From d05124301e9df593d27d2d2043323871fbcb8a6b Mon Sep 17 00:00:00 2001
From: "javi%netscape.com" <javi%netscape.com>
Date: Thu, 27 Apr 2000 01:08:19 +0000
Subject: [PATCH] Only add the hot link on cert windows if the target for the
 HTTP request is a certificate resource.

---
 security/psm/server/certres.c | 26 +++++++++++++++++++-------
 security/psm/server/oldfunc.c |  2 +-
 security/psm/server/ssldlgs.c |  8 +++++---
 security/psm/server/ssldlgs.h |  2 +-
 4 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/security/psm/server/certres.c b/security/psm/server/certres.c
index 1d711f0effb4..6d25744b1f1f 100644
--- a/security/psm/server/certres.c
+++ b/security/psm/server/certres.c
@@ -1965,7 +1965,7 @@ SSM_ViewCertInfoKeywordHandler(SSMTextGenContext * cx)
   style = (char *) SSM_At(cx->m_params, STYLE_PARAM);
   PR_FREEIF(cx->m_result);
   if (!strcmp(style, "pretty")) 
-    rv = SSM_PrettyFormatCert(cert, pattern, &cx->m_result);
+    rv = SSM_PrettyFormatCert(cert, pattern, &cx->m_result, PR_TRUE);
   else
     rv = SSM_FormatCert(cert, pattern, &cx->m_result);
   goto done;
@@ -2598,15 +2598,25 @@ SSMStatus
 SSM_MakeUniqueNameForIssuerWindow(SSMTextGenContext *cx)
 {
   SSMResourceCert *certres;
-  CERTCertificate *issuer;
+  CERTCertificate *issuer, *serverCert;
   char *certHex=NULL, *issuerHex=NULL;
+  SSMSSLDataConnection *sslConn;
 
-  if (!SSM_IsAKindOf(cx->m_request->target, SSM_RESTYPE_CERTIFICATE)) {
-    return SSM_FAILURE;
+  if (SSM_IsAKindOf(cx->m_request->target, SSM_RESTYPE_CERTIFICATE)) {
+      certres = (SSMResourceCert*)cx->m_request->target;
+      serverCert = certres->cert;
+  } else if (SSM_IsAKindOf(cx->m_request->target, 
+			   SSM_RESTYPE_SSL_DATA_CONNECTION)) {
+      sslConn = (SSMSSLDataConnection*)cx->m_request->target;
+      serverCert = SSL_PeerCertificate(sslConn->socketSSL);
+      if (serverCert == NULL) {
+	goto loser;
+      }
+  } else {
+      goto loser;
   }
-  certres = (SSMResourceCert*)cx->m_request->target;
-  issuer = CERT_FindCertIssuer(certres->cert,PR_Now(),certUsageAnyCA);
-  certHex = CERT_Hexify(&certres->cert->serialNumber,0);
+  issuer = CERT_FindCertIssuer(serverCert,PR_Now(),certUsageAnyCA);
+  certHex = CERT_Hexify(&serverCert->serialNumber,0);
   if (issuer != NULL) {
     issuerHex = CERT_Hexify(&issuer->serialNumber,0);
     CERT_DestroyCertificate(issuer);
@@ -2616,6 +2626,8 @@ SSM_MakeUniqueNameForIssuerWindow(SSMTextGenContext *cx)
   PR_FREEIF(issuerHex);
   PR_Free(certHex);
   return SSM_SUCCESS;
+ loser:
+  return SSM_FAILURE;
 }
 
 SSMStatus 
diff --git a/security/psm/server/oldfunc.c b/security/psm/server/oldfunc.c
index cd3e74805712..744c088776aa 100644
--- a/security/psm/server/oldfunc.c
+++ b/security/psm/server/oldfunc.c
@@ -1295,7 +1295,7 @@ SSMStatus SSM_CACertKeywordHandler(SSMTextGenContext* cx)
   style = (char *) SSM_At(cx->m_params, CERT_FORMAT);
   PR_FREEIF(cx->m_result);
   if (!strcmp(style, "pretty"))
-    rv = SSM_PrettyFormatCert(caCert, pattern, &cx->m_result);
+    rv = SSM_PrettyFormatCert(caCert, pattern, &cx->m_result, PR_FALSE);
   else if (!strcmp(style, "simple"))
     rv = SSM_FormatCert(caCert, pattern, &cx->m_result);
   else {
diff --git a/security/psm/server/ssldlgs.c b/security/psm/server/ssldlgs.c
index 8fb2bc908dea..24f5941e3815 100644
--- a/security/psm/server/ssldlgs.c
+++ b/security/psm/server/ssldlgs.c
@@ -229,7 +229,8 @@ SSMStatus SSM_ServerCertKeywordHandler(SSMTextGenContext* cx)
     if (formatKey[0] ==  's') {
         rv = SSM_FormatCert(serverCert, pattern, &cx->m_result);
     } else if (formatKey[0] == 'p') {
-        rv = SSM_PrettyFormatCert(serverCert, pattern, &cx->m_result);
+        rv = SSM_PrettyFormatCert(serverCert, pattern, 
+                                  &cx->m_result, PR_FALSE);
     } else {
         SSM_DEBUG("cannot understand the format key.\n");
         rv = SSM_FAILURE;
@@ -1223,7 +1224,7 @@ loser:
 }
 
 SSMStatus SSM_PrettyFormatCert(CERTCertificate* cert, char* fmt, 
-                               char** result)
+                               char** result,PRBool addIssuerLink)
 {
     SSMStatus rv = SSM_SUCCESS;
     char * displayName = NULL, *location=NULL, *state = NULL, *country = NULL;
@@ -1276,7 +1277,8 @@ SSMStatus SSM_PrettyFormatCert(CERTCertificate* cert, char* fmt,
         /*
          * Don't add the extra link if this is a self-signed cert.
          */
-        if (CERT_CompareName(&cert->subject, &cert->issuer) != SECEqual) {
+        if (addIssuerLink &&
+            CERT_CompareName(&cert->subject, &cert->issuer) != SECEqual) {
             tmp=PR_smprintf("<a href=\"javascript:openIssuerWindow();\">%s</a>",
                               issuer);
             PR_Free(issuer);
diff --git a/security/psm/server/ssldlgs.h b/security/psm/server/ssldlgs.h
index ff3a74855f53..cdcdf7fedd35 100644
--- a/security/psm/server/ssldlgs.h
+++ b/security/psm/server/ssldlgs.h
@@ -193,7 +193,7 @@ SSMStatus SSM_VerifyServerCertKeywordHandler(SSMTextGenContext* cx);
  *       we also access lots of internal cert fields but can't help it...
  */
 SSMStatus SSM_PrettyFormatCert(CERTCertificate* cert, char* fmt,
-			       char** result);
+			       char** result, PRBool addIssuerLink);
 
 SECStatus SSM_SSLMakeUnknownIssuerDialog(CERTCertificate* cert,
 					 SSMSSLDataConnection* conn);