зеркало из https://github.com/mozilla/gecko-dev.git
#92131, SSL client authentication,
fixing memory leak, fixing crash, fixing spacing, adding extra space to layout r=javi@netscape.com sr=blizzard@mozilla.org You can reach me at kai.engert@gmx.de
This commit is contained in:
Родитель
638d06a388
Коммит
6d1ce23390
|
@ -57,7 +57,7 @@
|
|||
</menulist>
|
||||
<html>&clientAuthAsk.message3;</html>
|
||||
<textbox readonly="true" id="details" multiline="true"
|
||||
style="height: 10em; width=80em;"/>
|
||||
style="height: 11em; width=80em;"/>
|
||||
</groupbox>
|
||||
<separator/>
|
||||
<hbox>
|
||||
|
|
|
@ -1466,6 +1466,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
char* extracted = NULL;
|
||||
PRIntn keyError = 0; /* used for private key retrieval error */
|
||||
SSM_UserCertChoice certChoice;
|
||||
PRUint32 NumberOfCerts = 0;
|
||||
|
||||
/* do some argument checking */
|
||||
if (socket == NULL || caNames == NULL || pRetCert == NULL ||
|
||||
|
@ -1558,6 +1559,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
|
||||
node = CERT_LIST_NEXT(node);
|
||||
}
|
||||
|
||||
if (cert == NULL) {
|
||||
goto noCert;
|
||||
}
|
||||
|
@ -1574,7 +1576,6 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
PRUnichar **certDetailsList = NULL;
|
||||
PRBool canceled;
|
||||
|
||||
|
||||
/* find all user certs that are valid and for SSL */
|
||||
/* note that we are allowing expired certs in this list */
|
||||
certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
|
||||
|
@ -1604,6 +1605,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
/* filter it further for hostname restriction */
|
||||
node = CERT_LIST_HEAD(certList);
|
||||
while (!CERT_LIST_END(node, certList)) {
|
||||
++NumberOfCerts;
|
||||
#if 0 /* XXX Fix this */
|
||||
if (!CERT_MatchesScopeOfUse(node->cert, conn->hostName,
|
||||
conn->hostIP, conn->port)) {
|
||||
|
@ -1624,10 +1626,13 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
nicknames = CERT_NicknameStringsFromCertList(certList,
|
||||
NICKNAME_EXPIRED_STRING,
|
||||
NICKNAME_NOT_YET_VALID_STRING);
|
||||
|
||||
if (nicknames == NULL) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
NS_ASSERTION(nicknames->numnicknames == NumberOfCerts, "nicknames->numnicknames != NumberOfCerts");
|
||||
|
||||
/* Get the SSL Certificate */
|
||||
serverCert = SSL_PeerCertificate(socket);
|
||||
if (serverCert == NULL) {
|
||||
|
@ -1653,20 +1658,19 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
++i, node = CERT_LIST_NEXT(node)
|
||||
)
|
||||
{
|
||||
nsNSSCertificate *c0 = new nsNSSCertificate(node->cert);
|
||||
nsNSSCertificate *tempCert = new nsNSSCertificate(node->cert);
|
||||
NS_ADDREF(tempCert);
|
||||
|
||||
nsCOMPtr<nsIX509Cert> c1 = c0;
|
||||
nsCOMPtr<nsIX509Cert> x509 = do_QueryInterface(tempCert);
|
||||
|
||||
nsCOMPtr<nsIX509Cert> c2;
|
||||
nsCOMPtr<nsIX509Cert> x509Proxy;
|
||||
proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
|
||||
nsIX509Cert::GetIID(),
|
||||
c1,
|
||||
x509,
|
||||
PROXY_SYNC | PROXY_ALWAYS,
|
||||
getter_AddRefs(c2));
|
||||
|
||||
if (!c2)
|
||||
break;
|
||||
getter_AddRefs(x509Proxy));
|
||||
|
||||
if (x509Proxy) {
|
||||
nsAutoString nickWithSerial;
|
||||
nsAutoString str;
|
||||
nsAutoString info;
|
||||
|
@ -1679,7 +1683,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
str.Append(NS_LITERAL_STRING("\n"));
|
||||
}
|
||||
|
||||
if (NS_SUCCEEDED(c2->GetSubjectName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
||||
if (NS_SUCCEEDED(x509Proxy->GetSubjectName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
||||
str.Append(NS_LITERAL_STRING(" "));
|
||||
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) {
|
||||
str.Append(info);
|
||||
|
@ -1690,7 +1694,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
str.Append(NS_LITERAL_STRING("\n"));
|
||||
}
|
||||
|
||||
if (NS_SUCCEEDED(c2->GetSerialNumber(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
||||
if (NS_SUCCEEDED(x509Proxy->GetSerialNumber(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
||||
str.Append(NS_LITERAL_STRING(" "));
|
||||
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSerialNo").get(), info))) {
|
||||
str.Append(info);
|
||||
|
@ -1710,7 +1714,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
{
|
||||
nsCOMPtr<nsIX509CertValidity> validity;
|
||||
nsCOMPtr<nsIX509CertValidity> originalValidity;
|
||||
rv = c2->GetValidity(getter_AddRefs(originalValidity));
|
||||
rv = x509Proxy->GetValidity(getter_AddRefs(originalValidity));
|
||||
if (NS_SUCCEEDED(rv) && originalValidity) {
|
||||
proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
|
||||
nsIX509CertValidity::GetIID(),
|
||||
|
@ -1750,7 +1754,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
}
|
||||
|
||||
PRUint32 tempInt = 0;
|
||||
if (NS_SUCCEEDED(c2->GetPurposes(&tempInt, &temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
||||
if (NS_SUCCEEDED(x509Proxy->GetPurposes(&tempInt, &temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
||||
str.Append(NS_LITERAL_STRING(" "));
|
||||
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoPurposes").get(), info))) {
|
||||
str.Append(info);
|
||||
|
@ -1766,7 +1770,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
str.Append(NS_LITERAL_STRING("\n"));
|
||||
}
|
||||
|
||||
if (NS_SUCCEEDED(c2->GetIssuerName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
||||
if (NS_SUCCEEDED(x509Proxy->GetIssuerName(&temp1)) && temp1 && nsCharTraits<PRUnichar>::length(temp1)) {
|
||||
str.Append(NS_LITERAL_STRING(" "));
|
||||
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertDumpSubject").get(), info))) {
|
||||
str.Append(info);
|
||||
|
@ -1793,9 +1797,11 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
certDetailsList[i] = str.ToNewUnicode();
|
||||
}
|
||||
|
||||
NS_RELEASE(tempCert);
|
||||
}
|
||||
|
||||
/* Throw up the client auth dialog and get back the index of the selected cert */
|
||||
rv = getNSSDialogs((void**)&dialogs,
|
||||
NS_GET_IID(nsIClientAuthDialogs));
|
||||
rv = getNSSDialogs((void**)&dialogs, NS_GET_IID(nsIClientAuthDialogs));
|
||||
|
||||
if (NS_FAILED(rv)) goto loser;
|
||||
|
||||
|
@ -1817,8 +1823,8 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
|
||||
for (i = 0, node = CERT_LIST_HEAD(certList);
|
||||
!CERT_LIST_END(node, certList);
|
||||
++i, node = CERT_LIST_NEXT(node)
|
||||
) {
|
||||
++i, node = CERT_LIST_NEXT(node)) {
|
||||
|
||||
if (i == selectedIndex) {
|
||||
cert = CERT_DupCertificate(node->cert);
|
||||
break;
|
||||
|
@ -1843,6 +1849,7 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
}
|
||||
}
|
||||
goto done;
|
||||
|
||||
noCert:
|
||||
loser:
|
||||
if (ret == SECSuccess) {
|
||||
|
|
Загрузка…
Ссылка в новой задаче