
recipientCerts[i] = nsnull;

5
security/manager/ssl/src/nsCMS.h
Просмотреть файл

@ -41,7 +41,10 @@
#include "nsISupports.h"
#include "nsCOMPtr.h"
#include "nsIInterfaceRequestor.h"
#include "nsICMS.h"
#include "nsIHash.h"
#include "nsICMSMessage.h"
#include "nsICMSEncoder.h"
#include "nsICMSDecoder.h"
#include "sechash.h"
#include "cms.h"

198
security/manager/ssl/src/nsCRLInfo.cpp Normal file
Просмотреть файл

@ -0,0 +1,198 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#include "prmem.h"
#include "prerror.h"
#include "prprf.h"
#include "nsCRLInfo.h"
#include "nsIDateTimeFormat.h"
#include "nsDateTimeFormatCID.h"
#include "nsCOMPtr.h"
#include "nsComponentManagerUtils.h"
#include "nsReadableUtils.h"
#include "nspr.h"
extern "C" {
#include "pk11func.h"
#include "certdb.h"
#include "cert.h"
#include "secerr.h"
#include "nssb64.h"
#include "secasn1.h"
#include "secder.h"
}
static NS_DEFINE_CID(kDateTimeFormatCID, NS_DATETIMEFORMAT_CID);
NS_IMPL_ISUPPORTS1(nsCRLInfo, nsICRLInfo)
nsCRLInfo::nsCRLInfo()
{
NS_INIT_ISUPPORTS();
/* member initializers and constructor code */
}
nsCRLInfo::nsCRLInfo(CERTSignedCrl *signedCrl)
{
NS_INIT_ISUPPORTS();
CERTCrl *crl = &(signedCrl->crl);
nsAutoString org;
nsAutoString orgUnit;
nsAutoString nameInDb;
nsAutoString nextUpdateLocale;
nsAutoString lastUpdateLocale;
nsAutoString lastFetchURL;
PRTime lastUpdate;
PRTime nextUpdate;
SECStatus sec_rv;
// Get the information we need here //
char * o = CERT_GetOrgName(&(crl->name));
if (o) {
org = NS_ConvertASCIItoUCS2(o);
PORT_Free(o);
}
char * ou = CERT_GetOrgUnitName(&(crl->name));
if (ou) {
orgUnit = NS_ConvertASCIItoUCS2(ou);
//At present, the ou is being used as the unique key - but this
//would change, one support for delta crls come in.
nameInDb = orgUnit;
PORT_Free(ou);
}
nsCOMPtr<nsIDateTimeFormat> dateFormatter = do_CreateInstance(kDateTimeFormatCID);
// Last Update time
if (crl->lastUpdate.len) {
sec_rv = DER_UTCTimeToTime(&lastUpdate, &(crl->lastUpdate));
if (sec_rv == SECSuccess && dateFormatter) {
dateFormatter->FormatPRTime(nsnull, kDateFormatShort, kTimeFormatNone,
lastUpdate, lastUpdateLocale);
}
}
if (crl->nextUpdate.len) {
// Next update time
sec_rv = DER_UTCTimeToTime(&nextUpdate, &(crl->nextUpdate));
if (sec_rv == SECSuccess && dateFormatter) {
dateFormatter->FormatPRTime(nsnull, kDateFormatShort, kTimeFormatNone,
nextUpdate, nextUpdateLocale);
}
}
char * url = signedCrl->url;
if(url) {
lastFetchURL = NS_ConvertASCIItoUCS2(url);
}
mOrg.Assign(org.get());
mOrgUnit.Assign(orgUnit.get());
mLastUpdateLocale.Assign(lastUpdateLocale.get());
mNextUpdateLocale.Assign(nextUpdateLocale.get());
mLastUpdate = lastUpdate;
mNextUpdate = nextUpdate;
mNameInDb.Assign(nameInDb.get());
mLastFetchURL.Assign(lastFetchURL.get());
}
nsCRLInfo::~nsCRLInfo()
{
/* destructor code */
}
/* readonly attribute */
NS_IMETHODIMP nsCRLInfo::GetOrg(PRUnichar** aOrg)
{
NS_ENSURE_ARG(aOrg);
*aOrg = ToNewUnicode(mOrg);
return NS_OK;
}
/* readonly attribute */
NS_IMETHODIMP nsCRLInfo::GetOrgUnit(PRUnichar** aOrgUnit)
{
NS_ENSURE_ARG(aOrgUnit);
*aOrgUnit = ToNewUnicode(mOrgUnit);
return NS_OK;
}
NS_IMETHODIMP nsCRLInfo::GetLastUpdateLocale(PRUnichar** aLastUpdateLocale)
{
NS_ENSURE_ARG(aLastUpdateLocale);
*aLastUpdateLocale = ToNewUnicode(mLastUpdateLocale);
return NS_OK;
}
NS_IMETHODIMP nsCRLInfo::GetNextUpdateLocale(PRUnichar** aNextUpdateLocale)
{
NS_ENSURE_ARG(aNextUpdateLocale);
*aNextUpdateLocale = ToNewUnicode(mNextUpdateLocale);
return NS_OK;
}
NS_IMETHODIMP nsCRLInfo::GetLastUpdate(PRTime* aLastUpdate)
{
NS_ENSURE_ARG(aLastUpdate);
*aLastUpdate = mLastUpdate;
return NS_OK;
}
NS_IMETHODIMP nsCRLInfo::GetNextUpdate(PRTime* aNextUpdate)
{
NS_ENSURE_ARG(aNextUpdate);
*aNextUpdate = mNextUpdate;
return NS_OK;
}
/* readonly attribute */
NS_IMETHODIMP nsCRLInfo::GetNameInDb(PRUnichar** aNameInDb)
{
NS_ENSURE_ARG(aNameInDb);
*aNameInDb = ToNewUnicode(mNameInDb);
return NS_OK;
}
NS_IMETHODIMP nsCRLInfo::GetLastFetchURL(PRUnichar** aLastFetchURL)
{
NS_ENSURE_ARG(aLastFetchURL);
*aLastFetchURL = ToNewUnicode(mLastFetchURL);
return NS_OK;
}

75
security/manager/ssl/src/nsCRLInfo.h Normal file
Просмотреть файл

@ -0,0 +1,75 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#ifndef _NSCLRLINFO_H_
#define _NSCRLINFO_H_
#include "nsICRLInfo.h"
#include "certt.h"
#include "nsString.h"
#define CRL_AUTOUPDATE_TIMIINGTYPE_PREF "security.crl.autoupdate.timingType"
#define CRL_AUTOUPDATE_TIME_PREF "security.crl.autoupdate.nextInstant"
#define CRL_AUTOUPDATE_URL_PREF "security.crl.autoupdate.url"
#define CRL_AUTOUPDATE_DAYCNT_PREF "security.crl.autoupdate.dayCnt"
#define CRL_AUTOUPDATE_FREQCNT_PREF "security.crl.autoupdate.freqCnt"
#define CRL_AUTOUPDATE_ERRCNT_PREF "security.crl.autoupdate.errCount"
#define CRL_AUTOUPDATE_ERRDETAIL_PREF "security.crl.autoupdate.errDetail"
#define CRL_AUTOUPDATE_ENABLED_PREF "security.crl.autoupdate.enable."
#define CRL_AUTOUPDATE_DEFAULT_DELAY 30000UL
class nsCRLInfo : public nsICRLInfo
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICRLINFO
nsCRLInfo();
nsCRLInfo(CERTSignedCrl *);
virtual ~nsCRLInfo();
/* additional members */
private:
nsString mOrg;
nsString mOrgUnit;
nsString mLastUpdateLocale;
nsString mNextUpdateLocale;
PRTime mLastUpdate;
PRTime mNextUpdate;
nsString mNameInDb;
nsString mLastFetchURL;
nsString mNextAutoUpdateDate;
};
#endif

477
security/manager/ssl/src/nsCRLManager.cpp Normal file
Просмотреть файл

@ -0,0 +1,477 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#include "nsCRLManager.h"
#include "nsCRLInfo.h"
#include "nsCOMPtr.h"
#include "nsIDateTimeFormat.h"
#include "nsDateTimeFormatCID.h"
#include "nsComponentManagerUtils.h"
#include "nsReadableUtils.h"
#include "nsNSSComponent.h"
#include "nsIWindowWatcher.h"
#include "nsCOMPtr.h"
#include "nsIPrompt.h"
#include "nsICertificateDialogs.h"
#include "nsISupportsArray.h"
#include "nsNSSCertHeader.h"
#include "nspr.h"
extern "C" {
#include "pk11func.h"
#include "certdb.h"
#include "cert.h"
#include "secerr.h"
#include "nssb64.h"
#include "secasn1.h"
#include "secder.h"
}
#include "ssl.h"
#include "ocsp.h"
#include "plbase64.h"
static NS_DEFINE_CID(kDateTimeFormatCID, NS_DATETIMEFORMAT_CID);
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
NS_IMPL_ISUPPORTS1(nsCRLManager, nsICRLManager)
NS_IMETHODIMP
nsCRLManager::ImportCrl (PRUint8 *aData, PRUint32 aLength, nsIURI * aURI, PRUint32 aType, PRBool doSilentDonwload, const PRUnichar* crlKey)
{
nsresult rv;
PRArenaPool *arena = NULL;
CERTCertificate *caCert;
SECItem derName = { siBuffer, NULL, 0 };
SECItem derCrl;
CERTSignedData sd;
SECStatus sec_rv;
CERTSignedCrl *crl;
nsCAutoString url;
nsCOMPtr<nsICRLInfo> crlData;
PRBool importSuccessful;
PRInt32 errorCode;
nsString errorMessage;
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv)) return rv;
aURI->GetSpec(url);
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) {
goto loser;
}
memset(&sd, 0, sizeof(sd));
derCrl.data = (unsigned char*)aData;
derCrl.len = aLength;
sec_rv = CERT_KeyFromDERCrl(arena, &derCrl, &derName);
if (sec_rv != SECSuccess) {
goto loser;
}
caCert = CERT_FindCertByName(CERT_GetDefaultCertDB(), &derName);
if (!caCert) {
if (aType == SEC_KRL_TYPE){
goto loser;
}
} else {
sec_rv = SEC_ASN1DecodeItem(arena,
&sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
&derCrl);
if (sec_rv != SECSuccess) {
goto loser;
}
sec_rv = CERT_VerifySignedData(&sd, caCert, PR_Now(),
nsnull);
if (sec_rv != SECSuccess) {
goto loser;
}
}
crl = SEC_NewCrl(CERT_GetDefaultCertDB(), (char*)url.get(), &derCrl,
aType);
if (!crl) {
goto loser;
}
crlData = new nsCRLInfo(crl);
SSL_ClearSessionCache();
SEC_DestroyCrl(crl);
importSuccessful = PR_TRUE;
goto done;
loser:
importSuccessful = PR_FALSE;
errorCode = PR_GetError();
switch (errorCode) {
case SEC_ERROR_CRL_EXPIRED:
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CrlImportFailureExpired").get(), errorMessage);
break;
case SEC_ERROR_CRL_BAD_SIGNATURE:
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CrlImportFailureBadSignature").get(), errorMessage);
break;
case SEC_ERROR_CRL_INVALID:
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CrlImportFailureInvalid").get(), errorMessage);
break;
case SEC_ERROR_OLD_CRL:
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CrlImportFailureOld").get(), errorMessage);
break;
case SEC_ERROR_CRL_NOT_YET_VALID:
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CrlImportFailureNotYetValid").get(), errorMessage);
break;
default:
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CrlImportFailureReasonUnknown").get(), errorMessage);
errorMessage.AppendInt(errorCode,16);
break;
}
done:
if(!doSilentDonwload){
if (!importSuccessful){
nsString message;
nsString temp;
nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService(NS_WINDOWWATCHER_CONTRACTID));
nsCOMPtr<nsIPrompt> prompter;
if (wwatch){
wwatch->GetNewPrompter(0, getter_AddRefs(prompter));
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CrlImportFailure1").get(), message);
message.Append(NS_LITERAL_STRING("\n").get());
message.Append(errorMessage);
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CrlImportFailure2").get(), temp);
message.Append(NS_LITERAL_STRING("\n").get());
message.Append(temp);
if(prompter)
prompter->Alert(0, message.get());
}
} else {
nsCOMPtr<nsICertificateDialogs> certDialogs;
// Not being able to display the success dialog should not
// be a fatal error, so don't return a failure code.
if (NS_SUCCEEDED(::getNSSDialogs(getter_AddRefs(certDialogs),
NS_GET_IID(nsICertificateDialogs),
NS_CERTIFICATEDIALOGS_CONTRACTID))) {
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
certDialogs->CrlImportStatusDialog(cxt, crlData);
}
}
} else {
if(crlKey == nsnull){
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsIPref> pref = do_GetService(NS_PREF_CONTRACTID,&rv);
if (NS_FAILED(rv)){
return rv;
}
nsCAutoString updateErrCntPrefStr(CRL_AUTOUPDATE_ERRCNT_PREF);
updateErrCntPrefStr.AppendWithConversion(crlKey);
if(importSuccessful){
PRUnichar *updateTime;
nsCAutoString updateTimeStr;
PRUnichar *updateURL;
nsCAutoString updateURLStr;
PRInt32 timingTypePref;
double dayCnt;
char *dayCntStr;
nsCAutoString updateTypePrefStr(CRL_AUTOUPDATE_TIMIINGTYPE_PREF);
nsCAutoString updateTimePrefStr(CRL_AUTOUPDATE_TIME_PREF);
nsCAutoString updateUrlPrefStr(CRL_AUTOUPDATE_URL_PREF);
nsCAutoString updateDayCntPrefStr(CRL_AUTOUPDATE_DAYCNT_PREF);
nsCAutoString updateFreqCntPrefStr(CRL_AUTOUPDATE_FREQCNT_PREF);
updateTypePrefStr.AppendWithConversion(crlKey);
updateTimePrefStr.AppendWithConversion(crlKey);
updateUrlPrefStr.AppendWithConversion(crlKey);
updateDayCntPrefStr.AppendWithConversion(crlKey);
updateFreqCntPrefStr.AppendWithConversion(crlKey);
pref->GetIntPref(updateTypePrefStr.get(),&timingTypePref);
//Compute and update the next download instant
if(timingTypePref == TYPE_AUTOUPDATE_TIME_BASED){
pref->GetCharPref(updateDayCntPrefStr.get(),&dayCntStr);
}else{
pref->GetCharPref(updateFreqCntPrefStr.get(),&dayCntStr);
}
dayCnt = atof(dayCntStr);
nsMemory::Free(dayCntStr);
PRBool toBeRescheduled = PR_FALSE;
if(NS_SUCCEEDED(ComputeNextAutoUpdateTime(crlData, timingTypePref, dayCnt, &updateTime))){
updateTimeStr.AssignWithConversion(updateTime);
nsMemory::Free(updateTime);
pref->SetCharPref(updateTimePrefStr.get(),updateTimeStr.get());
//Now, check if this update time is already in the past. This would
//imply we have downloaded the same crl, or there is something wrong
//with the next update date. We will not reschedule this crl in this
//session anymore - or else, we land into a loop. It would anyway be
//imported once the browser is restarted.
PRTime nextTime;
PR_ParseTimeString(updateTimeStr.get(),PR_TRUE, &nextTime);
if(LL_CMP(nextTime, > , PR_Now())){
toBeRescheduled = PR_TRUE;
}
}
//Update the url to download from, next time
crlData->GetLastFetchURL(&updateURL);
updateURLStr.AssignWithConversion(updateURL);
nsMemory::Free(updateURL);
pref->SetCharPref(updateUrlPrefStr.get(),updateURLStr.get());
pref->SetIntPref(updateErrCntPrefStr.get(),0);
pref->SavePrefFile(nsnull);
if(toBeRescheduled == PR_TRUE){
nsAutoString hashKey(crlKey);
nssComponent->RemoveCrlFromList(hashKey);
nssComponent->DefineNextTimer();
}
} else{
PRInt32 errCnt;
nsCAutoString errMsg;
nsCAutoString updateErrDetailPrefStr(CRL_AUTOUPDATE_ERRDETAIL_PREF);
updateErrDetailPrefStr.AppendWithConversion(crlKey);
errMsg.AssignWithConversion(errorMessage.get());
rv = pref->GetIntPref(updateErrCntPrefStr.get(),&errCnt);
if( (NS_FAILED(rv)) || (errCnt ==0)){
pref->SetIntPref(updateErrCntPrefStr.get(),1);
}else{
pref->SetIntPref(updateErrCntPrefStr.get(),errCnt+1);
}
pref->SetCharPref(updateErrDetailPrefStr.get(),errMsg.get());
pref->SavePrefFile(nsnull);
}
}
return rv;
}
NS_IMETHODIMP
nsCRLManager::UpdateCRLFromURL( const PRUnichar *url, const PRUnichar* key, PRBool *res)
{
nsresult rv;
nsAutoString downloadUrl(url);
nsAutoString dbKey(key);
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if(NS_FAILED(rv)){
*res = PR_FALSE;
return rv;
}
rv = nssComponent->DownloadCRLDirectly(downloadUrl, dbKey);
if(NS_FAILED(rv)){
*res = PR_FALSE;
} else {
*res = PR_TRUE;
}
return NS_OK;
}
NS_IMETHODIMP
nsCRLManager::RescheduleCRLAutoUpdate(void)
{
nsresult rv;
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if(NS_FAILED(rv)){
return rv;
}
rv = nssComponent->DefineNextTimer();
return rv;
}
/*
* getCRLs
*
* Export a set of certs and keys from the database to a PKCS#12 file.
*/
NS_IMETHODIMP
nsCRLManager::GetCrls(nsISupportsArray ** aCrls)
{
SECStatus sec_rv;
CERTCrlHeadNode *head = nsnull;
CERTCrlNode *node = nsnull;
nsCOMPtr<nsISupportsArray> crlsArray;
nsresult rv;
rv = NS_NewISupportsArray(getter_AddRefs(crlsArray));
if (NS_FAILED(rv)) {
return rv;
}
// Get the list of certs //
sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1);
if (sec_rv != SECSuccess) {
goto loser;
}
if (head) {
for (node=head->first; node != nsnull; node = node->next) {
nsCOMPtr<nsICRLInfo> entry = new nsCRLInfo((node->crl));
crlsArray->AppendElement(entry);
}
PORT_FreeArena(head->arena, PR_FALSE);
}
*aCrls = crlsArray;
NS_IF_ADDREF(*aCrls);
return NS_OK;
loser:
return NS_ERROR_FAILURE;;
}
/*
* deletetCrl
*
* Delete a Crl entry from the cert db.
*/
NS_IMETHODIMP
nsCRLManager::DeleteCrl(PRUint32 aCrlIndex)
{
CERTSignedCrl *realCrl = nsnull;
CERTCrlHeadNode *head = nsnull;
CERTCrlNode *node = nsnull;
SECStatus sec_rv;
PRUint32 i;
// Get the list of certs //
sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1);
if (sec_rv != SECSuccess) {
goto loser;
}
if (head) {
for (i = 0, node=head->first; node != nsnull; i++, node = node->next) {
if (i != aCrlIndex) {
continue;
}
realCrl = SEC_FindCrlByName(CERT_GetDefaultCertDB(), &(node->crl->crl.derName), node->type);
SEC_DeletePermCRL(realCrl);
SEC_DestroyCrl(realCrl);
SSL_ClearSessionCache();
}
PORT_FreeArena(head->arena, PR_FALSE);
}
return NS_OK;
loser:
return NS_ERROR_FAILURE;;
}
NS_IMETHODIMP
nsCRLManager::ComputeNextAutoUpdateTime(nsICRLInfo *info,
PRUint32 autoUpdateType, double dayCnt, PRUnichar **nextAutoUpdate)
{
if (!info)
return NS_ERROR_FAILURE;
PRTime microsecInDayCnt;
PRTime now = PR_Now();
PRTime tempTime;
PRInt64 diff = 0;
PRInt64 secsInDay = 86400UL;
PRInt64 temp;
PRInt64 cycleCnt = 0;
PRInt64 secsInDayCnt;
PRFloat64 tmpData;
LL_L2F(tmpData,secsInDay);
LL_MUL(tmpData,dayCnt,tmpData);
LL_F2L(secsInDayCnt,tmpData);
LL_MUL(microsecInDayCnt, secsInDayCnt, PR_USEC_PER_SEC);
PRTime lastUpdate;
PRTime nextUpdate;
nsresult rv;
rv = info->GetLastUpdate(&lastUpdate);
if (NS_FAILED(rv))
return rv;
rv = info->GetNextUpdate(&nextUpdate);
if (NS_FAILED(rv))
return rv;
switch (autoUpdateType) {
case TYPE_AUTOUPDATE_FREQ_BASED:
LL_SUB(diff, now, lastUpdate); //diff is the no of micro sec between now and last update
LL_DIV(cycleCnt, diff, microsecInDayCnt); //temp is the number of full cycles from lst update
LL_MOD(temp, diff, microsecInDayCnt);
if(!(LL_IS_ZERO(temp))) {
LL_ADD(cycleCnt,cycleCnt,1); //no of complete cycles till next autoupdate instant
}
LL_MUL(temp,cycleCnt,microsecInDayCnt); //micro secs from last update
LL_ADD(tempTime, lastUpdate, temp);
break;
case TYPE_AUTOUPDATE_TIME_BASED:
LL_SUB(tempTime, nextUpdate, microsecInDayCnt);
break;
default:
return NS_ERROR_NOT_IMPLEMENTED;
}
//Now, a basic constraing is that the next auto update date can never be after
//next update, if one is defined
if(LL_CMP(nextUpdate , > , 0 )) {
if(LL_CMP(tempTime , > , nextUpdate)) {
tempTime = nextUpdate;
}
}
nsAutoString nextAutoUpdateDate;
PRExplodedTime explodedTime;
nsCOMPtr<nsIDateTimeFormat> dateFormatter = do_CreateInstance(kDateTimeFormatCID, &rv);
if (NS_FAILED(rv))
return rv;
PR_ExplodeTime(tempTime, PR_GMTParameters, &explodedTime);
dateFormatter->FormatPRExplodedTime(nsnull, kDateFormatShort, kTimeFormatSeconds,
&explodedTime, nextAutoUpdateDate);
*nextAutoUpdate = ToNewUnicode(nextAutoUpdateDate);
return NS_OK;
}

47
security/manager/ssl/src/nsCRLManager.h Normal file
Просмотреть файл

@ -0,0 +1,47 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#ifndef _NSCRLMANAGER_H_
#define _NSCRLMANAGER_H_
#include "nsICRLManager.h"
class nsCRLManager : public nsICRLManager
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICRLMANAGER
};
#endif

6
security/manager/ssl/src/nsCertPicker.cpp
Просмотреть файл

@ -42,9 +42,9 @@
#include "nsIServiceManager.h"
#include "nsNSSComponent.h"
#include "nsNSSCertificate.h"
#include "nsINSSDialogs.h"
#include "nsReadableUtils.h"
#include "nsNSSCleaner.h"
#include "nsICertPickDialogs.h"
NSSCleanupAutoPtrClass(CERTCertNicknames, CERT_FreeNicknames)
NSSCleanupAutoPtrClass(CERTCertList, CERT_DestroyCertList)
@ -168,7 +168,9 @@ NS_IMETHODIMP nsCertPicker::PickByUsage(nsIInterfaceRequestor *ctx,
if (CertsToUse) {
nsICertPickDialogs *dialogs = nsnull;
rv = getNSSDialogs((void**)&dialogs, NS_GET_IID(nsICertPickDialogs));
rv = getNSSDialogs((void**)&dialogs,
NS_GET_IID(nsICertPickDialogs),
NS_CERTPICKDIALOGS_CONTRACTID);
if (NS_SUCCEEDED(rv)) {
/* Throw up the cert picker dialog and get back the index of the selected cert */

91
security/manager/ssl/src/nsCertTree.cpp
Просмотреть файл

@ -39,6 +39,9 @@
#include "nsIX509CertDB.h"
#include "nsXPIDLString.h"
#include "nsReadableUtils.h"
#include "nsNSSCertificate.h"
#include "nsNSSCertHelper.h"
#include "nsINSSCertCache.h"
#include "prlog.h"
#ifdef PR_LOGGING
@ -263,7 +266,7 @@ nsCertTree::GetCertAtIndex(PRInt32 index)
return rawPtr;
}
nsCertCompareFunc
nsCertTree::nsCertCompareFunc
nsCertTree::GetCompareFuncFromCertType(PRUint32 aType)
{
switch (aType) {
@ -279,6 +282,75 @@ nsCertTree::GetCompareFuncFromCertType(PRUint32 aType)
}
}
PRBool
nsCertTree::GetCertsByTypeFromCertList(CERTCertList *aCertList,
PRUint32 aType,
nsCertCompareFunc aCertCmpFn,
void *aCertCmpFnArg,
nsISupportsArray **_certs)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("GetCertsByTypeFromCertList"));
if (!aCertList)
return PR_FALSE;
nsCOMPtr<nsISupportsArray> certarray;
nsresult rv = NS_NewISupportsArray(getter_AddRefs(certarray));
if (NS_FAILED(rv)) return PR_FALSE;
CERTCertListNode *node;
int i, count = 0;
for (node = CERT_LIST_HEAD(aCertList);
!CERT_LIST_END(node, aCertList);
node = CERT_LIST_NEXT(node)) {
if (getCertType(node->cert) == aType) {
nsCOMPtr<nsIX509Cert> pipCert = new nsNSSCertificate(node->cert);
if (pipCert) {
for (i=0; i<count; i++) {
nsCOMPtr<nsISupports> isupport =
dont_AddRef(certarray->ElementAt(i));
nsCOMPtr<nsIX509Cert> cert = do_QueryInterface(isupport);
if ((*aCertCmpFn)(aCertCmpFnArg, pipCert, cert) < 0) {
certarray->InsertElementAt(pipCert, i);
break;
}
}
if (i == count) certarray->AppendElement(pipCert);
count++;
}
}
}
*_certs = certarray;
NS_ADDREF(*_certs);
return PR_TRUE;
}
PRBool
nsCertTree::GetCertsByType(PRUint32 aType,
nsCertCompareFunc aCertCmpFn,
void *aCertCmpFnArg,
nsISupportsArray **_certs)
{
CERTCertList *certList = NULL;
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
certList = PK11_ListCerts(PK11CertListUnique, cxt);
PRBool rv = GetCertsByTypeFromCertList(certList, aType, aCertCmpFn, aCertCmpFnArg, _certs);
if (certList)
CERT_DestroyCertList(certList);
return rv;
}
PRBool
nsCertTree::GetCertsByTypeFromCache(nsINSSCertCache *aCache,
PRUint32 aType,
nsCertCompareFunc aCertCmpFn,
void *aCertCmpFnArg,
nsISupportsArray **_certs)
{
NS_ENSURE_ARG_POINTER(aCache);
CERTCertList *certList = NS_REINTERPRET_CAST(CERTCertList*, aCache->GetCachedCerts());
if (!certList)
return NS_ERROR_FAILURE;
return GetCertsByTypeFromCertList(certList, aType, aCertCmpFn, aCertCmpFnArg, _certs);
}
// LoadCerts
//
// Load all of the certificates in the DB for this type. Sort them
@ -294,12 +366,9 @@ nsCertTree::LoadCertsFromCache(nsINSSCertCache *aCache, PRUint32 aType)
mNumRows = 0;
}
InitCompareHash();
nsCOMPtr<nsIX509CertDB> certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
if (certdb == nsnull) return NS_ERROR_FAILURE;
rv = certdb->GetCertsByTypeFromCache(aCache, aType,
GetCompareFuncFromCertType(aType), &mCompareCache,
getter_AddRefs(mCertArray));
rv = GetCertsByTypeFromCache(aCache, aType,
GetCompareFuncFromCertType(aType), &mCompareCache,
getter_AddRefs(mCertArray));
if (NS_FAILED(rv)) return rv;
return UpdateUIContents();
}
@ -315,11 +384,9 @@ nsCertTree::LoadCerts(PRUint32 aType)
mNumRows = 0;
}
InitCompareHash();
nsCOMPtr<nsIX509CertDB> certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
if (certdb == nsnull) return NS_ERROR_FAILURE;
rv = certdb->GetCertsByType(aType,
GetCompareFuncFromCertType(aType), &mCompareCache,
getter_AddRefs(mCertArray));
rv = GetCertsByType(aType,
GetCompareFuncFromCertType(aType), &mCompareCache,
getter_AddRefs(mCertArray));
if (NS_FAILED(rv)) return rv;
return UpdateUIContents();
}

15
security/manager/ssl/src/nsCertTree.h
Просмотреть файл

@ -44,6 +44,7 @@
#include "nsITreeSelection.h"
#include "nsISupportsArray.h"
#include "pldhash.h"
#include "nsIX509CertDB.h"
typedef struct treeArrayElStr treeArrayEl;
@ -75,6 +76,8 @@ protected:
void ClearCompareHash();
void RemoveCacheEntry(void *key);
typedef int (*nsCertCompareFunc)(void *, nsIX509Cert *a, nsIX509Cert *b);
static CompareCacheHashEntry *getCacheEntry(void *cache, void *aCert);
static void CmpInitCriterion(nsIX509Cert *cert, CompareCacheHashEntry *entry,
sortCriterion crit, PRInt32 level);
@ -90,6 +93,12 @@ protected:
nsCertCompareFunc GetCompareFuncFromCertType(PRUint32 aType);
PRInt32 CountOrganizations();
PRBool GetCertsByType(PRUint32 aType, nsCertCompareFunc aCertCmpFn,
void *aCertCmpFnArg, nsISupportsArray **_certs);
PRBool GetCertsByTypeFromCache(nsINSSCertCache *aCache, PRUint32 aType,
nsCertCompareFunc aCertCmpFn, void *aCertCmpFnArg,
nsISupportsArray **_certs);
private:
nsCOMPtr<nsISupportsArray> mCertArray;
nsCOMPtr<nsITreeBoxObject> mTree;
@ -106,6 +115,12 @@ private:
void FreeCertArray();
nsresult UpdateUIContents();
PRBool GetCertsByTypeFromCertList(CERTCertList *aCertList,
PRUint32 aType,
nsCertCompareFunc aCertCmpFn,
void *aCertCmpFnArg,
nsISupportsArray **_certs);
#ifdef DEBUG_CERT_TREE
/* for debugging purposes */
void dumpMap();

16
security/manager/ssl/src/nsCrypto.cpp
Просмотреть файл

@ -24,12 +24,11 @@
#include "nsCrypto.h"
#include "nsKeygenHandler.h"
#include "nsKeygenThread.h"
#include "nsINSSDialogs.h"
#include "nsNSSCertificate.h"
#include "nsNSSCertificateDB.h"
#include "nsPKCS12Blob.h"
#include "nsPK11TokenDB.h"
#include "nsIServiceManager.h"
#include "nsINSSDialogs.h"
#include "nsIMemory.h"
#include "nsCRT.h"
#include "prprf.h"
@ -51,6 +50,8 @@
#include "nsScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsXPIDLString.h"
#include "nsIGeneratingKeypairInfoDialogs.h"
#include "nsIDOMCryptoDialogs.h"
#include "jsapi.h"
#include "jsdbgapi.h"
#include "jscntxt.h"
@ -638,7 +639,8 @@ cryptojs_generateOneKeyPair(JSContext *cx, nsKeyPairInfo *keyPairInfo,
}
rv = getNSSDialogs((void**)&dialogs,
NS_GET_IID(nsIGeneratingKeypairInfoDialogs));
NS_GET_IID(nsIGeneratingKeypairInfoDialogs),
NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID);
if (NS_SUCCEEDED(rv)) {
KeygenRunnable = new nsKeygenThread();
@ -1476,7 +1478,8 @@ nsCrypto::GenerateCRMFRequest(nsIDOMCRMFObject** aReturn)
nsCOMPtr<nsIDOMCryptoDialogs> dialogs;
nsresult rv = getNSSDialogs(getter_AddRefs(dialogs),
NS_GET_IID(nsIDOMCryptoDialogs));
NS_GET_IID(nsIDOMCryptoDialogs),
NS_DOMCRYPTODIALOGS_CONTRACTID);
if (NS_FAILED(rv))
return rv;
@ -1644,7 +1647,8 @@ nsP12Runnable::Run()
NS_ASSERTION(mCertArr, "certArr is NULL while trying to back up");
nsCOMPtr<nsIDOMCryptoDialogs> dialogs;
nsresult rv = getNSSDialogs(getter_AddRefs(dialogs),
NS_GET_IID(nsIDOMCryptoDialogs));
NS_GET_IID(nsIDOMCryptoDialogs),
NS_DOMCRYPTODIALOGS_CONTRACTID);
if (NS_FAILED(rv))
return rv;
@ -1890,7 +1894,7 @@ nsCrypto::ImportUserCertificates(const nsAString& aNickname,
localNick = currCert->nickname;
}
else if (nickname == nsnull || nickname[0] == '\0') {
localNick = default_nickname(currCert, ctx);
localNick = nsNSSCertificateDB::default_nickname(currCert, ctx);
freeLocalNickname = PR_TRUE;
} else {
//This is the case where we're getting a brand new

9
security/manager/ssl/src/nsKeygenHandler.cpp
Просмотреть файл

@ -39,11 +39,12 @@ extern "C" {
#include "nsIServiceManager.h"
#include "nsIDOMHTMLSelectElement.h"
#include "nsIContent.h"
#include "nsINSSDialogs.h"
#include "nsKeygenThread.h"
#include "nsReadableUtils.h"
#include "nsUnicharUtils.h"
#include "nsCRT.h"
#include "nsITokenDialogs.h"
#include "nsIGeneratingKeypairInfoDialogs.h"
//These defines are taken from the PKCS#11 spec
#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
@ -310,7 +311,8 @@ GetSlotWithMechanism(PRUint32 aMechanism,
/* Throw up the token list dialog and get back the token */
rv = getNSSDialogs((void**)&dialogs,
NS_GET_IID(nsITokenDialogs));
NS_GET_IID(nsITokenDialogs),
NS_TOKENDIALOGS_CONTRACTID);
if (NS_FAILED(rv)) goto loser;
@ -458,7 +460,8 @@ found_match:
}
rv = getNSSDialogs((void**)&dialogs,
NS_GET_IID(nsIGeneratingKeypairInfoDialogs));
NS_GET_IID(nsIGeneratingKeypairInfoDialogs),
NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID);
if (NS_SUCCEEDED(rv)) {
KeygenRunnable = new nsKeygenThread();

1
security/manager/ssl/src/nsKeygenThread.cpp
Просмотреть файл

@ -22,6 +22,7 @@
#include "nsCOMPtr.h"
#include "nsProxiedService.h"
#include "nsKeygenThread.h"
#include "nsIDOMWindowInternal.h"
NS_IMPL_THREADSAFE_ISUPPORTS1(nsKeygenThread, nsIKeygenThread)

2
security/manager/ssl/src/nsNSSASN1Object.h
Просмотреть файл

@ -41,6 +41,8 @@
#include "nsITreeSelection.h"
#include "nsCOMPtr.h"
#include "nsString.h"
#include "nsIASN1Sequence.h"
#include "nsIASN1PrintableItem.h"
//
// Read comments in nsIX509Cert.idl for a description of the desired

88
security/manager/ssl/src/nsNSSCertCache.cpp Normal file
Просмотреть файл

@ -0,0 +1,88 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#include "nsNSSCertCache.h"
#include "nsAutoLock.h"
#include "cert.h"
#include "nsCOMPtr.h"
#include "nsIInterfaceRequestor.h"
#include "nsNSSHelper.h"
NS_IMPL_THREADSAFE_ISUPPORTS1(nsNSSCertCache, nsINSSCertCache)
nsNSSCertCache::nsNSSCertCache()
:mCertList(nsnull)
{
mutex = PR_NewLock();
}
nsNSSCertCache::~nsNSSCertCache()
{
if (mCertList) {
CERT_DestroyCertList(mCertList);
}
if (mutex) {
PR_DestroyLock(mutex);
mutex = nsnull;
}
}
NS_IMETHODIMP
nsNSSCertCache::CacheAllCerts()
{
{
nsAutoLock lock(mutex);
if (mCertList) {
CERT_DestroyCertList(mCertList);
mCertList = nsnull;
}
}
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
CERTCertList *newList = PK11_ListCerts(PK11CertListUnique, cxt);
if (newList) {
nsAutoLock lock(mutex);
mCertList = newList;
}
return NS_OK;
}
void* nsNSSCertCache::GetCachedCerts()
{
nsAutoLock lock(mutex);
return mCertList;
}

55
security/manager/ssl/src/nsNSSCertCache.h Normal file
Просмотреть файл

@ -0,0 +1,55 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#ifndef _NSNSSCERTCACHE_H_
#define _NSNSSCERTCACHE_H_
#include "nsINSSCertCache.h"
#include "certt.h"
class nsNSSCertCache : public nsINSSCertCache
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSINSSCERTCACHE
nsNSSCertCache();
virtual ~nsNSSCertCache();
private:
PRLock *mutex;
CERTCertList *mCertList;
};
#endif

50
security/manager/ssl/src/nsNSSCertHeader.h Normal file
Просмотреть файл

@ -0,0 +1,50 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#ifndef _NSNSSCERTHEADER_H_
#define _NSNSSCERTHEADER_H_
/* private NSS defines used by PSM */
/* (must be declated before cert.h) */
#define CERT_NewTempCertificate __CERT_NewTempCertificate
#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm
#include "prtypes.h"
#include "cert.h"
#include "secitem.h"
#include "nsString.h"
#endif

507
security/manager/ssl/src/nsNSSCertHelper.cpp Normal file
Просмотреть файл

@ -0,0 +1,507 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#include "prmem.h"
#include "prerror.h"
#include "prprf.h"
#include "nsNSSCertHelper.h"
#include "cert.h"
#include "nsCOMPtr.h"
#include "nsNSSASN1Object.h"
#include "nsNSSComponent.h"
#include "nsNSSCertTrust.h"
nsresult
GetIntValue(SECItem *versionItem,
unsigned long *version)
{
SECStatus srv;
srv = SEC_ASN1DecodeInteger(versionItem,version);
if (srv != SECSuccess) {
NS_ASSERTION(0,"Could not decode version of cert");
return NS_ERROR_FAILURE;
}
return NS_OK;
}
nsresult
ProcessVersion(SECItem *versionItem,
nsINSSComponent *nssComponent,
nsIASN1PrintableItem **retItem)
{
nsresult rv;
nsString text;
nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
if (printableItem == nsnull)
return NS_ERROR_OUT_OF_MEMORY;
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpVersion").get(),
text);
rv = printableItem->SetDisplayName(text.get());
if (NS_FAILED(rv))
return rv;
// Now to figure out what version this certificate is.
unsigned long version;
if (versionItem->data) {
rv = GetIntValue(versionItem, &version);
if (NS_FAILED(rv))
return rv;
} else {
// If there is no version present in the cert, then rfc2459
// says we default to v1 (0)
version = 0;
}
switch (version){
case 0:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpVersion1").get(),
text);
break;
case 1:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpVersion2").get(),
text);
break;
case 2:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpVersion3").get(),
text);
break;
default:
NS_ASSERTION(0,"Bad value for cert version");
rv = NS_ERROR_FAILURE;
}
if (NS_FAILED(rv))
return rv;
rv = printableItem->SetDisplayValue(text.get());
if (NS_FAILED(rv))
return rv;
*retItem = printableItem;
NS_ADDREF(*retItem);
return NS_OK;
}
nsresult
ProcessSerialNumberDER(SECItem *serialItem,
nsINSSComponent *nssComponent,
nsIASN1PrintableItem **retItem)
{
nsresult rv;
nsString text;
nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
if (printableItem == nsnull)
return NS_ERROR_OUT_OF_MEMORY;
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSerialNo").get(),
text);
if (NS_FAILED(rv))
return rv;
rv = printableItem->SetDisplayName(text.get());
if (NS_FAILED(rv))
return rv;
nsXPIDLCString serialNumber;
serialNumber.Adopt(CERT_Hexify(serialItem, 1));
if (serialNumber == nsnull)
return NS_ERROR_OUT_OF_MEMORY;
rv = printableItem->SetDisplayValue(NS_ConvertASCIItoUCS2(serialNumber).get());
*retItem = printableItem;
NS_ADDREF(*retItem);
return rv;
}
nsresult
GetDefaultOIDFormat(SECItem *oid,
nsString &outString)
{
char buf[300];
unsigned int len;
int written;
unsigned long val = oid->data[0];
unsigned int i = val % 40;
val /= 40;
written = PR_snprintf(buf, 300, "%lu %u ", val, i);
if (written < 0)
return NS_ERROR_FAILURE;
len = written;
val = 0;
for (i = 1; i < oid->len; ++i) {
// In this loop, we have to parse a DER formatted
// If the first bit is a 1, then the integer is
// represented by more than one byte. If the
// first bit is set then we continue on and add
// the values of the later bytes until we get
// a byte without the first bit set.
unsigned long j;
j = oid->data[i];
val = (val << 7) | (j & 0x7f);
if (j & 0x80)
continue;
written = PR_snprintf(&buf[len], sizeof(buf)-len, "%lu ", val);
if (written < 0)
return NS_ERROR_FAILURE;
len += written;
NS_ASSERTION(len < sizeof(buf), "OID data to big to display in 300 chars.");
val = 0;
}
outString = NS_ConvertASCIItoUCS2(buf).get();
return NS_OK;
}
nsresult
GetOIDText(SECItem *oid, nsINSSComponent *nssComponent, nsString &text)
{
nsresult rv;
SECOidTag oidTag = SECOID_FindOIDTag(oid);
switch (oidTag) {
case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpMD2WithRSA").get(),
text);
break;
case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpMD5WithRSA").get(),
text);
break;
case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSHA1WithRSA").get(),
text);
break;
case SEC_OID_AVA_COUNTRY_NAME:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpAVACountry").get(),
text);
break;
case SEC_OID_AVA_COMMON_NAME:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpAVACN").get(),
text);
break;
case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpAVAOU").get(),
text);
break;
case SEC_OID_AVA_ORGANIZATION_NAME:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpAVAOrg").get(),
text);
break;
case SEC_OID_AVA_LOCALITY:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpAVALocality").get(),
text);
break;
case SEC_OID_AVA_DN_QUALIFIER:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpAVADN").get(),
text);
break;
case SEC_OID_AVA_DC:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpAVADC").get(),
text);
break;
case SEC_OID_AVA_STATE_OR_PROVINCE:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpAVAState").get(),
text);
break;
case SEC_OID_PKCS1_RSA_ENCRYPTION:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpRSAEncr").get(),
text);
break;
case SEC_OID_X509_KEY_USAGE:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpKeyUsage").get(),
text);
break;
case SEC_OID_NS_CERT_EXT_CERT_TYPE:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpCertType").get(),
text);
break;
case SEC_OID_X509_AUTH_KEY_ID:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpAuthKeyID").get(),
text);
break;
case SEC_OID_RFC1274_UID:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpUserID").get(),
text);
break;
case SEC_OID_PKCS9_EMAIL_ADDRESS:
rv = nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpPK9Email").get(),
text);
break;
default:
rv = GetDefaultOIDFormat(oid, text);
if (NS_FAILED(rv))
return rv;
const PRUnichar *params[1] = {text.get()};
nsXPIDLString text2;
rv = nssComponent->PIPBundleFormatStringFromName(NS_LITERAL_STRING("CertDumpDefOID").get(),
params, 1,
getter_Copies(text2));
text = text2;
break;
}
return rv;
}
#define SEPARATOR "\n"
nsresult
ProcessRawBytes(SECItem *data, nsString &text)
{
// This function is used to display some DER bytes
// that we have not added support for decoding.
// It prints the value of the byte out into a
// string that can later be displayed as a byte
// string. We place a new line after 24 bytes
// to break up extermaly long sequence of bytes.
PRUint32 i;
char buffer[5];
for (i=0; i<data->len; i++) {
PR_snprintf(buffer, 5, "%02x ", data->data[i]);
text.Append(NS_ConvertASCIItoUCS2(buffer).get());
if ((i+1)%16 == 0) {
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
}
return NS_OK;
}
nsresult
ProcessNSCertTypeExtensions(SECItem *extData,
nsString &text,
nsINSSComponent *nssComponent)
{
SECItem decoded;
decoded.data = nsnull;
decoded.len = 0;
SEC_ASN1DecodeItem(nsnull, &decoded,
SEC_ASN1_GET(SEC_BitStringTemplate), extData);
unsigned char nsCertType = decoded.data[0];
nsString local;
nsMemory::Free(decoded.data);
if (nsCertType & NS_CERT_TYPE_SSL_CLIENT) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("VerifySSLClient").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
if (nsCertType & NS_CERT_TYPE_SSL_SERVER) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("VerifySSLServer").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
if (nsCertType & NS_CERT_TYPE_EMAIL) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpCertTypeEmail").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("VerifyObjSign").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
if (nsCertType & NS_CERT_TYPE_SSL_CA) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("VerifySSLCA").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
if (nsCertType & NS_CERT_TYPE_EMAIL_CA) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpEmailCA").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING_CA) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("VerifyObjSign").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
return NS_OK;
}
nsresult
ProcessKeyUsageExtension(SECItem *extData, nsString &text,
nsINSSComponent *nssComponent)
{
SECItem decoded;
decoded.data = nsnull;
decoded.len = 0;
SEC_ASN1DecodeItem(nsnull, &decoded,
SEC_ASN1_GET(SEC_BitStringTemplate), extData);
unsigned char keyUsage = decoded.data[0];
nsString local;
nsMemory::Free(decoded.data);
if (keyUsage & KU_DIGITAL_SIGNATURE) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpKUSign").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
if (keyUsage & KU_NON_REPUDIATION) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpKUNonRep").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
if (keyUsage & KU_KEY_ENCIPHERMENT) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpKUEnc").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
if (keyUsage & KU_DATA_ENCIPHERMENT) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpKUDEnc").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
if (keyUsage & KU_KEY_AGREEMENT) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpKUKA").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
if (keyUsage & KU_KEY_CERT_SIGN) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpKUCertSign").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
if (keyUsage & KU_CRL_SIGN) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpKUCRLSign").get(),
local);
text.Append(local.get());
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
}
return NS_OK;
}
nsresult
ProcessExtensionData(SECOidTag oidTag, SECItem *extData,
nsString &text, nsINSSComponent *nssComponent)
{
nsresult rv;
switch (oidTag) {
case SEC_OID_NS_CERT_EXT_CERT_TYPE:
rv = ProcessNSCertTypeExtensions(extData, text, nssComponent);
break;
case SEC_OID_X509_KEY_USAGE:
rv = ProcessKeyUsageExtension(extData, text, nssComponent);
break;
default:
rv = ProcessRawBytes(extData, text);
break;
}
return rv;
}
nsresult
ProcessSingleExtension(CERTCertExtension *extension,
nsINSSComponent *nssComponent,
nsIASN1PrintableItem **retExtension)
{
nsString text;
GetOIDText(&extension->id, nssComponent, text);
nsCOMPtr<nsIASN1PrintableItem>extensionItem = new nsNSSASN1PrintableItem();
if (extensionItem == nsnull)
return NS_ERROR_OUT_OF_MEMORY;
extensionItem->SetDisplayName(text.get());
SECOidTag oidTag = SECOID_FindOIDTag(&extension->id);
text.Truncate();
if (extension->critical.data != nsnull) {
if (extension->critical.data[0]) {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpCritical").get(),
text);
} else {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpNonCritical").get(),
text);
}
} else {
nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpNonCritical").get(),
text);
}
text.Append(NS_LITERAL_STRING(SEPARATOR).get());
nsresult rv = ProcessExtensionData(oidTag, &extension->value, text,
nssComponent);
if (NS_FAILED(rv))
return rv;
extensionItem->SetDisplayValue(text.get());
*retExtension = extensionItem;
NS_ADDREF(*retExtension);
return NS_OK;
}
PRUint32
getCertType(CERTCertificate *cert)
{
char *nick = cert->nickname;
char *email = cert->emailAddr;
nsNSSCertTrust trust(cert->trust);
/*
fprintf(stderr, "====> nick: %s email: %s has-any-user: %d hash-any-ca: %d has-peer100: %d has-peer001: %d\n",
nick, email, (nick) ? trust.HasAnyUser() : 0, (nick) ? trust.HasAnyCA() : 0, (nick) ? trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE) : 0,
(email) ? trust.HasPeer(PR_FALSE, PR_TRUE, PR_FALSE) : 0 );
*/
if (nick) {
if (trust.HasAnyUser())
return nsIX509Cert::USER_CERT;
if (trust.HasAnyCA() || CERT_IsCACert(cert,NULL))
return nsIX509Cert::CA_CERT;
if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE))
return nsIX509Cert::SERVER_CERT;
}
if (email && trust.HasPeer(PR_FALSE, PR_TRUE, PR_FALSE))
return nsIX509Cert::EMAIL_CERT;
return nsIX509Cert::UNKNOWN_CERT;
}

90
security/manager/ssl/src/nsNSSCertHelper.h Normal file
Просмотреть файл

@ -0,0 +1,90 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#ifndef _NSNSSCERTHELPER_H_
#define _NSNSSCERTHELPER_H_
#include "nsNSSCertHeader.h"
class nsINSSComponent;
class nsIASN1PrintableItem;
nsresult
GetIntValue(SECItem *versionItem,
unsigned long *version);
nsresult
ProcessVersion(SECItem *versionItem,
nsINSSComponent *nssComponent,
nsIASN1PrintableItem **retItem);
nsresult
ProcessSerialNumberDER(SECItem *serialItem,
nsINSSComponent *nssComponent,
nsIASN1PrintableItem **retItem);
nsresult
GetDefaultOIDFormat(SECItem *oid,
nsString &outString);
nsresult
GetOIDText(SECItem *oid, nsINSSComponent *nssComponent, nsString &text);
nsresult
ProcessRawBytes(SECItem *data, nsString &text);
nsresult
ProcessNSCertTypeExtensions(SECItem *extData,
nsString &text,
nsINSSComponent *nssComponent);
nsresult
ProcessKeyUsageExtension(SECItem *extData, nsString &text,
nsINSSComponent *nssComponent);
nsresult
ProcessExtensionData(SECOidTag oidTag, SECItem *extData,
nsString &text, nsINSSComponent *nssComponent);
nsresult
ProcessSingleExtension(CERTCertExtension *extension,
nsINSSComponent *nssComponent,
nsIASN1PrintableItem **retExtension);
PRUint32
getCertType(CERTCertificate *cert);
#endif

364
security/manager/ssl/src/nsNSSCertTrust.cpp Normal file
Просмотреть файл

@ -0,0 +1,364 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#include "nsNSSCertTrust.h"
void
nsNSSCertTrust::AddCATrust(PRBool ssl, PRBool email, PRBool objSign)
{
if (ssl) {
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
}
if (email) {
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
}
if (objSign) {
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
}
}
void
nsNSSCertTrust::AddPeerTrust(PRBool ssl, PRBool email, PRBool objSign)
{
if (ssl)
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
if (email)
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
if (objSign)
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
}
nsNSSCertTrust::nsNSSCertTrust()
{
memset(&mTrust, 0, sizeof(CERTCertTrust));
}
nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl,
unsigned int email,
unsigned int objsign)
{
memset(&mTrust, 0, sizeof(CERTCertTrust));
addTrust(&mTrust.sslFlags, ssl);
addTrust(&mTrust.emailFlags, email);
addTrust(&mTrust.objectSigningFlags, objsign);
}
nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t)
{
if (t)
memcpy(&mTrust, t, sizeof(CERTCertTrust));
else
memset(&mTrust, 0, sizeof(CERTCertTrust));
}
nsNSSCertTrust::~nsNSSCertTrust()
{
}
void
nsNSSCertTrust::SetSSLTrust(PRBool peer, PRBool tPeer,
PRBool ca, PRBool tCA, PRBool tClientCA,
PRBool user, PRBool warn)
{
mTrust.sslFlags = 0;
if (peer || tPeer)
addTrust(&mTrust.sslFlags, CERTDB_VALID_PEER);
if (tPeer)
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
if (ca || tCA)
addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
if (tClientCA)
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
if (tCA)
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
if (user)
addTrust(&mTrust.sslFlags, CERTDB_USER);
if (warn)
addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
}
void
nsNSSCertTrust::SetEmailTrust(PRBool peer, PRBool tPeer,
PRBool ca, PRBool tCA, PRBool tClientCA,
PRBool user, PRBool warn)
{
mTrust.emailFlags = 0;
if (peer || tPeer)
addTrust(&mTrust.emailFlags, CERTDB_VALID_PEER);
if (tPeer)
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
if (ca || tCA)
addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
if (tClientCA)
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
if (tCA)
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
if (user)
addTrust(&mTrust.emailFlags, CERTDB_USER);
if (warn)
addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
}
void
nsNSSCertTrust::SetObjSignTrust(PRBool peer, PRBool tPeer,
PRBool ca, PRBool tCA, PRBool tClientCA,
PRBool user, PRBool warn)
{
mTrust.objectSigningFlags = 0;
if (peer || tPeer)
addTrust(&mTrust.objectSigningFlags, CERTDB_VALID_PEER);
if (tPeer)
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
if (ca || tCA)
addTrust(&mTrust.objectSigningFlags, CERTDB_VALID_CA);
if (tClientCA)
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
if (tCA)
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
if (user)
addTrust(&mTrust.objectSigningFlags, CERTDB_USER);
if (warn)
addTrust(&mTrust.objectSigningFlags, CERTDB_SEND_WARN);
}
void
nsNSSCertTrust::SetValidCA()
{
SetSSLTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetEmailTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetObjSignTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
}
void
nsNSSCertTrust::SetTrustedServerCA()
{
SetSSLTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetEmailTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetObjSignTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE);
}
void
nsNSSCertTrust::SetTrustedCA()
{
SetSSLTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_TRUE, PR_TRUE,
PR_FALSE, PR_FALSE);
SetEmailTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_TRUE, PR_TRUE,
PR_FALSE, PR_FALSE);
SetObjSignTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_TRUE, PR_TRUE,
PR_FALSE, PR_FALSE);
}
void
nsNSSCertTrust::SetValidPeer()
{
SetSSLTrust(PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetEmailTrust(PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetObjSignTrust(PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
}
void
nsNSSCertTrust::SetValidServerPeer()
{
SetSSLTrust(PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetEmailTrust(PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetObjSignTrust(PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
}
void
nsNSSCertTrust::SetTrustedPeer()
{
SetSSLTrust(PR_TRUE, PR_TRUE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetEmailTrust(PR_TRUE, PR_TRUE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetObjSignTrust(PR_TRUE, PR_TRUE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
}
void
nsNSSCertTrust::SetUser()
{
SetSSLTrust(PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_TRUE, PR_FALSE);
SetEmailTrust(PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_TRUE, PR_FALSE);
SetObjSignTrust(PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_TRUE, PR_FALSE);
}
PRBool
nsNSSCertTrust::HasAnyCA()
{
if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) ||
hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) ||
hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
return PR_TRUE;
return PR_FALSE;
}
PRBool
nsNSSCertTrust::HasCA(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_VALID_CA))
return PR_FALSE;
if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_VALID_CA))
return PR_FALSE;
if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
return PR_FALSE;
return PR_TRUE;
}
PRBool
nsNSSCertTrust::HasPeer(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_VALID_PEER))
return PR_FALSE;
if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_VALID_PEER))
return PR_FALSE;
if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_PEER))
return PR_FALSE;
return PR_TRUE;
}
PRBool
nsNSSCertTrust::HasAnyUser()
{
if (hasTrust(mTrust.sslFlags, CERTDB_USER) ||
hasTrust(mTrust.emailFlags, CERTDB_USER) ||
hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
return PR_TRUE;
return PR_FALSE;
}
PRBool
nsNSSCertTrust::HasUser(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_USER))
return PR_FALSE;
if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_USER))
return PR_FALSE;
if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
return PR_FALSE;
return PR_TRUE;
}
PRBool
nsNSSCertTrust::HasTrustedCA(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) ||
hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
return PR_FALSE;
if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) ||
hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
return PR_FALSE;
if (checkObjSign &&
!(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CA) ||
hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA)))
return PR_FALSE;
return PR_TRUE;
}
PRBool
nsNSSCertTrust::HasTrustedPeer(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED)))
return PR_FALSE;
if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
return PR_FALSE;
if (checkObjSign &&
!(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED)))
return PR_FALSE;
return PR_TRUE;
}
void
nsNSSCertTrust::addTrust(unsigned int *t, unsigned int v)
{
*t |= v;
}
PRBool
nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v)
{
return (t & v);
}

120
security/manager/ssl/src/nsNSSCertTrust.h Normal file
Просмотреть файл

@ -0,0 +1,120 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#ifndef _NSNSSCERTTRUST_H_
#define _NSNSSCERTTRUST_H_
#include "certt.h"
#include "certdb.h"
/*
* nsNSSCertTrust
*
* Class for maintaining trust flags for an NSS certificate.
*/
class nsNSSCertTrust
{
public:
nsNSSCertTrust();
nsNSSCertTrust(unsigned int ssl, unsigned int email, unsigned int objsign);
nsNSSCertTrust(CERTCertTrust *t);
virtual ~nsNSSCertTrust();
/* query */
PRBool HasAnyCA();
PRBool HasAnyUser();
PRBool HasCA(PRBool checkSSL = PR_TRUE,
PRBool checkEmail = PR_TRUE,
PRBool checkObjSign = PR_TRUE);
PRBool HasPeer(PRBool checkSSL = PR_TRUE,
PRBool checkEmail = PR_TRUE,
PRBool checkObjSign = PR_TRUE);
PRBool HasUser(PRBool checkSSL = PR_TRUE,
PRBool checkEmail = PR_TRUE,
PRBool checkObjSign = PR_TRUE);
PRBool HasTrustedCA(PRBool checkSSL = PR_TRUE,
PRBool checkEmail = PR_TRUE,
PRBool checkObjSign = PR_TRUE);
PRBool HasTrustedPeer(PRBool checkSSL = PR_TRUE,
PRBool checkEmail = PR_TRUE,
PRBool checkObjSign = PR_TRUE);
/* common defaults */
/* equivalent to "c,c,c" */
void SetValidCA();
/* equivalent to "C,C,C" */
void SetTrustedServerCA();
/* equivalent to "CT,CT,CT" */
void SetTrustedCA();
/* equivalent to "p,," */
void SetValidServerPeer();
/* equivalent to "p,p,p" */
void SetValidPeer();
/* equivalent to "P,P,P" */
void SetTrustedPeer();
/* equivalent to "u,u,u" */
void SetUser();
/* general setters */
/* read: "p, P, c, C, T, u, w" */
void SetSSLTrust(PRBool peer, PRBool tPeer,
PRBool ca, PRBool tCA, PRBool tClientCA,
PRBool user, PRBool warn);
void SetEmailTrust(PRBool peer, PRBool tPeer,
PRBool ca, PRBool tCA, PRBool tClientCA,
PRBool user, PRBool warn);
void SetObjSignTrust(PRBool peer, PRBool tPeer,
PRBool ca, PRBool tCA, PRBool tClientCA,
PRBool user, PRBool warn);
/* set c <--> CT */
void AddCATrust(PRBool ssl, PRBool email, PRBool objSign);
/* set p <--> P */
void AddPeerTrust(PRBool ssl, PRBool email, PRBool objSign);
/* get it (const?) (shallow?) */
CERTCertTrust * GetTrust() { return &mTrust; }
private:
void addTrust(unsigned int *t, unsigned int v);
void removeTrust(unsigned int *t, unsigned int v);
PRBool hasTrust(unsigned int t, unsigned int v);
CERTCertTrust mTrust;
};
#endif

184
security/manager/ssl/src/nsNSSCertValidity.cpp Normal file
Просмотреть файл

@ -0,0 +1,184 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#include "nsNSSCertValidity.h"
#include "nsNSSCertHeader.h"
#include "nsCOMPtr.h"
#include "nsIDateTimeFormat.h"
#include "nsDateTimeFormatCID.h"
#include "nsComponentManagerUtils.h"
#include "nsReadableUtils.h"
static NS_DEFINE_CID(kDateTimeFormatCID, NS_DATETIMEFORMAT_CID);
/* Implementation file */
NS_IMPL_THREADSAFE_ISUPPORTS1(nsX509CertValidity, nsIX509CertValidity)
nsX509CertValidity::nsX509CertValidity() : mTimesInitialized(PR_FALSE)
{
NS_INIT_ISUPPORTS();
/* member initializers and constructor code */
}
nsX509CertValidity::nsX509CertValidity(CERTCertificate *cert) :
mTimesInitialized(PR_FALSE)
{
NS_INIT_ISUPPORTS();
if (cert) {
SECStatus rv = CERT_GetCertTimes(cert, &mNotBefore, &mNotAfter);
if (rv == SECSuccess)
mTimesInitialized = PR_TRUE;
}
}
nsX509CertValidity::~nsX509CertValidity()
{
/* destructor code */
}
/* readonly attribute PRTime notBefore; */
NS_IMETHODIMP nsX509CertValidity::GetNotBefore(PRTime *aNotBefore)
{
NS_ENSURE_ARG(aNotBefore);
nsresult rv = NS_ERROR_FAILURE;
if (mTimesInitialized) {
*aNotBefore = mNotBefore;
rv = NS_OK;
}
return rv;
}
/* readonly attribute PRTime notBeforeLocalTime; */
NS_IMETHODIMP nsX509CertValidity::GetNotBeforeLocalTime(PRUnichar **aNotBeforeLocalTime)
{
NS_ENSURE_ARG(aNotBeforeLocalTime);
if (!mTimesInitialized)
return NS_ERROR_FAILURE;
nsresult rv;
nsCOMPtr<nsIDateTimeFormat> dateFormatter =
do_CreateInstance(kDateTimeFormatCID, &rv);
if (NS_FAILED(rv)) return rv;
nsAutoString date;
PRExplodedTime explodedTime;
PR_ExplodeTime(mNotBefore, PR_LocalTimeParameters, &explodedTime);
dateFormatter->FormatPRExplodedTime(nsnull, kDateFormatShort, kTimeFormatSecondsForce24Hour,
&explodedTime, date);
*aNotBeforeLocalTime = ToNewUnicode(date);
return NS_OK;
}
/* readonly attribute PRTime notBeforeGMT; */
NS_IMETHODIMP nsX509CertValidity::GetNotBeforeGMT(PRUnichar **aNotBeforeGMT)
{
NS_ENSURE_ARG(aNotBeforeGMT);
if (!mTimesInitialized)
return NS_ERROR_FAILURE;
nsresult rv;
nsCOMPtr<nsIDateTimeFormat> dateFormatter =
do_CreateInstance(kDateTimeFormatCID, &rv);
if (NS_FAILED(rv)) return rv;
nsAutoString date;
PRExplodedTime explodedTime;
PR_ExplodeTime(mNotBefore, PR_GMTParameters, &explodedTime);
dateFormatter->FormatPRExplodedTime(nsnull, kDateFormatShort, kTimeFormatSecondsForce24Hour,
&explodedTime, date);
*aNotBeforeGMT = ToNewUnicode(date);
return NS_OK;
}
/* readonly attribute PRTime notAfter; */
NS_IMETHODIMP nsX509CertValidity::GetNotAfter(PRTime *aNotAfter)
{
NS_ENSURE_ARG(aNotAfter);
nsresult rv = NS_ERROR_FAILURE;
if (mTimesInitialized) {
*aNotAfter = mNotAfter;
rv = NS_OK;
}
return rv;
}
/* readonly attribute PRTime notAfterLocalTime; */
NS_IMETHODIMP nsX509CertValidity::GetNotAfterLocalTime(PRUnichar **aNotAfterLocaltime)
{
NS_ENSURE_ARG(aNotAfterLocaltime);
if (!mTimesInitialized)
return NS_ERROR_FAILURE;
nsresult rv;
nsCOMPtr<nsIDateTimeFormat> dateFormatter =
do_CreateInstance(kDateTimeFormatCID, &rv);
if (NS_FAILED(rv)) return rv;
nsAutoString date;
PRExplodedTime explodedTime;
PR_ExplodeTime(mNotAfter, PR_LocalTimeParameters, &explodedTime);
dateFormatter->FormatPRExplodedTime(nsnull, kDateFormatShort, kTimeFormatSecondsForce24Hour,
&explodedTime, date);
*aNotAfterLocaltime = ToNewUnicode(date);
return NS_OK;
}
/* readonly attribute PRTime notAfterGMT; */
NS_IMETHODIMP nsX509CertValidity::GetNotAfterGMT(PRUnichar **aNotAfterGMT)
{
NS_ENSURE_ARG(aNotAfterGMT);
if (!mTimesInitialized)
return NS_ERROR_FAILURE;
nsresult rv;
nsCOMPtr<nsIDateTimeFormat> dateFormatter =
do_CreateInstance(kDateTimeFormatCID, &rv);
if (NS_FAILED(rv)) return rv;
nsAutoString date;
PRExplodedTime explodedTime;
PR_ExplodeTime(mNotAfter, PR_GMTParameters, &explodedTime);
dateFormatter->FormatPRExplodedTime(nsnull, kDateFormatShort, kTimeFormatSecondsForce24Hour,
&explodedTime, date);
*aNotAfterGMT = ToNewUnicode(date);
return NS_OK;
}

60
security/manager/ssl/src/nsNSSCertValidity.h Normal file
Просмотреть файл

@ -0,0 +1,60 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#ifndef _NSX509CERTVALIDITY_H_
#define _NSX509CERTVALIDITY_H_
#include "nsIX509CertValidity.h"
#include "certt.h"
class nsX509CertValidity : public nsIX509CertValidity
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIX509CERTVALIDITY
nsX509CertValidity();
nsX509CertValidity(CERTCertificate *cert);
virtual ~nsX509CertValidity();
/* additional members */
private:
PRTime mNotBefore, mNotAfter;
PRBool mTimesInitialized;
};
#endif

3465
security/manager/ssl/src/nsNSSCertificate.cpp
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

107
security/manager/ssl/src/nsNSSCertificate.h
Просмотреть файл

@ -39,26 +39,22 @@
#include "nsIX509Cert.h"
#include "nsIX509CertDB.h"
#include "nsIASN1Object.h"
#include "nsISMimeCert.h"
/* private NSS defines used by PSM */
/* (must be declated before cert.h) */
#define CERT_NewTempCertificate __CERT_NewTempCertificate
#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm
#include "prtypes.h"
#include "cert.h"
#include "secitem.h"
#include "nsString.h"
#include "nsNSSCertHeader.h"
class nsINSSComponent;
class nsIASN1Sequence;
/* Certificate */
class nsNSSCertificate : public nsIX509Cert
class nsNSSCertificate : public nsIX509Cert,
public nsISMimeCert
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIX509CERT
NS_DECL_NSISMIMECERT
nsNSSCertificate(CERTCertificate *cert);
/* from a request? */
@ -83,88 +79,17 @@ private:
nsresult GetSortableDate(PRTime aTime, PRUnichar **_aSortableDate);
};
/* Header file */
#define CRL_AUTOUPDATE_TIMIINGTYPE_PREF "security.crl.autoupdate.timingType"
#define CRL_AUTOUPDATE_TIME_PREF "security.crl.autoupdate.nextInstant"
#define CRL_AUTOUPDATE_URL_PREF "security.crl.autoupdate.url"
#define CRL_AUTOUPDATE_DAYCNT_PREF "security.crl.autoupdate.dayCnt"
#define CRL_AUTOUPDATE_FREQCNT_PREF "security.crl.autoupdate.freqCnt"
#define CRL_AUTOUPDATE_ERRCNT_PREF "security.crl.autoupdate.errCount"
#define CRL_AUTOUPDATE_ERRDETAIL_PREF "security.crl.autoupdate.errDetail"
#define CRL_AUTOUPDATE_ENABLED_PREF "security.crl.autoupdate.enable."
#define CRL_AUTOUPDATE_DEFAULT_DELAY 30000UL
class nsCrlEntry : public nsICrlEntry
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICRLENTRY
#define NS_NSS_LONG 4
#define NS_NSS_GET_LONG(x) ((((unsigned long)((x)[0])) << 24) | \
(((unsigned long)((x)[1])) << 16) | \
(((unsigned long)((x)[2])) << 8) | \
((unsigned long)((x)[3])) )
#define NS_NSS_PUT_LONG(src,dest) (dest)[0] = (((src) >> 24) & 0xff); \
(dest)[1] = (((src) >> 16) & 0xff); \
(dest)[2] = (((src) >> 8) & 0xff); \
(dest)[3] = ((src) & 0xff);
nsCrlEntry();
nsCrlEntry(CERTSignedCrl *);
nsCrlEntry(const PRUnichar*, const PRUnichar*, const PRUnichar*, const PRUnichar*, PRTime, PRTime, const PRUnichar*, const PRUnichar*);
virtual ~nsCrlEntry();
/* additional members */
private:
nsString mOrg;
nsString mOrgUnit;
nsString mLastUpdateLocale;
nsString mNextUpdateLocale;
PRTime mLastUpdate;
PRTime mNextUpdate;
nsString mNameInDb;
nsString mLastFetchURL;
nsString mNextAutoUpdateDate;
};
class nsNSSCertCache : public nsINSSCertCache
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSINSSCERTCACHE
nsNSSCertCache();
virtual ~nsNSSCertCache();
private:
PRLock *mutex;
CERTCertList *mCertList;
};
class nsNSSCertificateDB : public nsIX509CertDB
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIX509CERTDB
nsNSSCertificateDB();
virtual ~nsNSSCertificateDB();
static PRUint32 getCertType(CERTCertificate *cert);
private:
void getCertNames(CERTCertList *certList,
PRUint32 type,
PRUint32 *_count,
PRUnichar ***_certNameList);
CERTDERCerts *getCertsFromPackage(PRArenaPool *arena, char *data,
PRUint32 length);
nsresult handleCACertDownload(nsISupportsArray *x509Certs,
nsIInterfaceRequestor *ctx);
PRBool GetCertsByTypeFromCertList(CERTCertList *aCertList,
PRUint32 aType,
nsCertCompareFunc aCertCmpFn,
void *aCertCmpFnArg,
nsISupportsArray **_certs);
};
// Use this function to generate a default nickname for a user
// certificate that is to be imported onto a token.
char *
default_nickname(CERTCertificate *cert, nsIInterfaceRequestor* ctx);
#endif /* _NS_NSSCERTIFICATE_H_ */

1386
security/manager/ssl/src/nsNSSCertificateDB.cpp Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

72
security/manager/ssl/src/nsNSSCertificateDB.h Normal file
Просмотреть файл

@ -0,0 +1,72 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#ifndef __NSNSSCERTIFICATEDB_H__
#define __NSNSSCERTIFICATEDB_H__
#include "nsIX509CertDB.h"
#include "nsNSSCertHeader.h"
class nsNSSCertificateDB : public nsIX509CertDB
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIX509CERTDB
nsNSSCertificateDB();
virtual ~nsNSSCertificateDB();
// Use this function to generate a default nickname for a user
// certificate that is to be imported onto a token.
static char *
default_nickname(CERTCertificate *cert, nsIInterfaceRequestor* ctx);
private:
void getCertNames(CERTCertList *certList,
PRUint32 type,
PRUint32 *_count,
PRUnichar ***_certNameList);
CERTDERCerts *getCertsFromPackage(PRArenaPool *arena, PRUint8 *data,
PRUint32 length);
nsresult handleCACertDownload(nsISupportsArray *x509Certs,
nsIInterfaceRequestor *ctx);
};
#endif

42
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -38,7 +38,6 @@
#include "nsCURILoader.h"
#include "nsDirectoryServiceDefs.h"
#include "nsIProxyObjectManager.h"
#include "nsINSSDialogs.h"
#include "nsIX509Cert.h"
#include "nsIX509CertDB.h"
#include "nsIProfileChangeStatus.h"
@ -54,6 +53,7 @@
#include "nsIRunnable.h"
#include "plevent.h"
#include "nsCRT.h"
#include "nsCRLInfo.h"
#include "nsIWindowWatcher.h"
#include "nsIPrompt.h"
@ -68,6 +68,8 @@
#include "nsIBufEntropyCollector.h"
#include "nsIServiceManager.h"
#include "nsILocalFile.h"
#include "nsITokenPasswordDialogs.h"
#include "nsICRLManager.h"
#include "nss.h"
#include "pk11func.h"
@ -1544,17 +1546,15 @@ NS_IMETHODIMP PipUIContext::GetInterface(const nsIID & uuid, void * *result)
return rv;
}
static const char *kNSSDialogsContractId = NS_NSSDIALOGS_CONTRACTID;
nsresult
getNSSDialogs(void **_result, REFNSIID aIID)
getNSSDialogs(void **_result, REFNSIID aIID, const char *contract)
{
nsresult rv;
nsCOMPtr<nsISupports> result;
nsCOMPtr<nsISupports> proxiedResult;
rv = nsServiceManager::GetService(kNSSDialogsContractId,
NS_GET_IID(nsINSSDialogs),
rv = nsServiceManager::GetService(contract,
aIID,
getter_AddRefs(result));
if (NS_FAILED(rv))
return rv;
@ -1587,7 +1587,8 @@ setPassword(PK11SlotInfo *slot, nsIInterfaceRequestor *ctx)
NS_ConvertUTF8toUCS2 tokenName(PK11_GetTokenName(slot));
rv = getNSSDialogs((void**)&dialogs,
NS_GET_IID(nsITokenPasswordDialogs));
NS_GET_IID(nsITokenPasswordDialogs),
NS_TOKENPASSWORDSDIALOG_CONTRACTID);
if (NS_FAILED(rv)) goto loser;
@ -1702,21 +1703,36 @@ PSMContentDownloader::OnStopRequest(nsIRequest* request,
}
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnStopRequest\n"));
/* this will init NSS if it hasn't happened already */
nsCOMPtr<nsIX509CertDB> certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
nsCOMPtr<nsIX509CertDB> certdb;
nsCOMPtr<nsICRLManager> crlManager;
nsresult rv;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
switch (mType) {
case PSMContentDownloader::X509_CA_CERT:
return certdb->ImportCertificates(mByteData, mBufferOffset, mType, ctx);
case PSMContentDownloader::X509_USER_CERT:
return certdb->ImportUserCertificate(mByteData, mBufferOffset, ctx);
case PSMContentDownloader::X509_EMAIL_CERT:
return certdb->ImportEmailCertificate(mByteData, mBufferOffset, ctx);
certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
break;
case PSMContentDownloader::PKCS7_CRL:
return certdb->ImportCrl(mByteData, mBufferOffset, mURI, SEC_CRL_TYPE, mDoSilentDownload, mCrlAutoDownloadKey.get());
crlManager = do_GetService(NS_CRLMANAGER_CONTRACTID);
default:
break;
}
switch (mType) {
case PSMContentDownloader::X509_CA_CERT:
return certdb->ImportCertificates((PRUint8*)mByteData, mBufferOffset, mType, ctx);
case PSMContentDownloader::X509_USER_CERT:
return certdb->ImportUserCertificate((PRUint8*)mByteData, mBufferOffset, ctx);
case PSMContentDownloader::X509_EMAIL_CERT:
return certdb->ImportEmailCertificate((PRUint8*)mByteData, mBufferOffset, ctx);
case PSMContentDownloader::PKCS7_CRL:
return crlManager->ImportCrl((PRUint8*)mByteData, mBufferOffset, mURI, SEC_CRL_TYPE, mDoSilentDownload, mCrlAutoDownloadKey.get());
default:
rv = NS_ERROR_FAILURE;
break;

2
security/manager/ssl/src/nsNSSHelper.h
Просмотреть файл

@ -61,7 +61,7 @@ public:
//
nsresult
getNSSDialogs(void **_result, REFNSIID aIID);
getNSSDialogs(void **_result, REFNSIID aIID, const char *contract);
extern "C" {
// a "fake" unicode conversion function

11
security/manager/ssl/src/nsNSSIOLayer.cpp
Просмотреть файл

@ -48,11 +48,11 @@
#include "nsIChannel.h"
#include "nsIBadCertListener.h"
#include "nsNSSCertificate.h"
#include "nsINSSDialogs.h"
#include "nsIProxyObjectManager.h"
#include "nsProxiedService.h"
#include "nsIDateTimeFormat.h"
#include "nsDateTimeFormatCID.h"
#include "nsIClientAuthDialogs.h"
#include "nsXPIDLString.h"
#include "nsReadableUtils.h"
@ -1228,10 +1228,11 @@ nsContinueDespiteCertError(nsNSSSocketInfo *infoObject,
if (!nssCert)
return PR_FALSE;
rv = getNSSDialogs((void**)&badCertHandler,
NS_GET_IID(nsIBadCertListener));
NS_GET_IID(nsIBadCertListener),
NS_BADCERTLISTENER_CONTRACTID);
if (NS_FAILED(rv))
return PR_FALSE;
nsITransportSecurityInfo *csi = NS_STATIC_CAST(nsITransportSecurityInfo*,
nsIInterfaceRequestor *csi = NS_STATIC_CAST(nsIInterfaceRequestor*,
infoObject);
nsIX509Cert *callBackCert = NS_STATIC_CAST(nsIX509Cert*, nssCert);
CERTCertificate *peerCert = nssCert->GetCert();
@ -2018,7 +2019,9 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
}
/* Throw up the client auth dialog and get back the index of the selected cert */
rv = getNSSDialogs((void**)&dialogs, NS_GET_IID(nsIClientAuthDialogs));
rv = getNSSDialogs((void**)&dialogs,
NS_GET_IID(nsIClientAuthDialogs),
NS_CLIENTAUTHDIALOGS_CONTRACTID);
if (NS_FAILED(rv)) goto loser;

13
security/manager/ssl/src/nsNSSModule.cpp
Просмотреть файл

@ -36,16 +36,19 @@
#include "nsPK11TokenDB.h"
#include "nsPKCS11Slot.h"
#include "nsNSSCertificate.h"
#include "nsNSSCertificateDB.h"
#include "nsNSSCertCache.h"
#include "nsCMS.h"
#include "nsCertTree.h"
#include "nsCrypto.h"
//For the NS_CRYPTO_CONTRACTID define
#include "nsDOMCID.h"
#include "nsCMSSecureMessage.h"
#include "nsCMS.h"
#include "nsCertPicker.h"
#include "nsCURILoader.h"
#include "nsICategoryManager.h"
#include "nsCRLManager.h"
// We must ensure that the nsNSSComponent has been loaded before
// creating any other components.
@ -156,6 +159,7 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSEncoder)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSMessage)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsHash)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCertPicker)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCRLManager)
static NS_METHOD RegisterPSMContentListeners(
nsIComponentManager *aCompMgr,
@ -348,6 +352,13 @@ static const nsModuleComponentInfo components[] =
"@mozilla.org/uriloader/psm-external-content-listener;1",
PSMContentListenerConstructor,
RegisterPSMContentListeners
},
{
"PSM CRL Manager",
NS_CRLMANAGER_CID,
NS_CRLMANAGER_CONTRACTID,
nsCRLManagerConstructor
}
};

159
security/manager/ssl/src/nsOCSPResponder.cpp Normal file
Просмотреть файл

@ -0,0 +1,159 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#include "nsOCSPResponder.h"
#include "nsCOMPtr.h"
#include "nsIDateTimeFormat.h"
#include "nsDateTimeFormatCID.h"
#include "nsComponentManagerUtils.h"
#include "nsReadableUtils.h"
#include "certdb.h"
/* Implementation file */
NS_IMPL_ISUPPORTS1(nsOCSPResponder, nsIOCSPResponder)
nsOCSPResponder::nsOCSPResponder()
{
NS_INIT_ISUPPORTS();
/* member initializers and constructor code */
}
nsOCSPResponder::nsOCSPResponder(const PRUnichar * aCA, const PRUnichar * aURL)
{
NS_INIT_ISUPPORTS();
mCA.Assign(aCA);
mURL.Assign(aURL);
}
nsOCSPResponder::~nsOCSPResponder()
{
/* destructor code */
}
/* readonly attribute */
NS_IMETHODIMP nsOCSPResponder::GetResponseSigner(PRUnichar** aCA)
{
NS_ENSURE_ARG(aCA);
*aCA = ToNewUnicode(mCA);
return NS_OK;
}
/* readonly attribute */
NS_IMETHODIMP nsOCSPResponder::GetServiceURL(PRUnichar** aURL)
{
NS_ENSURE_ARG(aURL);
*aURL = ToNewUnicode(mURL);
return NS_OK;
}
PRBool nsOCSPResponder::IncludeCert(CERTCertificate *aCert)
{
CERTCertTrust *trust;
char *nickname;
trust = aCert->trust;
nickname = aCert->nickname;
PR_ASSERT(trust != nsnull);
// Check that trust is non-null //
if (trust == nsnull) {
return PR_FALSE;
}
if ( ( ( trust->sslFlags & CERTDB_INVISIBLE_CA ) ||
(trust->emailFlags & CERTDB_INVISIBLE_CA ) ||
(trust->objectSigningFlags & CERTDB_INVISIBLE_CA ) ) ||
nickname == NULL) {
return PR_FALSE;
}
if ((trust->sslFlags & CERTDB_VALID_CA) ||
(trust->emailFlags & CERTDB_VALID_CA) ||
(trust->objectSigningFlags & CERTDB_VALID_CA)) {
return PR_TRUE;
}
return PR_FALSE;
}
// CmpByCAName
//
// Compare two responders their token name. Returns -1, 0, 1 as
// in strcmp. No token name (null) is treated as >.
PRInt32 nsOCSPResponder::CmpCAName(nsIOCSPResponder *a, nsIOCSPResponder *b)
{
PRInt32 cmp1;
nsXPIDLString aTok, bTok;
a->GetResponseSigner(getter_Copies(aTok));
b->GetResponseSigner(getter_Copies(bTok));
if (aTok != nsnull && bTok != nsnull) {
cmp1 = Compare(aTok, bTok);
} else {
cmp1 = (aTok == nsnull) ? 1 : -1;
}
return cmp1;
}
// ocsp_compare_entries
//
// Compare two responders. Returns -1, 0, 1 as
// in strcmp. Entries with urls come before those without urls.
PRInt32 nsOCSPResponder::CompareEntries(nsIOCSPResponder *a, nsIOCSPResponder *b)
{
nsXPIDLString aURL, bURL;
nsAutoString aURLAuto, bURLAuto;
a->GetServiceURL(getter_Copies(aURL));
aURLAuto.Assign(aURL);
b->GetServiceURL(getter_Copies(bURL));
bURLAuto.Assign(bURL);
if (aURLAuto.Length() > 0 ) {
if (bURLAuto.Length() > 0) {
return nsOCSPResponder::CmpCAName(a, b);
} else {
return -1;
}
} else {
if (bURLAuto.Length() > 0) {
return 1;
} else {
return nsOCSPResponder::CmpCAName(a, b);
}
}
}

63
security/manager/ssl/src/nsOCSPResponder.h Normal file
Просмотреть файл

@ -0,0 +1,63 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#ifndef __NSOCSPRESPONDER_H__
#define __NSOCSPRESPONDER_H__
#include "nsIOCSPResponder.h"
#include "nsString.h"
#include "certt.h"
class nsOCSPResponder : public nsIOCSPResponder
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIOCSPRESPONDER
nsOCSPResponder();
nsOCSPResponder(const PRUnichar*, const PRUnichar*);
virtual ~nsOCSPResponder();
/* additional members */
static PRInt32 CmpCAName(nsIOCSPResponder *a, nsIOCSPResponder *b);
static PRInt32 CompareEntries(nsIOCSPResponder *a, nsIOCSPResponder *b);
static PRBool IncludeCert(CERTCertificate *aCert);
private:
nsString mCA;
nsString mURL;
};
#endif

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше