mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

#92131, SSL client authentication, 

fixing memory leak, fixing crash, fixing spacing, adding extra space to layout
r=javi@netscape.com sr=blizzard@mozilla.org
You can reach me at kai.engert@gmx.de
This commit is contained in:
kaie%netscape.com 2001-08-17 14:41:01 +00:00
Родитель 638d06a388
Коммит 6d1ce23390
2 изменённых файлов: 390 добавлений и 383 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
security/manager/pki/resources/content/clientauthask.xul
Просмотреть файл

@ -57,7 +57,7 @@
</menulist> </menulist>
<html>&clientAuthAsk.message3;</html> <html>&clientAuthAsk.message3;</html>
<textbox readonly="true" id="details" multiline="true" <textbox readonly="true" id="details" multiline="true"
style="height: 10em; width=80em;"/> style="height: 11em; width=80em;"/>
</groupbox> </groupbox>
<separator/> <separator/>
<hbox> <hbox>

43
security/manager/ssl/src/nsNSSIOLayer.cpp
Просмотреть файл

@ -1466,6 +1466,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
char* extracted = NULL; char* extracted = NULL;
PRIntn keyError = 0; /* used for private key retrieval error */ PRIntn keyError = 0; /* used for private key retrieval error */
SSM_UserCertChoice certChoice; SSM_UserCertChoice certChoice;
PRUint32 NumberOfCerts = 0;
/* do some argument checking */ /* do some argument checking */
if (socket == NULL || caNames == NULL || pRetCert == NULL || if (socket == NULL || caNames == NULL || pRetCert == NULL ||
@ -1558,6 +1559,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
node = CERT_LIST_NEXT(node); node = CERT_LIST_NEXT(node);
} }
if (cert == NULL) { if (cert == NULL) {
goto noCert; goto noCert;
} }
@ -1574,7 +1576,6 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
PRUnichar **certDetailsList = NULL; PRUnichar **certDetailsList = NULL;
PRBool canceled; PRBool canceled;
/* find all user certs that are valid and for SSL */ /* find all user certs that are valid and for SSL */
/* note that we are allowing expired certs in this list */ /* note that we are allowing expired certs in this list */
certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
@ -1604,6 +1605,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
/* filter it further for hostname restriction */ /* filter it further for hostname restriction */
node = CERT_LIST_HEAD(certList); node = CERT_LIST_HEAD(certList);
while (!CERT_LIST_END(node, certList)) { while (!CERT_LIST_END(node, certList)) {
++NumberOfCerts;
#if 0 /* XXX Fix this */ #if 0 /* XXX Fix this */
if (!CERT_MatchesScopeOfUse(node->cert, conn->hostName, if (!CERT_MatchesScopeOfUse(node->cert, conn->hostName,
conn->hostIP, conn->port)) { conn->hostIP, conn->port)) {
@ -1624,10 +1626,13 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
nicknames = CERT_NicknameStringsFromCertList(certList, nicknames = CERT_NicknameStringsFromCertList(certList,
NICKNAME_EXPIRED_STRING, NICKNAME_EXPIRED_STRING,
NICKNAME_NOT_YET_VALID_STRING); NICKNAME_NOT_YET_VALID_STRING);
if (nicknames == NULL) { if (nicknames == NULL) {
goto loser; goto loser;
} }
NS_ASSERTION(nicknames->numnicknames == NumberOfCerts, "nicknames->numnicknames != NumberOfCerts");
/* Get the SSL Certificate */ /* Get the SSL Certificate */
serverCert = SSL_PeerCertificate(socket); serverCert = SSL_PeerCertificate(socket);
if (serverCert == NULL) { if (serverCert == NULL) {
@ -1653,20 +1658,19 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
++i, node = CERT_LIST_NEXT(node) ++i, node = CERT_LIST_NEXT(node)
) )
{ {
nsNSSCertificate *c0 = new nsNSSCertificate(node->cert); nsNSSCertificate *tempCert = new nsNSSCertificate(node->cert);
NS_ADDREF(tempCert);
nsCOMPtr<nsIX509Cert> c1 = c0; nsCOMPtr<nsIX509Cert> x509 = do_QueryInterface(tempCert);
nsCOMPtr<nsIX509Cert> c2; nsCOMPtr<nsIX509Cert> x509Proxy;
proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ, proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
nsIX509Cert::GetIID(), nsIX509Cert::GetIID(),
c1, x509,
PROXY_SYNC | PROXY_ALWAYS, PROXY_SYNC | PROXY_ALWAYS,
getter_AddRefs(c2)); getter_AddRefs(x509Proxy));
if (!c2)
break;
if (x509Proxy) {
nsAutoString nickWithSerial; nsAutoString nickWithSerial;
nsAutoString str; nsAutoString str;
nsAutoString info; nsAutoString info;
@ -1679,7 +1683,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
str.Append(NS_LITERAL_STRING("\n")); str.Append(NS_LITERAL_STRING("\n"));
} }
if (NS_SUCCEEDED(c2->GetSubjectName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) { if (NS_SUCCEEDED(x509Proxy->GetSubjectName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
str.Append(NS_LITERAL_STRING(" ")); str.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) { if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) {
str.Append(info); str.Append(info);
@ -1690,7 +1694,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
str.Append(NS_LITERAL_STRING("\n")); str.Append(NS_LITERAL_STRING("\n"));
} }
if (NS_SUCCEEDED(c2->GetSerialNumber(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) { if (NS_SUCCEEDED(x509Proxy->GetSerialNumber(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
str.Append(NS_LITERAL_STRING(" ")); str.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSerialNo").get(), info))) { if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSerialNo").get(), info))) {
str.Append(info); str.Append(info);
@ -1710,7 +1714,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
{ {
nsCOMPtr<nsIX509CertValidity> validity; nsCOMPtr<nsIX509CertValidity> validity;
nsCOMPtr<nsIX509CertValidity> originalValidity; nsCOMPtr<nsIX509CertValidity> originalValidity;
rv = c2->GetValidity(getter_AddRefs(originalValidity)); rv = x509Proxy->GetValidity(getter_AddRefs(originalValidity));
if (NS_SUCCEEDED(rv) && originalValidity) { if (NS_SUCCEEDED(rv) && originalValidity) {
proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ, proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
nsIX509CertValidity::GetIID(), nsIX509CertValidity::GetIID(),
@ -1750,7 +1754,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
} }
PRUint32 tempInt = 0; PRUint32 tempInt = 0;
if (NS_SUCCEEDED(c2->GetPurposes(&tempInt, &temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) { if (NS_SUCCEEDED(x509Proxy->GetPurposes(&tempInt, &temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
str.Append(NS_LITERAL_STRING(" ")); str.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoPurposes").get(), info))) { if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoPurposes").get(), info))) {
str.Append(info); str.Append(info);
@ -1766,7 +1770,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
str.Append(NS_LITERAL_STRING("\n")); str.Append(NS_LITERAL_STRING("\n"));
} }
if (NS_SUCCEEDED(c2->GetIssuerName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) { if (NS_SUCCEEDED(x509Proxy->GetIssuerName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
str.Append(NS_LITERAL_STRING(" ")); str.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) { if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) {
str.Append(info); str.Append(info);
@ -1793,9 +1797,11 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
certDetailsList[i] = str.ToNewUnicode(); certDetailsList[i] = str.ToNewUnicode();
} }
NS_RELEASE(tempCert);
}
/* Throw up the client auth dialog and get back the index of the selected cert */ /* Throw up the client auth dialog and get back the index of the selected cert */
rv = getNSSDialogs((void**)&dialogs, rv = getNSSDialogs((void**)&dialogs, NS_GET_IID(nsIClientAuthDialogs));
NS_GET_IID(nsIClientAuthDialogs));
if (NS_FAILED(rv)) goto loser; if (NS_FAILED(rv)) goto loser;
@ -1817,8 +1823,8 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
for (i = 0, node = CERT_LIST_HEAD(certList); for (i = 0, node = CERT_LIST_HEAD(certList);
!CERT_LIST_END(node, certList); !CERT_LIST_END(node, certList);
++i, node = CERT_LIST_NEXT(node) ++i, node = CERT_LIST_NEXT(node)) {
) {
if (i == selectedIndex) { if (i == selectedIndex) {
cert = CERT_DupCertificate(node->cert); cert = CERT_DupCertificate(node->cert);
break; break;
@ -1843,6 +1849,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
} }
} }
goto done; goto done;
noCert: noCert:
loser: loser:
if (ret == SECSuccess) { if (ret == SECSuccess) {