From 48077de5cc11e9e424285e501d0c195959bd4daf Mon Sep 17 00:00:00 2001 From: Benjamin Smedberg Date: Wed, 27 May 2009 09:09:01 -0400 Subject: [PATCH 1/3] Backed out changeset eea9639048b8, bug 326628 main patch, due to regression bug 494899 --- dom/base/nsDOMClassInfo.cpp | 7 ++ dom/base/nsDOMClassInfoID.h | 1 + dom/base/nsGlobalWindow.cpp | 10 +- dom/base/nsGlobalWindow.h | 2 + dom/interfaces/base/Makefile.in | 1 + .../interfaces/base/nsIDOMPkcs11.idl | 14 +-- security/manager/ssl/public/Makefile.in | 1 - security/manager/ssl/src/nsCrypto.cpp | 100 +++++++++++++++--- security/manager/ssl/src/nsCrypto.h | 6 +- 9 files changed, 115 insertions(+), 27 deletions(-) rename security/manager/ssl/public/nsIPKCS11.idl => dom/interfaces/base/nsIDOMPkcs11.idl (81%) diff --git a/dom/base/nsDOMClassInfo.cpp b/dom/base/nsDOMClassInfo.cpp index 3f5603fe75ba..aac2f9620bf8 100644 --- a/dom/base/nsDOMClassInfo.cpp +++ b/dom/base/nsDOMClassInfo.cpp @@ -332,6 +332,7 @@ #include "nsIDOMXULCommandDispatcher.h" #include "nsIDOMCrypto.h" #include "nsIDOMCRMFObject.h" +#include "nsIDOMPkcs11.h" #include "nsIControllers.h" #include "nsISelection.h" #include "nsIBoxObject.h" @@ -858,6 +859,8 @@ static nsDOMClassInfoData sClassInfoData[] = { DOM_DEFAULT_SCRIPTABLE_FLAGS) NS_DEFINE_CLASSINFO_DATA(CRMFObject, nsDOMGenericSH, DOM_DEFAULT_SCRIPTABLE_FLAGS) + NS_DEFINE_CLASSINFO_DATA(Pkcs11, nsDOMGenericSH, + DOM_DEFAULT_SCRIPTABLE_FLAGS) // DOM Traversal classes NS_DEFINE_CLASSINFO_DATA(TreeWalker, nsDOMGenericSH, @@ -2645,6 +2648,10 @@ nsDOMClassInfo::Init() DOM_CLASSINFO_MAP_ENTRY(nsIDOMCRMFObject) DOM_CLASSINFO_MAP_END + DOM_CLASSINFO_MAP_BEGIN(Pkcs11, nsIDOMPkcs11) + DOM_CLASSINFO_MAP_ENTRY(nsIDOMPkcs11) + DOM_CLASSINFO_MAP_END + DOM_CLASSINFO_MAP_BEGIN_NO_CLASS_IF(XMLStylesheetProcessingInstruction, nsIDOMProcessingInstruction) DOM_CLASSINFO_MAP_ENTRY(nsIDOMProcessingInstruction) DOM_CLASSINFO_MAP_ENTRY(nsIDOMLinkStyle) diff --git a/dom/base/nsDOMClassInfoID.h b/dom/base/nsDOMClassInfoID.h index b3466cd5d8a4..4515e63d0cb1 100644 --- a/dom/base/nsDOMClassInfoID.h +++ b/dom/base/nsDOMClassInfoID.h @@ -189,6 +189,7 @@ enum nsDOMClassInfoID { // Crypto classes eDOMClassInfo_Crypto_id, eDOMClassInfo_CRMFObject_id, + eDOMClassInfo_Pkcs11_id, // DOM Traversal classes eDOMClassInfo_TreeWalker_id, diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp index 632e0c615645..886985ebdefe 100644 --- a/dom/base/nsGlobalWindow.cpp +++ b/dom/base/nsGlobalWindow.cpp @@ -106,6 +106,7 @@ #include "nsIDOMKeyEvent.h" #include "nsIDOMMessageEvent.h" #include "nsIDOMPopupBlockedEvent.h" +#include "nsIDOMPkcs11.h" #include "nsIDOMOfflineResourceList.h" #include "nsIDOMGeoGeolocation.h" #include "nsDOMString.h" @@ -2934,7 +2935,14 @@ nsGlobalWindow::GetCrypto(nsIDOMCrypto** aCrypto) NS_IMETHODIMP nsGlobalWindow::GetPkcs11(nsIDOMPkcs11** aPkcs11) { - *aPkcs11 = nsnull; + FORWARD_TO_OUTER(GetPkcs11, (aPkcs11), NS_ERROR_NOT_INITIALIZED); + + if (!mPkcs11) { + mPkcs11 = do_CreateInstance(kPkcs11ContractID); + } + + NS_IF_ADDREF(*aPkcs11 = mPkcs11); + return NS_OK; } diff --git a/dom/base/nsGlobalWindow.h b/dom/base/nsGlobalWindow.h index e4a7efff5b1e..d1ceaac73940 100644 --- a/dom/base/nsGlobalWindow.h +++ b/dom/base/nsGlobalWindow.h @@ -84,6 +84,7 @@ #include "nsIEventListenerManager.h" #include "nsIDOMDocument.h" #include "nsIDOMCrypto.h" +#include "nsIDOMPkcs11.h" #include "nsIPrincipal.h" #include "nsPluginArray.h" #include "nsMimeTypeArray.h" @@ -707,6 +708,7 @@ protected: nsGlobalWindowObserver* mObserver; nsCOMPtr mCrypto; + nsCOMPtr mPkcs11; nsCOMPtr mLocalStorage; diff --git a/dom/interfaces/base/Makefile.in b/dom/interfaces/base/Makefile.in index ab81e776b42f..76309776cd10 100644 --- a/dom/interfaces/base/Makefile.in +++ b/dom/interfaces/base/Makefile.in @@ -66,6 +66,7 @@ XPIDLSRCS = \ nsIDOMMimeType.idl \ nsIDOMMimeTypeArray.idl \ nsIDOMNavigator.idl \ + nsIDOMPkcs11.idl \ nsIDOMPlugin.idl \ nsIDOMPluginArray.idl \ nsIDOMScreen.idl \ diff --git a/security/manager/ssl/public/nsIPKCS11.idl b/dom/interfaces/base/nsIDOMPkcs11.idl similarity index 81% rename from security/manager/ssl/public/nsIPKCS11.idl rename to dom/interfaces/base/nsIDOMPkcs11.idl index 0d6d13ec51d6..50742fd2a679 100644 --- a/security/manager/ssl/public/nsIPKCS11.idl +++ b/dom/interfaces/base/nsIDOMPkcs11.idl @@ -38,12 +38,12 @@ #include "domstubs.idl" -[scriptable, uuid(bd6dbe50-b902-435e-90a4-4a10b1122440)] -interface nsIPKCS11 : nsISupports +[scriptable, uuid(9fd42950-25e7-11d4-8a7d-006008c844c3)] +interface nsIDOMPkcs11 : nsISupports { - void deleteModule(in DOMString moduleName); - void addModule(in DOMString moduleName, - in DOMString libraryFullPath, - in long cryptoMechanismFlags, - in long cipherFlags); + long deletemodule(in DOMString moduleName); + long addmodule(in DOMString moduleName, + in DOMString libraryFullPath, + in long cryptoMechanismFlags, + in long cipherFlags); }; diff --git a/security/manager/ssl/public/Makefile.in b/security/manager/ssl/public/Makefile.in index fa84d3ac04e3..cf5c97abe74b 100644 --- a/security/manager/ssl/public/Makefile.in +++ b/security/manager/ssl/public/Makefile.in @@ -71,7 +71,6 @@ XPIDLSRCS = \ nsIX509Cert3.idl \ nsIX509CertDB2.idl \ nsIX509CertList.idl \ - nsIPKCS11.idl \ nsIPKCS11Slot.idl \ nsIPK11TokenDB.idl \ nsICertPickDialogs.idl \ diff --git a/security/manager/ssl/src/nsCrypto.cpp b/security/manager/ssl/src/nsCrypto.cpp index 9dd432b0a28b..5e229b5607ca 100644 --- a/security/manager/ssl/src/nsCrypto.cpp +++ b/security/manager/ssl/src/nsCrypto.cpp @@ -251,8 +251,9 @@ NS_IMPL_RELEASE(nsCRMFObject) // QueryInterface implementation for nsPkcs11 NS_INTERFACE_MAP_BEGIN(nsPkcs11) - NS_INTERFACE_MAP_ENTRY(nsIPKCS11) + NS_INTERFACE_MAP_ENTRY(nsIDOMPkcs11) NS_INTERFACE_MAP_ENTRY(nsISupports) + NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO(Pkcs11) NS_INTERFACE_MAP_END NS_IMPL_ADDREF(nsPkcs11) @@ -2944,18 +2945,33 @@ confirm_user(const PRUnichar *message) //Delete a PKCS11 module from the user's profile. NS_IMETHODIMP -nsPkcs11::DeleteModule(const nsAString& aModuleName) +nsPkcs11::Deletemodule(const nsAString& aModuleName, PRInt32* aReturn) { nsNSSShutDownPreventionLock locker; nsresult rv; nsString errorMessage; nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); - if (NS_FAILED(rv)) - return rv; - if (aModuleName.IsEmpty()) { - return NS_ERROR_ILLEGAL_VALUE; + *aReturn = JS_ERR_BAD_MODULE_NAME; + nssComponent->GetPIPNSSBundleString("DelModuleBadName", errorMessage); + alertUser(errorMessage.get()); + return NS_OK; + } + nsString final; + nsAutoString temp; + //Make sure the user knows we're trying to do this. + nssComponent->GetPIPNSSBundleString("DelModuleWarning", final); + final.Append(NS_LITERAL_STRING("\n").get()); + PRUnichar *tempUni = ToNewUnicode(aModuleName); + const PRUnichar *formatStrings[1] = { tempUni }; + rv = nssComponent->PIPBundleFormatStringFromName("AddModuleName", + formatStrings, 1, temp); + nsMemory::Free(tempUni); + final.Append(temp); + if (!confirm_user(final.get())) { + *aReturn = JS_ERR_USER_CANCEL_ACTION; + return NS_OK; } char *modName = ToNewCString(aModuleName); @@ -2967,25 +2983,69 @@ nsPkcs11::DeleteModule(const nsAString& aModuleName) nssComponent->ShutdownSmartCardThread(module); SECMOD_DestroyModule(module); } - rv = NS_OK; + if (modType == SECMOD_EXTERNAL) { + nssComponent->GetPIPNSSBundleString("DelModuleExtSuccess", errorMessage); + *aReturn = JS_OK_DEL_EXTERNAL_MOD; + } else { + nssComponent->GetPIPNSSBundleString("DelModuleIntSuccess", errorMessage); + *aReturn = JS_OK_DEL_INTERNAL_MOD; + } } else { - rv = NS_ERROR_FAILURE; + *aReturn = JS_ERR_DEL_MOD; + nssComponent->GetPIPNSSBundleString("DelModuleError", errorMessage); } - NS_Free(modName); - return rv; + alertUser(errorMessage.get()); + return NS_OK; } //Add a new PKCS11 module to the user's profile. NS_IMETHODIMP -nsPkcs11::AddModule(const nsAString& aModuleName, +nsPkcs11::Addmodule(const nsAString& aModuleName, const nsAString& aLibraryFullPath, PRInt32 aCryptoMechanismFlags, - PRInt32 aCipherFlags) + PRInt32 aCipherFlags, PRInt32* aReturn) { nsNSSShutDownPreventionLock locker; nsresult rv; nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); + nsString final; + nsAutoString temp; + rv = nssComponent->GetPIPNSSBundleString("AddModulePrompt", final); + if (NS_FAILED(rv)) + return rv; + + final.Append(NS_LITERAL_STRING("\n").get()); + + PRUnichar *tempUni = ToNewUnicode(aModuleName); + const PRUnichar *formatStrings[1] = { tempUni }; + rv = nssComponent->PIPBundleFormatStringFromName("AddModuleName", + formatStrings, 1, temp); + nsMemory::Free(tempUni); + + if (NS_FAILED(rv)) + return rv; + + final.Append(temp); + final.Append(NS_LITERAL_STRING("\n").get()); + + tempUni = ToNewUnicode(aLibraryFullPath); + formatStrings[0] = tempUni; + rv = nssComponent->PIPBundleFormatStringFromName("AddModulePath", + formatStrings, 1, temp); + nsMemory::Free(tempUni); + if (NS_FAILED(rv)) + return rv; + + final.Append(temp); + final.Append(NS_LITERAL_STRING("\n").get()); + + if (!confirm_user(final.get())) { + // The user has canceled. So let's return now. + *aReturn = JS_ERR_USER_CANCEL_ACTION; + return NS_OK; + } + char *moduleName = ToNewCString(aModuleName); char *fullPath = ToNewCString(aLibraryFullPath); PRUint32 mechFlags = SECMOD_PubMechFlagstoInternal(aCryptoMechanismFlags); @@ -3007,12 +3067,22 @@ nsPkcs11::AddModule(const nsAString& aModuleName, // what the return value for SEDMOD_AddNewModule is switch (srv) { case SECSuccess: - return NS_OK; + nssComponent->GetPIPNSSBundleString("AddModuleSuccess", final); + *aReturn = JS_OK_ADD_MOD; + break; case SECFailure: + nssComponent->GetPIPNSSBundleString("AddModuleFailure", final); + *aReturn = JS_ERR_ADD_MOD; + break; case -2: + nssComponent->GetPIPNSSBundleString("AddModuleDup", final); + *aReturn = JS_ERR_ADD_DUPLICATE_MOD; + break; + default: + NS_ASSERTION(0,"Bogus return value, this should never happen"); return NS_ERROR_FAILURE; } - NS_ASSERTION(0,"Bogus return value, this should never happen"); - return NS_ERROR_FAILURE; + alertUser(final.get()); + return NS_OK; } diff --git a/security/manager/ssl/src/nsCrypto.h b/security/manager/ssl/src/nsCrypto.h index 880822efdeca..23cc4a1e6e73 100644 --- a/security/manager/ssl/src/nsCrypto.h +++ b/security/manager/ssl/src/nsCrypto.h @@ -41,7 +41,7 @@ #include "nsCOMPtr.h" #include "nsIDOMCRMFObject.h" #include "nsIDOMCrypto.h" -#include "nsIPKCS11.h" +#include "nsIDOMPkcs11.h" #include "nsIRunnable.h" #include "nsString.h" #include "jsapi.h" @@ -95,14 +95,14 @@ private: PRBool mEnableSmartCardEvents; }; -class nsPkcs11 : public nsIPKCS11 +class nsPkcs11 : public nsIDOMPkcs11 { public: nsPkcs11(); virtual ~nsPkcs11(); NS_DECL_ISUPPORTS - NS_DECL_NSIPKCS11 + NS_DECL_NSIDOMPKCS11 }; From a31014ab46011123d3a7563e3536c39f515c827d Mon Sep 17 00:00:00 2001 From: Benjamin Smedberg Date: Wed, 27 May 2009 09:10:04 -0400 Subject: [PATCH 2/3] Backed out changeset 1aaacee9b2d0, bug 326628 string removal due to regression bug 494899 --- .../locales/en-US/chrome/pipnss/pipnss.properties | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties index 6cefe3c97d81..12e8af2c1eaf 100755 --- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties +++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties @@ -316,6 +316,17 @@ PKCS12UnknownErrBackup=Failed to create the PKCS #12 backup file for unknown rea PKCS12UnknownErr=The PKCS #12 operation failed for unknown reasons. PKCS12InfoNoSmartcardBackup=It is not possible to back up certificates from a hardware security device such as a smart card. PKCS12DupData=The certificate and private key already exist on the security device. +AddModulePrompt=Are you sure you want to install this security module? +AddModuleName=Module Name: %S +AddModulePath=Path: %S +AddModuleSuccess=A new security module has been installed +AddModuleFailure=Unable to add module +AddModuleDup=Security Module already exists +DelModuleBadName=Invalid module name. +DelModuleWarning=Are you sure you want to delete this security module? +DelModuleError=Unable to delete module +DelModuleIntSuccess=Internal security module successfully deleted +DelModuleExtSuccess=External security module successfully deleted ForcedBackup1=You should make a password-protected backup copy of your new security certificate and its associated private key. ForcedBackup2=If you ever lose access to your private key by forgetting your personal security password, or by experiencing file corruption, you can restore this private key and certificate from this backup copy. ForcedBackup3=To make a copy, click OK. If possible, you should save your backup copy on a floppy disk that you keep in a safe location. From 8b7376843cabc94953b4c832a86e612178aaabee Mon Sep 17 00:00:00 2001 From: Benjamin Smedberg Date: Wed, 27 May 2009 09:12:28 -0400 Subject: [PATCH 3/3] Backed out changeset c41b9f3a9d83 - bug 487980 due to backing out 326628, due to regression bug 494899 --- dom/base/nsGlobalWindow.cpp | 8 ++++++++ dom/interfaces/base/domstubs.idl | 1 + dom/interfaces/base/nsIDOMWindowInternal.idl | 3 ++- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp index e5b65cab2a8b..073cd742d738 100644 --- a/dom/base/nsGlobalWindow.cpp +++ b/dom/base/nsGlobalWindow.cpp @@ -346,6 +346,7 @@ static NS_DEFINE_CID(kXULControllersCID, NS_XULCONTROLLERS_CID); static const char sJSStackContractID[] = "@mozilla.org/js/xpc/ContextStack;1"; static const char kCryptoContractID[] = NS_CRYPTO_CONTRACTID; +static const char kPkcs11ContractID[] = NS_PKCS11_CONTRACTID; static PRBool IsAboutBlank(nsIURI* aURI) @@ -2930,6 +2931,13 @@ nsGlobalWindow::GetCrypto(nsIDOMCrypto** aCrypto) return NS_OK; } +NS_IMETHODIMP +nsGlobalWindow::GetPkcs11(nsIDOMPkcs11** aPkcs11) +{ + *aPkcs11 = nsnull; + return NS_OK; +} + NS_IMETHODIMP nsGlobalWindow::GetControllers(nsIControllers** aResult) { diff --git a/dom/interfaces/base/domstubs.idl b/dom/interfaces/base/domstubs.idl index 6bbd99ade3ee..a09e1534654a 100644 --- a/dom/interfaces/base/domstubs.idl +++ b/dom/interfaces/base/domstubs.idl @@ -126,4 +126,5 @@ interface nsIDOMRange; // Crypto interface nsIDOMCRMFObject; interface nsIDOMCrypto; +interface nsIDOMPkcs11; diff --git a/dom/interfaces/base/nsIDOMWindowInternal.idl b/dom/interfaces/base/nsIDOMWindowInternal.idl index 339a83af7385..ceeedf678e5c 100644 --- a/dom/interfaces/base/nsIDOMWindowInternal.idl +++ b/dom/interfaces/base/nsIDOMWindowInternal.idl @@ -44,7 +44,7 @@ interface nsIControllers; interface nsIDOMLocation; interface nsIVariant; -[scriptable, uuid(5c5ece60-d5f1-47fa-9afa-ee3b9c76b0e5)] +[scriptable, uuid(3414EBC7-731F-4697-9F43-ACA6F5050875)] interface nsIDOMWindowInternal : nsIDOMWindow2 { readonly attribute nsIDOMWindowInternal window; @@ -81,6 +81,7 @@ interface nsIDOMWindowInternal : nsIDOMWindow2 readonly attribute nsIDOMBarProp directories; readonly attribute boolean closed; readonly attribute nsIDOMCrypto crypto; + readonly attribute nsIDOMPkcs11 pkcs11; // XXX Shouldn't this be in nsIDOMChromeWindow? /* [replaceable] controllers */