bug 119500, PKCS#11 CKF_PROTECTED_AUTHENTICATION_PATH token flag not supported Patch contributed by Petr Kostka r=rrelyea, sr=kengert, a=dsicore Addon Patch to provide dummy implementations for gtk-embedding and camino. r=mark, sr=jst

security/manager/pki/resources/content/protectedAuth.js

@@ -0,0 +1,68 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is
+ * Petr Kostka.
+ * Portions created by the Initial Developer are Copyright (C) 2007
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+function onLoad()
+{
+    protectedAuthThread = window.arguments[0].QueryInterface(Components.interfaces.nsIProtectedAuthThread);
+
+    if (!protectedAuthThread) 
+    {
+        window.close();
+        return;
+    }
+
+    try
+    {
+        var tokenName = protectedAuthThread.getTokenName();
+
+        var tag = document.getElementById("tokenName");
+        tag.setAttribute("value",tokenName);
+
+        setCursor("wait");
+  
+        protectedAuthThread.login(window);
+
+    } catch (exception)
+    {
+        window.close();
+        return;
+    }
+}
+
+function onClose()
+{
+    setCursor("default");
+}

security/manager/pki/resources/content/protectedAuth.xul

@@ -0,0 +1,62 @@
+<!-- ***** BEGIN LICENSE BLOCK *****
+   - Version: MPL 1.1/GPL 2.0/LGPL 2.1
+   -
+   - The contents of this file are subject to the Mozilla Public License Version
+   - 1.1 (the "License"); you may not use this file except in compliance with
+   - the License. You may obtain a copy of the License at
+   - http://www.mozilla.org/MPL/
+   -
+   - Software distributed under the License is distributed on an "AS IS" basis,
+   - WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+   - for the specific language governing rights and limitations under the
+   - License.
+   -
+   - The Original Code is mozilla.org code.
+   -
+   - The Initial Developer of the Original Code is
+   - Petr Kostka.
+   - Portions created by the Initial Developer are Copyright (C) 2007
+   - the Initial Developer. All Rights Reserved.
+   -
+   - Contributor(s):
+   -
+   - Alternatively, the contents of this file may be used under the terms of
+   - either the GNU General Public License Version 2 or later (the "GPL"), or
+   - the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+   - in which case the provisions of the GPL or the LGPL are applicable instead
+   - of those above. If you wish to allow use of your version of this file only
+   - under the terms of either the GPL or the LGPL, and not to allow others to
+   - use your version of this file under the terms of the MPL, indicate your
+   - decision by deleting the provisions above and replace them with the notice
+   - and other provisions required by the LGPL or the GPL. If you do not delete
+   - the provisions above, a recipient may use your version of this file under
+   - the terms of any one of the MPL, the GPL or the LGPL.
+   -
+   - ***** END LICENSE BLOCK ***** -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE window SYSTEM "chrome://pippki/locale/pippki.dtd">
+
+<window
+  id="protectedAuth" title="&protectedAuth.title;"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"      
+  onload="onLoad();"
+  onclose="onClose();"
+>
+<script type="application/x-javascript" src="chrome://global/content/strres.js" />
+<script type="application/x-javascript" src="pippki.js" />
+<script type="application/x-javascript" src="protectedAuth.js" />
+<script type="application/x-javascript" src="chrome://help/content/help.js" />
+
+<vbox style="margin: 5px; max-width: 50em;">
+
+  <description>&protectedAuth.msg;</description>
+
+  <hbox>
+         <description>&protectedAuth.tokenName.label;</description>
+         <description id="tokenName"></description>
+  </hbox>
+
+</vbox>
+</window>

security/manager/ssl/public/nsIProtectedAuthThread.idl

@@ -0,0 +1,68 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is
+ * Petr Kostka.
+ * Portions created by the Initial Developer are Copyright (C) 2007
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "nsISupports.idl"
+#include "nsIDOMWindowInternal.idl"
+
+/**
+ * nsIProtectedAuthThread
+ *  This is used to communicate with the thread login on to 
+ *  a token with CKF_PROTECTED_AUTHENTICATION_PATH set.
+ */
+[scriptable, uuid(45334489-3d30-47c6-920b-0a55a313aebf)]
+interface nsIProtectedAuthThread : nsISupports
+{
+  /**
+   * login - run the thread
+   *   A user interface implementing this interface needs to
+   *   call this method as soon as the message to the user is
+   *   displayed. This will trigger login operation. No user 
+   *   cancellation is possible during login operation.
+   */
+  void login(in nsIDOMWindowInternal dialog);
+
+  /**
+   * Gets token to be logged in name.
+   */
+  wstring getTokenName();
+};
+
+%{ C++
+// {45334489-3D30-47c6-920B-0A55A313AEBF}
+#define NS_PROTECTEDAUTHTHREAD_CID \
+{ 0x45334489, 0x3d30, 0x47c6, { 0x92, 0x0b, 0x0a, 0x55, 0xa3, 0x13, 0xae, 0xbf } }
+#define NS_PROTECTEDAUTHTHREAD_CONTRACTID "@mozilla.org/security/protectedauththread;1"
+%}

security/manager/ssl/src/nsProtectedAuthThread.cpp

@@ -0,0 +1,189 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is
+ * Petr Kostka.
+ * Portions created by the Initial Developer are Copyright (C) 2007
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "pk11func.h"
+#include "nsCOMPtr.h"
+#include "nsProxiedService.h"
+#include "nsString.h"
+#include "nsReadableUtils.h"
+#include "nsProtectedAuthThread.h"
+
+NS_IMPL_THREADSAFE_ISUPPORTS1(nsProtectedAuthThread, nsIProtectedAuthThread)
+
+static void PR_CALLBACK nsProtectedAuthThreadRunner(void *arg)
+{
+    nsProtectedAuthThread *self = static_cast<nsProtectedAuthThread *>(arg);
+    self->Run();
+}
+
+nsProtectedAuthThread::nsProtectedAuthThread()
+: mMutex(nsnull)
+, mStatusDialogPtr(nsnull)
+, mIAmRunning(PR_FALSE)
+, mStatusDialogClosed(PR_FALSE)
+, mLoginReady(PR_FALSE)
+, mThreadHandle(nsnull)
+, mSlot(0)
+, mLoginResult(SECFailure)
+{
+    NS_INIT_ISUPPORTS();
+    mMutex = PR_NewLock();
+}
+
+nsProtectedAuthThread::~nsProtectedAuthThread()
+{
+    if (mMutex)
+        PR_DestroyLock(mMutex);
+
+    if (mStatusDialogPtr)
+    {
+        NS_RELEASE(mStatusDialogPtr);
+    }
+}
+
+NS_IMETHODIMP nsProtectedAuthThread::Login(nsIDOMWindowInternal *statusDialog)
+{
+    if (!mMutex)
+        return NS_ERROR_FAILURE;
+    
+    if (!statusDialog )
+        return NS_ERROR_FAILURE;
+
+    if (!mSlot)
+        // We need pointer to the slot
+        return NS_ERROR_FAILURE;
+    
+    nsCOMPtr<nsIDOMWindowInternal> wi;
+    NS_GetProxyForObject( NS_PROXY_TO_MAIN_THREAD,
+                          nsIDOMWindowInternal::GetIID(),
+                          statusDialog,
+                          NS_PROXY_SYNC | NS_PROXY_ALWAYS,
+                          getter_AddRefs(wi));
+
+    PR_Lock(mMutex);
+    
+    if (mIAmRunning || mLoginReady) {
+        PR_Unlock(mMutex);
+        return NS_OK;
+    }
+
+    mStatusDialogPtr = wi;
+    NS_ADDREF(mStatusDialogPtr);
+    wi = 0;
+    
+    mIAmRunning = PR_TRUE;
+    
+    mThreadHandle = PR_CreateThread(PR_USER_THREAD, nsProtectedAuthThreadRunner, static_cast<void*>(this), 
+        PR_PRIORITY_NORMAL, PR_LOCAL_THREAD, PR_JOINABLE_THREAD, 0);
+    
+    // bool thread_started_ok = (threadHandle != nsnull);
+    // we might want to return "thread started ok" to caller in the future
+    NS_ASSERTION(mThreadHandle, "Could not create nsProtectedAuthThreadRunner thread\n");
+    
+    PR_Unlock(mMutex);
+    
+    return NS_OK;
+}
+
+NS_IMETHODIMP nsProtectedAuthThread::GetTokenName(PRUnichar **_retval)
+{
+    PR_Lock(mMutex);
+
+    // Get token name
+    *_retval = UTF8ToNewUnicode(nsDependentCString(PK11_GetTokenName(mSlot)));
+
+    PR_Unlock(mMutex);
+
+    return NS_OK;
+}
+
+
+void nsProtectedAuthThread::SetParams(PK11SlotInfo* aSlot)
+{
+    PR_Lock(mMutex);
+
+    mSlot = (aSlot) ? PK11_ReferenceSlot(aSlot) : 0;
+    
+    PR_Unlock(mMutex);
+}
+
+SECStatus nsProtectedAuthThread::GetResult()
+{
+    return mLoginResult;
+}
+
+void nsProtectedAuthThread::Run(void)
+{
+    // Login with null password. This call will also do C_Logout() but 
+    // it is harmless here
+    mLoginResult = PK11_CheckUserPassword(mSlot, 0);
+    
+    nsIDOMWindowInternal *windowToClose = 0;
+    
+    PR_Lock(mMutex);
+    
+    mLoginReady = PR_TRUE;
+    mIAmRunning = PR_FALSE;
+
+    // Forget the slot
+    if (mSlot)
+    {
+        PK11_FreeSlot(mSlot);
+        mSlot = 0;
+    }
+    
+    if (!mStatusDialogClosed)
+    {
+        windowToClose = mStatusDialogPtr;
+    }
+        
+    mStatusDialogPtr = 0;
+    mStatusDialogClosed = PR_TRUE;
+    
+    PR_Unlock(mMutex);
+    
+    if (windowToClose)
+        windowToClose->Close();
+}
+
+void nsProtectedAuthThread::Join()
+{
+    if (!mThreadHandle)
+        return;
+    
+    PR_JoinThread(mThreadHandle);
+    mThreadHandle = nsnull;
+}

security/manager/ssl/src/nsProtectedAuthThread.h

@@ -0,0 +1,83 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is
+ * Petr Kostka.
+ * Portions created by the Initial Developer are Copyright (C) 2007
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef NSPROTECTEDAUTHTHREAD_H_
+#define NSPROTECTEDAUTHTHREAD_H_
+
+#include "keyhi.h"
+#include "nspr.h"
+
+#include "nsIProtectedAuthThread.h"
+
+class nsProtectedAuthThread : public nsIProtectedAuthThread
+{
+private:
+    PRLock      *mMutex;
+
+    nsIDOMWindowInternal*   mStatusDialogPtr;
+
+    PRBool      mIAmRunning;
+    PRBool      mStatusDialogClosed;
+    PRBool      mLoginReady;
+
+    PRThread    *mThreadHandle;
+
+    // Slot to do authentication on
+    PK11SlotInfo*   mSlot;
+
+    // Result of the authentication
+    SECStatus       mLoginResult;
+
+public:
+
+    nsProtectedAuthThread();
+    virtual ~nsProtectedAuthThread();
+
+    NS_DECL_ISUPPORTS
+    NS_DECL_NSIPROTECTEDAUTHTHREAD
+
+    // Sets parameters for the thread
+    void SetParams(PK11SlotInfo *slot);
+
+    // Gets result of the protected authentication operation
+    SECStatus GetResult();
+
+    void Join(void);
+
+    void Run(void);
+};
+
+#endif // NSPROTECTEDAUTHTHREAD_H_