Bug 1308888 - Simplify passing handle to the cert to view in the cert viewer. r=keeler

The cert viewer currently supports two ways to pass a handle to the cert: 1. Passing the nickname of the cert via window.name. 2. Via an nsIDialogParamBlock, which is itself accessed through window.arguments. Method 1 is unused and unnecessary. Method 2 is overly complex: the relevant nsIX509Cert can just be passed directly. This patch does the following: 1. Makes it so that there is only a single, straightforward way to pass a handle to the cert. 2. Makes the cert viewer title localisable while we're nearby. 3. Renames viewCertDetails.js to better reflect the current use of the file. MozReview-Commit-ID: pqtfNgvImT --HG-- rename : security/manager/pki/resources/content/viewCertDetails.js => security/manager/pki/resources/content/certViewer.js extra : rebase_source : 776a27111ab26cdcdc91b002890c43a3fe4f48e8
2016-10-21 00:33:36 +08:00 · 2016-10-21 00:33:36 +08:00 · 7658cbf8e1
--- a/security/manager/locales/en-US/chrome/pippki/pippki.properties
+++ b/security/manager/locales/en-US/chrome/pippki/pippki.properties
@ -111,7 +111,9 @@ pageInfo_MixedContent2=Parts of the page you are viewing were not encrypted befo
 pageInfo_WeakCipher=Your connection to this website uses weak encryption and is not private. Other people can view your information or modify the website’s behavior.

 # Cert Viewer
-certDetails=Certificate Viewer:
+# LOCALIZATION NOTE(certViewerTitle): Title used for the Certificate Viewer.
+# %1$S is a string representative of the certificate being viewed.
+certViewerTitle=Certificate Viewer: “%1$S”
 notPresent=<Not Part Of Certificate>

 # Token Manager
--- a/security/manager/pki/nsNSSDialogHelper.h
+++ b/security/manager/pki/nsNSSDialogHelper.h
@ -11,17 +11,28 @@ class mozIDOMWindowProxy;
 class nsISupports;

 /**
- * Common class that uses the window watcher service to open a
- * standard dialog, with or without a parent context. The params
- * parameter can be an nsISupportsArray so any number of additional
- * arguments can be used.
+ * Helper class that uses the window watcher service to open a standard dialog,
+ * with or without a parent context.
 */
 class nsNSSDialogHelper
 {
 public:
-  // params is a nsIDialogParamBlock or a nsIKeygenThread
+  /**
+   * Opens a XUL dialog.
+   *
+   * @param window
+   *        Parent window of the dialog, or nullptr to signal no parent.
+   * @param url
+   *        URL to the XUL dialog.
+   * @param params
+   *        Parameters to pass to the dialog. Same semantics as the
+   *        nsIWindowWatcher.openWindow() |aArguments| parameter.
+   * @param modal
+   *        true if the dialog should be modal, false otherwise.
+   * @return The result of opening the dialog.
+   */
  static nsresult openDialog(mozIDOMWindowProxy* window, const char* url,
                             nsISupports* params, bool modal = true);
 };

-#endif
+#endif // nsNSSDialogHelper_h
--- a/security/manager/pki/nsNSSDialogs.cpp
+++ b/security/manager/pki/nsNSSDialogs.cpp
@ -7,35 +7,28 @@
 /*
 * Dialog services for PIP.
 */
+
+#include "nsNSSDialogs.h"
+
 #include "mozIDOMWindow.h"
 #include "mozilla/Assertions.h"
 #include "mozilla/Casting.h"
 #include "nsArray.h"
-#include "nsDateTimeFormatCID.h"
 #include "nsEmbedCID.h"
-#include "nsIComponentManager.h"
-#include "nsIDateTimeFormat.h"
 #include "nsIDialogParamBlock.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsIInterfaceRequestorUtils.h"
 #include "nsIKeygenThread.h"
 #include "nsIPromptService.h"
 #include "nsIProtectedAuthThread.h"
-#include "nsIServiceManager.h"
 #include "nsIWindowWatcher.h"
 #include "nsIX509CertDB.h"
 #include "nsIX509Cert.h"
-#include "nsIX509CertValidity.h"
 #include "nsNSSDialogHelper.h"
-#include "nsNSSDialogs.h"
-#include "nsPromiseFlatString.h"
-#include "nsReadableUtils.h"
 #include "nsString.h"

 #define PIPSTRING_BUNDLE_URL "chrome://pippki/locale/pippki.properties"

-/* ==== */
-
 nsNSSDialogs::nsNSSDialogs()
 {
 }
@ -329,33 +322,18 @@ nsNSSDialogs::GetPKCS12FilePassword(nsIInterfaceRequestor* ctx,
  return NS_OK;
 }

-NS_IMETHODIMP 
+NS_IMETHODIMP
 nsNSSDialogs::ViewCert(nsIInterfaceRequestor* ctx, nsIX509Cert* cert)
 {
-  nsCOMPtr<nsIMutableArray> dlgArray = nsArrayBase::Create();
-  if (!dlgArray) {
-    return NS_ERROR_FAILURE;
-  }
-  nsresult rv = dlgArray->AppendElement(cert, false);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-  nsCOMPtr<nsIDialogParamBlock> dlgParamBlock(
-    do_CreateInstance(NS_DIALOGPARAMBLOCK_CONTRACTID));
-  if (!dlgParamBlock) {
-    return NS_ERROR_FAILURE;
-  }
-  rv = dlgParamBlock->SetObjects(dlgArray);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
+  // |ctx| is allowed to be null.
+  NS_ENSURE_ARG(cert);

  // Get the parent window for the dialog
  nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(ctx);
  return nsNSSDialogHelper::openDialog(parent,
                                       "chrome://pippki/content/certViewer.xul",
-                                       dlgParamBlock,
-                                       false);
+                                       cert,
+                                       false /*modal*/);
 }

 NS_IMETHODIMP
--- a/security/manager/pki/resources/content/viewCertDetails.js
+++ b/security/manager/pki/resources/content/viewCertDetails.js
@ -3,6 +3,14 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 "use strict";

+/**
+ * @file Implements functionality for certViewer.xul and its tabs certDump.xul
+ *       and viewCertDetails.xul: a dialog that allows various attributes of a
+ *       certificate to be viewed.
+ * @argument {nsISupports} window.arguments[0]
+ *           The cert to view, queryable to nsIX509Cert.
+ */
+
 const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
 const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});

@ -16,7 +24,6 @@ const nsIASN1Sequence = Ci.nsIASN1Sequence;
 const nsIASN1PrintableItem = Ci.nsIASN1PrintableItem;
 const nsIASN1Tree = Ci.nsIASN1Tree;
 const nsASN1Tree = "@mozilla.org/security/nsASN1Tree;1";
-const nsIDialogParamBlock = Ci.nsIDialogParamBlock;

 var bundle;

@ -71,21 +78,11 @@ function AddUsage(usage)

 function setWindowName()
 {
-  //  Get the cert from the cert database
-  var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
-  var myName = self.name;
  bundle = document.getElementById("pippki_bundle");
-  var cert;

-  var certDetails = bundle.getString('certDetails');
-  if (myName != "") {
-    document.title = certDetails + '"' + myName + '"'; // XXX l10n?
-    cert = certdb.findCertByNickname(myName);
-  } else {
-    var params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
-    cert = params.objects.queryElementAt(0, nsIX509Cert);
-    document.title = certDetails + '"' + cert.windowTitle + '"'; // XXX l10n?
-  }
+  let cert = window.arguments[0].QueryInterface(Ci.nsIX509Cert);
+  document.title = bundle.getFormattedString("certViewerTitle",
+                                             [cert.windowTitle]);

  //
  //  Set the cert attributes for viewing
--- a/security/manager/pki/resources/content/certViewer.xul
+++ b/security/manager/pki/resources/content/certViewer.xul
@ -20,7 +20,8 @@

 <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>

-<script type="application/javascript" src="chrome://pippki/content/viewCertDetails.js"/>
+<script type="application/javascript"
+        src="chrome://pippki/content/certViewer.js"/>
 <script type="application/javascript" src="chrome://pippki/content/pippki.js"/>

  <tabbox flex="1">
--- a/security/manager/pki/resources/jar.mn
+++ b/security/manager/pki/resources/jar.mn
@ -24,12 +24,12 @@ pippki.jar:
    content/pippki/exceptionDialog.js        (content/exceptionDialog.js)
    content/pippki/deletecert.xul            (content/deletecert.xul)
    content/pippki/deletecert.js             (content/deletecert.js)
-    content/pippki/viewCertDetails.js        (content/viewCertDetails.js)
    content/pippki/setp12password.xul        (content/setp12password.xul)
    content/pippki/pippki.js                 (content/pippki.js)
    content/pippki/clientauthask.xul	     (content/clientauthask.xul)
    content/pippki/clientauthask.js          (content/clientauthask.js)
    content/pippki/certViewer.xul            (content/certViewer.xul)
+    content/pippki/certViewer.js             (content/certViewer.js)
    content/pippki/certDump.xul              (content/certDump.xul)
    content/pippki/device_manager.xul        (content/device_manager.xul)
    content/pippki/device_manager.js         (content/device_manager.js)
--- a/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
@ -10,42 +10,47 @@

 var { OS } = Cu.import("resource://gre/modules/osfile.jsm", {});

-add_task(function* () {
+add_task(function* testCAandTitle() {
  let cert = yield readCertificate("ca.pem", "CTu,CTu,CTu");
  let win = yield displayCertificate(cert);
  checkUsages(win, ["SSL Certificate Authority"]);
+
+  // There's no real need to test the title for every cert, so we just test it
+  // once here.
+  Assert.equal(win.document.title, "Certificate Viewer: \u201Cca\u201D",
+               "Actual and expected title should match");
  yield BrowserTestUtils.closeWindow(win);
 });

-add_task(function* () {
+add_task(function* testSSLEndEntity() {
  let cert = yield readCertificate("ssl-ee.pem", ",,");
  let win = yield displayCertificate(cert);
  checkUsages(win, ["SSL Server Certificate", "SSL Client Certificate"]);
  yield BrowserTestUtils.closeWindow(win);
 });

-add_task(function* () {
+add_task(function* testEmailEndEntity() {
  let cert = yield readCertificate("email-ee.pem", ",,");
  let win = yield displayCertificate(cert);
  checkUsages(win, ["Email Recipient Certificate", "Email Signer Certificate"]);
  yield BrowserTestUtils.closeWindow(win);
 });

-add_task(function* () {
+add_task(function* testCodeSignEndEntity() {
  let cert = yield readCertificate("code-ee.pem", ",,");
  let win = yield displayCertificate(cert);
  checkUsages(win, ["Object Signer"]);
  yield BrowserTestUtils.closeWindow(win);
 });

-add_task(function* () {
+add_task(function* testExpired() {
  let cert = yield readCertificate("expired-ca.pem", ",,");
  let win = yield displayCertificate(cert);
  checkError(win, "Could not verify this certificate because it has expired.");
  yield BrowserTestUtils.closeWindow(win);
 });

-add_task(function* () {
+add_task(function* testIssuerExpired() {
  let cert = yield readCertificate("ee-from-expired-ca.pem", ",,");
  let win = yield displayCertificate(cert);
  checkError(win,
@ -54,7 +59,7 @@ add_task(function* () {
  yield BrowserTestUtils.closeWindow(win);
 });

-add_task(function* () {
+add_task(function* testUnknownIssuer() {
  let cert = yield readCertificate("unknown-issuer.pem", ",,");
  let win = yield displayCertificate(cert);
  checkError(win,
@ -63,7 +68,7 @@ add_task(function* () {
  yield BrowserTestUtils.closeWindow(win);
 });

-add_task(function* () {
+add_task(function* testInsecureAlgo() {
  let cert = yield readCertificate("md5-ee.pem", ",,");
  let win = yield displayCertificate(cert);
  checkError(win,
@ -73,7 +78,7 @@ add_task(function* () {
  yield BrowserTestUtils.closeWindow(win);
 });

-add_task(function* () {
+add_task(function* testUntrusted() {
  let cert = yield readCertificate("untrusted-ca.pem", "p,p,p");
  let win = yield displayCertificate(cert);
  checkError(win,
@ -81,7 +86,7 @@ add_task(function* () {
  yield BrowserTestUtils.closeWindow(win);
 });

-add_task(function* () {
+add_task(function* testUntrustedIssuer() {
  let cert = yield readCertificate("ee-from-untrusted-ca.pem", ",,");
  let win = yield displayCertificate(cert);
  checkError(win,
@ -90,7 +95,7 @@ add_task(function* () {
  yield BrowserTestUtils.closeWindow(win);
 });

-add_task(function* () {
+add_task(function* testRevoked() {
  // Note that there's currently no way to un-do this. This should only be a
  // problem if another test re-uses a certificate with this same key (perhaps
  // likely) and subject (less likely).
@ -106,7 +111,7 @@ add_task(function* () {
  yield BrowserTestUtils.closeWindow(win);
 });

-add_task(function* () {
+add_task(function* testInvalid() {
  // This certificate has a keyUsage extension asserting cRLSign and
  // keyCertSign, but it doesn't have a basicConstraints extension. This
  // shouldn't be valid for any usage. Sadly, we give a pretty lame error
@ -129,13 +134,8 @@ add_task(function* () {
 *         viewer window when the usages have been determined.
 */
 function displayCertificate(certificate) {
-  let array = Cc["@mozilla.org/array;1"].createInstance(Ci.nsIMutableArray);
-  array.appendElement(certificate, false);
-  let params = Cc["@mozilla.org/embedcomp/dialogparam;1"]
-                 .createInstance(Ci.nsIDialogParamBlock);
-  params.objects = array;
  let win = window.openDialog("chrome://pippki/content/certViewer.xul", "",
-                              "", params);
+                              "", certificate);
  return TestUtils.topicObserved("ViewCertDetails:CertUsagesDone",
                                 (subject, data) => subject == win)
  .then(([subject, data]) => subject, error => { throw error; });