зеркало из https://github.com/mozilla/gecko-dev.git
bug 386654, Implement notification for EV certs r=rrelyea, sr=bzbarsky, a=bzbarsky
This commit is contained in:
Родитель
777eda58b2
Коммит
d9fa93d8b4
|
@ -65,12 +65,14 @@
|
|||
#include "nsPIDOMWindow.h"
|
||||
#include "nsIContent.h"
|
||||
#include "nsIWebProgress.h"
|
||||
#include "nsIWebProgressListener.h"
|
||||
#include "nsIChannel.h"
|
||||
#include "nsIHttpChannel.h"
|
||||
#include "nsIFileChannel.h"
|
||||
#include "nsIWyciwygChannel.h"
|
||||
#include "nsIFTPChannel.h"
|
||||
#include "nsITransportSecurityInfo.h"
|
||||
#include "nsIIdentityInfo.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsISecurityEventSink.h"
|
||||
#include "nsIPrompt.h"
|
||||
|
@ -139,6 +141,7 @@ nsSecureBrowserUIImpl::nsSecureBrowserUIImpl()
|
|||
{
|
||||
mTransferringRequests.ops = nsnull;
|
||||
mNewToplevelSecurityState = STATE_IS_INSECURE;
|
||||
mNewToplevelIsEV = PR_FALSE;
|
||||
mNewToplevelSecurityStateKnown = PR_TRUE;
|
||||
ResetStateTracking();
|
||||
|
||||
|
@ -429,9 +432,10 @@ nsSecureBrowserUIImpl::EvaluateAndUpdateSecurityState(nsIRequest *aRequest)
|
|||
{
|
||||
nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
|
||||
|
||||
if (!channel) {
|
||||
mNewToplevelSecurityState = nsIWebProgressListener::STATE_IS_INSECURE;
|
||||
} else {
|
||||
mNewToplevelSecurityState = nsIWebProgressListener::STATE_IS_INSECURE;
|
||||
mNewToplevelIsEV = PR_FALSE;
|
||||
|
||||
if (channel) {
|
||||
mNewToplevelSecurityState = GetSecurityStateFromChannel(channel);
|
||||
|
||||
PR_LOG(gSecureDocLog, PR_LOG_DEBUG,
|
||||
|
@ -452,6 +456,13 @@ nsSecureBrowserUIImpl::EvaluateAndUpdateSecurityState(nsIRequest *aRequest)
|
|||
if (secInfo) {
|
||||
secInfo->GetShortSecurityDescription(getter_Copies(mInfoTooltip));
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIIdentityInfo> idinfo = do_QueryInterface(info);
|
||||
if (idinfo) {
|
||||
PRBool aTemp;
|
||||
if (NS_SUCCEEDED(idinfo->GetIsExtendedValidation(&aTemp)))
|
||||
mNewToplevelIsEV = aTemp;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1139,6 +1150,9 @@ nsresult nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest* aRequest)
|
|||
("SecureUI:%p: UpdateSecurityState: calling OnSecurityChange\n", this
|
||||
));
|
||||
|
||||
if (mNewToplevelIsEV)
|
||||
newState |= nsIWebProgressListener::STATE_IDENTITY_EV_TOPLEVEL;
|
||||
|
||||
mToplevelEventSink->OnSecurityChange(aRequest, newState);
|
||||
}
|
||||
else
|
||||
|
|
|
@ -110,6 +110,7 @@ protected:
|
|||
|
||||
void ResetStateTracking();
|
||||
PRUint32 mNewToplevelSecurityState;
|
||||
PRPackedBool mNewToplevelIsEV;
|
||||
PRPackedBool mNewToplevelSecurityStateKnown;
|
||||
PRPackedBool mIsViewSource;
|
||||
|
||||
|
|
|
@ -57,6 +57,7 @@ SDK_XPIDLSRCS = \
|
|||
nsIX509Cert.idl \
|
||||
nsIX509CertDB.idl \
|
||||
nsIX509CertValidity.idl \
|
||||
nsIIdentityInfo.idl \
|
||||
$(NULL)
|
||||
|
||||
XPIDLSRCS = \
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is Google Inc.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2006
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Kai Engert <kengert@redhat.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#include "nsISupports.idl"
|
||||
|
||||
[scriptable, uuid(e72546a4-9b57-4766-a3aa-c05cbc7d8156)]
|
||||
interface nsIIdentityInfo : nsISupports
|
||||
{
|
||||
readonly attribute boolean isExtendedValidation;
|
||||
};
|
||||
|
|
@ -95,6 +95,7 @@ CPPSRCS = \
|
|||
nsSmartCardEvent.cpp \
|
||||
nsStreamCipher.cpp \
|
||||
nsKeyModule.cpp \
|
||||
nsIdentityChecking.cpp \
|
||||
$(NULL)
|
||||
|
||||
ifdef MOZ_XUL
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
#include "nsNSSIOLayer.h"
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSSocketInfo::GetIsExtendedValidation(PRBool* aIsEV)
|
||||
{
|
||||
NS_ENSURE_ARG(aIsEV);
|
||||
*aIsEV = PR_FALSE;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
|
@ -843,8 +843,13 @@ void PR_CALLBACK HandshakeCallback(PRFileDesc* fd, void* client_data) {
|
|||
|
||||
CERTCertificate *serverCert = SSL_PeerCertificate(fd);
|
||||
if (serverCert) {
|
||||
status->mServerCert = new nsNSSCertificate(serverCert);
|
||||
nsRefPtr<nsNSSCertificate> nssc = new nsNSSCertificate(serverCert);
|
||||
CERT_DestroyCertificate(serverCert);
|
||||
serverCert = nsnull;
|
||||
infoObject->SetCert(nssc);
|
||||
if (!status->mServerCert) {
|
||||
status->mServerCert = nssc;
|
||||
}
|
||||
}
|
||||
|
||||
status->mKeyLength = keyLength;
|
||||
|
|
|
@ -231,11 +231,12 @@ void nsNSSSocketInfo::destructorSafeDestroyNSSReference()
|
|||
}
|
||||
}
|
||||
|
||||
NS_IMPL_THREADSAFE_ISUPPORTS4(nsNSSSocketInfo,
|
||||
NS_IMPL_THREADSAFE_ISUPPORTS5(nsNSSSocketInfo,
|
||||
nsITransportSecurityInfo,
|
||||
nsISSLSocketControl,
|
||||
nsIInterfaceRequestor,
|
||||
nsISSLStatusProvider)
|
||||
nsISSLStatusProvider,
|
||||
nsIIdentityInfo)
|
||||
|
||||
nsresult
|
||||
nsNSSSocketInfo::GetHandshakePending(PRBool *aHandshakePending)
|
||||
|
@ -504,6 +505,23 @@ nsresult nsNSSSocketInfo::SetFileDescPtr(PRFileDesc* aFilePtr)
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult nsNSSSocketInfo::GetCert(nsNSSCertificate** _result)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(_result);
|
||||
|
||||
*_result = mCert;
|
||||
NS_IF_ADDREF(*_result);
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult nsNSSSocketInfo::SetCert(nsNSSCertificate *aCert)
|
||||
{
|
||||
mCert = aCert;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult nsNSSSocketInfo::GetSSLStatus(nsISupports** _result)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(_result);
|
||||
|
|
|
@ -51,8 +51,11 @@
|
|||
#include "nsISSLSocketControl.h"
|
||||
#include "nsISSLStatus.h"
|
||||
#include "nsISSLStatusProvider.h"
|
||||
#include "nsIIdentityInfo.h"
|
||||
#include "nsXPIDLString.h"
|
||||
#include "nsNSSShutDown.h"
|
||||
#include "nsAutoPtr.h"
|
||||
#include "nsNSSCertificate.h"
|
||||
|
||||
class nsIChannel;
|
||||
class nsSSLThread;
|
||||
|
@ -123,6 +126,7 @@ class nsNSSSocketInfo : public nsITransportSecurityInfo,
|
|||
public nsISSLSocketControl,
|
||||
public nsIInterfaceRequestor,
|
||||
public nsISSLStatusProvider,
|
||||
public nsIIdentityInfo,
|
||||
public nsNSSShutDownObject,
|
||||
public nsOnPK11LogoutCancelObject
|
||||
{
|
||||
|
@ -135,6 +139,7 @@ public:
|
|||
NS_DECL_NSISSLSOCKETCONTROL
|
||||
NS_DECL_NSIINTERFACEREQUESTOR
|
||||
NS_DECL_NSISSLSTATUSPROVIDER
|
||||
NS_DECL_NSIIDENTITYINFO
|
||||
|
||||
nsresult SetSecurityState(PRUint32 aState);
|
||||
nsresult SetShortSecurityDescription(const PRUnichar *aText);
|
||||
|
@ -155,6 +160,9 @@ public:
|
|||
nsresult GetPort(PRInt32 *aPort);
|
||||
nsresult SetPort(PRInt32 aPort);
|
||||
|
||||
nsresult GetCert(nsNSSCertificate** _result);
|
||||
nsresult SetCert(nsNSSCertificate *aCert);
|
||||
|
||||
void SetCanceled(PRBool aCanceled);
|
||||
PRBool GetCanceled();
|
||||
|
||||
|
@ -187,6 +195,7 @@ public:
|
|||
protected:
|
||||
nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
|
||||
PRFileDesc* mFd;
|
||||
nsRefPtr<nsNSSCertificate> mCert;
|
||||
enum {
|
||||
blocking_state_unknown, is_nonblocking_socket, is_blocking_socket
|
||||
} mBlockingState;
|
||||
|
|
Загрузка…
Ссылка в новой задаче