зеркало из https://github.com/mozilla/gecko-dev.git
#92131, SSL client authentication,
fixing memory leak, fixing crash, fixing spacing, adding extra space to layout r=javi@netscape.com sr=blizzard@mozilla.org You can reach me at kai.engert@gmx.de
This commit is contained in:
Родитель
638d06a388
Коммит
6d1ce23390
|
@ -57,7 +57,7 @@
|
||||||
</menulist>
|
</menulist>
|
||||||
<html>&clientAuthAsk.message3;</html>
|
<html>&clientAuthAsk.message3;</html>
|
||||||
<textbox readonly="true" id="details" multiline="true"
|
<textbox readonly="true" id="details" multiline="true"
|
||||||
style="height: 10em; width=80em;"/>
|
style="height: 11em; width=80em;"/>
|
||||||
</groupbox>
|
</groupbox>
|
||||||
<separator/>
|
<separator/>
|
||||||
<hbox>
|
<hbox>
|
||||||
|
|
|
@ -1466,6 +1466,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
char* extracted = NULL;
|
char* extracted = NULL;
|
||||||
PRIntn keyError = 0; /* used for private key retrieval error */
|
PRIntn keyError = 0; /* used for private key retrieval error */
|
||||||
SSM_UserCertChoice certChoice;
|
SSM_UserCertChoice certChoice;
|
||||||
|
PRUint32 NumberOfCerts = 0;
|
||||||
|
|
||||||
/* do some argument checking */
|
/* do some argument checking */
|
||||||
if (socket == NULL || caNames == NULL || pRetCert == NULL ||
|
if (socket == NULL || caNames == NULL || pRetCert == NULL ||
|
||||||
|
@ -1558,6 +1559,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
|
|
||||||
node = CERT_LIST_NEXT(node);
|
node = CERT_LIST_NEXT(node);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (cert == NULL) {
|
if (cert == NULL) {
|
||||||
goto noCert;
|
goto noCert;
|
||||||
}
|
}
|
||||||
|
@ -1574,7 +1576,6 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
PRUnichar **certDetailsList = NULL;
|
PRUnichar **certDetailsList = NULL;
|
||||||
PRBool canceled;
|
PRBool canceled;
|
||||||
|
|
||||||
|
|
||||||
/* find all user certs that are valid and for SSL */
|
/* find all user certs that are valid and for SSL */
|
||||||
/* note that we are allowing expired certs in this list */
|
/* note that we are allowing expired certs in this list */
|
||||||
certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
|
certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
|
||||||
|
@ -1604,6 +1605,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
/* filter it further for hostname restriction */
|
/* filter it further for hostname restriction */
|
||||||
node = CERT_LIST_HEAD(certList);
|
node = CERT_LIST_HEAD(certList);
|
||||||
while (!CERT_LIST_END(node, certList)) {
|
while (!CERT_LIST_END(node, certList)) {
|
||||||
|
++NumberOfCerts;
|
||||||
#if 0 /* XXX Fix this */
|
#if 0 /* XXX Fix this */
|
||||||
if (!CERT_MatchesScopeOfUse(node->cert, conn->hostName,
|
if (!CERT_MatchesScopeOfUse(node->cert, conn->hostName,
|
||||||
conn->hostIP, conn->port)) {
|
conn->hostIP, conn->port)) {
|
||||||
|
@ -1624,10 +1626,13 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
nicknames = CERT_NicknameStringsFromCertList(certList,
|
nicknames = CERT_NicknameStringsFromCertList(certList,
|
||||||
NICKNAME_EXPIRED_STRING,
|
NICKNAME_EXPIRED_STRING,
|
||||||
NICKNAME_NOT_YET_VALID_STRING);
|
NICKNAME_NOT_YET_VALID_STRING);
|
||||||
|
|
||||||
if (nicknames == NULL) {
|
if (nicknames == NULL) {
|
||||||
goto loser;
|
goto loser;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
NS_ASSERTION(nicknames->numnicknames == NumberOfCerts, "nicknames->numnicknames != NumberOfCerts");
|
||||||
|
|
||||||
/* Get the SSL Certificate */
|
/* Get the SSL Certificate */
|
||||||
serverCert = SSL_PeerCertificate(socket);
|
serverCert = SSL_PeerCertificate(socket);
|
||||||
if (serverCert == NULL) {
|
if (serverCert == NULL) {
|
||||||
|
@ -1653,20 +1658,19 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
++i, node = CERT_LIST_NEXT(node)
|
++i, node = CERT_LIST_NEXT(node)
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
nsNSSCertificate *c0 = new nsNSSCertificate(node->cert);
|
nsNSSCertificate *tempCert = new nsNSSCertificate(node->cert);
|
||||||
|
NS_ADDREF(tempCert);
|
||||||
|
|
||||||
nsCOMPtr<nsIX509Cert> c1 = c0;
|
nsCOMPtr<nsIX509Cert> x509 = do_QueryInterface(tempCert);
|
||||||
|
|
||||||
nsCOMPtr<nsIX509Cert> c2;
|
nsCOMPtr<nsIX509Cert> x509Proxy;
|
||||||
proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
|
proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
|
||||||
nsIX509Cert::GetIID(),
|
nsIX509Cert::GetIID(),
|
||||||
c1,
|
x509,
|
||||||
PROXY_SYNC | PROXY_ALWAYS,
|
PROXY_SYNC | PROXY_ALWAYS,
|
||||||
getter_AddRefs(c2));
|
getter_AddRefs(x509Proxy));
|
||||||
|
|
||||||
if (!c2)
|
|
||||||
break;
|
|
||||||
|
|
||||||
|
if (x509Proxy) {
|
||||||
nsAutoString nickWithSerial;
|
nsAutoString nickWithSerial;
|
||||||
nsAutoString str;
|
nsAutoString str;
|
||||||
nsAutoString info;
|
nsAutoString info;
|
||||||
|
@ -1679,7 +1683,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
str.Append(NS_LITERAL_STRING("\n"));
|
str.Append(NS_LITERAL_STRING("\n"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (NS_SUCCEEDED(c2->GetSubjectName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
if (NS_SUCCEEDED(x509Proxy->GetSubjectName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
||||||
str.Append(NS_LITERAL_STRING(" "));
|
str.Append(NS_LITERAL_STRING(" "));
|
||||||
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) {
|
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) {
|
||||||
str.Append(info);
|
str.Append(info);
|
||||||
|
@ -1690,7 +1694,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
str.Append(NS_LITERAL_STRING("\n"));
|
str.Append(NS_LITERAL_STRING("\n"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (NS_SUCCEEDED(c2->GetSerialNumber(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
if (NS_SUCCEEDED(x509Proxy->GetSerialNumber(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
||||||
str.Append(NS_LITERAL_STRING(" "));
|
str.Append(NS_LITERAL_STRING(" "));
|
||||||
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSerialNo").get(), info))) {
|
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSerialNo").get(), info))) {
|
||||||
str.Append(info);
|
str.Append(info);
|
||||||
|
@ -1710,7 +1714,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
{
|
{
|
||||||
nsCOMPtr<nsIX509CertValidity> validity;
|
nsCOMPtr<nsIX509CertValidity> validity;
|
||||||
nsCOMPtr<nsIX509CertValidity> originalValidity;
|
nsCOMPtr<nsIX509CertValidity> originalValidity;
|
||||||
rv = c2->GetValidity(getter_AddRefs(originalValidity));
|
rv = x509Proxy->GetValidity(getter_AddRefs(originalValidity));
|
||||||
if (NS_SUCCEEDED(rv) && originalValidity) {
|
if (NS_SUCCEEDED(rv) && originalValidity) {
|
||||||
proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
|
proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
|
||||||
nsIX509CertValidity::GetIID(),
|
nsIX509CertValidity::GetIID(),
|
||||||
|
@ -1750,7 +1754,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
}
|
}
|
||||||
|
|
||||||
PRUint32 tempInt = 0;
|
PRUint32 tempInt = 0;
|
||||||
if (NS_SUCCEEDED(c2->GetPurposes(&tempInt, &temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
if (NS_SUCCEEDED(x509Proxy->GetPurposes(&tempInt, &temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
||||||
str.Append(NS_LITERAL_STRING(" "));
|
str.Append(NS_LITERAL_STRING(" "));
|
||||||
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoPurposes").get(), info))) {
|
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoPurposes").get(), info))) {
|
||||||
str.Append(info);
|
str.Append(info);
|
||||||
|
@ -1766,7 +1770,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
str.Append(NS_LITERAL_STRING("\n"));
|
str.Append(NS_LITERAL_STRING("\n"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (NS_SUCCEEDED(c2->GetIssuerName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
if (NS_SUCCEEDED(x509Proxy->GetIssuerName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
||||||
str.Append(NS_LITERAL_STRING(" "));
|
str.Append(NS_LITERAL_STRING(" "));
|
||||||
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) {
|
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) {
|
||||||
str.Append(info);
|
str.Append(info);
|
||||||
|
@ -1793,9 +1797,11 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
certDetailsList[i] = str.ToNewUnicode();
|
certDetailsList[i] = str.ToNewUnicode();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
NS_RELEASE(tempCert);
|
||||||
|
}
|
||||||
|
|
||||||
/* Throw up the client auth dialog and get back the index of the selected cert */
|
/* Throw up the client auth dialog and get back the index of the selected cert */
|
||||||
rv = getNSSDialogs((void**)&dialogs,
|
rv = getNSSDialogs((void**)&dialogs, NS_GET_IID(nsIClientAuthDialogs));
|
||||||
NS_GET_IID(nsIClientAuthDialogs));
|
|
||||||
|
|
||||||
if (NS_FAILED(rv)) goto loser;
|
if (NS_FAILED(rv)) goto loser;
|
||||||
|
|
||||||
|
@ -1817,8 +1823,8 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
|
|
||||||
for (i = 0, node = CERT_LIST_HEAD(certList);
|
for (i = 0, node = CERT_LIST_HEAD(certList);
|
||||||
!CERT_LIST_END(node, certList);
|
!CERT_LIST_END(node, certList);
|
||||||
++i, node = CERT_LIST_NEXT(node)
|
++i, node = CERT_LIST_NEXT(node)) {
|
||||||
) {
|
|
||||||
if (i == selectedIndex) {
|
if (i == selectedIndex) {
|
||||||
cert = CERT_DupCertificate(node->cert);
|
cert = CERT_DupCertificate(node->cert);
|
||||||
break;
|
break;
|
||||||
|
@ -1843,6 +1849,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
noCert:
|
noCert:
|
||||||
loser:
|
loser:
|
||||||
if (ret == SECSuccess) {
|
if (ret == SECSuccess) {
|
||||||
|
|
Загрузка…
Ссылка в новой задаче