mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

b=115010 Implement "Message Security Info" when reading S/Mime messages. 

(includes b=115209 Only care for outermost signing/encryption level)
r=javi/ducarroz sr=mscott
This commit is contained in:
kaie%netscape.com 2002-02-18 15:36:30 +00:00
Родитель 1fb36a317b
Коммит e46c7f3115
25 изменённых файлов: 1100 добавлений и 97 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
mailnews/base/resources/content/mailWindowOverlay.xul
Просмотреть файл

@ -1087,7 +1087,7 @@ Rights Reserved.
<menuitem label="&reloadCmd.label;" accesskey="&reloadCmd.accesskey;" observes="cmd_reload"/>
<menuitem id="stopMenuitem" label="&stopCmd.label;" accesskey="&stopCmd.accesskey;" disabled="true" oncommand="MsgStop();"/>
<menuseparator/>
<menuitem label="&pageSourceCmd.label;" key="key_viewPageSource" accesskey="&pageSourceCmd.accesskey;" observes="cmd_viewPageSource"/>
<menuitem id="pageSourceMenuItem" label="&pageSourceCmd.label;" key="key_viewPageSource" accesskey="&pageSourceCmd.accesskey;" observes="cmd_viewPageSource"/>
<menuseparator/>
<menu id = "mailviewCharsetMenu" />
</menupopup>

7
mailnews/extensions/smime/jar.mn
Просмотреть файл

@ -3,12 +3,19 @@ messenger.jar:
content/messenger/am-smime.js (resources/content/am-smime.js)
content/messenger-smime/msgCompSMIMEOverlay.js (resources/content/msgCompSMIMEOverlay.js)
content/messenger-smime/msgCompSMIMEOverlay.xul (resources/content/msgCompSMIMEOverlay.xul)
content/messenger-smime/msgReadSMIMEOverlay.js (resources/content/msgReadSMIMEOverlay.js)
content/messenger-smime/msgReadSMIMEOverlay.xul (resources/content/msgReadSMIMEOverlay.xul)
content/messenger-smime/msgHdrViewSMIMEOverlay.xul (resources/content/msgHdrViewSMIMEOverlay.xul)
content/messenger-smime/msgHdrViewSMIMEOverlay.js (resources/content/msgHdrViewSMIMEOverlay.js)
content/messenger-smime/msgReadSecurityInfo.xul (resources/content/msgReadSecurityInfo.xul)
content/messenger-smime/msgReadSecurityInfo.js (resources/content/msgReadSecurityInfo.js)
content/messenger-smime/contents.rdf (resources/content/contents.rdf)
en-US.jar:
locale/en-US/messenger/am-smime.dtd (resources/locale/en-US/am-smime.dtd)
locale/en-US/messenger/am-smime.properties (resources/locale/en-US/am-smime.properties)
locale/en-US/messenger-smime/msgCompSMIMEOverlay.dtd (resources/locale/en-US/msgCompSMIMEOverlay.dtd)
locale/en-US/messenger-smime/msgReadSMIMEOverlay.dtd (resources/locale/en-US/msgReadSMIMEOverlay.dtd)
locale/en-US/messenger-smime/msgReadSecurityInfo.dtd (resources/locale/en-US/msgReadSecurityInfo.dtd)
locale/en-US/messenger-smime/msgSecurityInfo.properties (resources/locale/en-US/msgSecurityInfo.properties)
locale/en-US/messenger-smime/contents.rdf (resources/locale/en-US/contents.rdf)

8
mailnews/extensions/smime/public/nsIMsgSMIMEHeaderSink.idl
Просмотреть файл

@ -44,9 +44,13 @@
#include "nsISupports.idl"
interface nsIX509Cert;
[scriptable, uuid(25380FA1-E70C-4e82-B0BC-F31C2F41C470)]
interface nsIMsgSMIMEHeaderSink : nsISupports
{
void signedStatus(in boolean aValidSignature);
void encryptionStatus(in boolean aValidEncryption);
void signedStatus(in PRInt32 aNestingLevel, in PRInt32 aSignatureStatus, in nsIX509Cert aSignerCert);
void encryptionStatus(in PRInt32 aNestingLevel, in PRInt32 aEncryptionStatus);
PRInt32 maxWantedNesting(); // 1 == only info on outermost nesting level wanted
};

15
mailnews/extensions/smime/resources/content/contents.rdf
Просмотреть файл

@ -21,6 +21,9 @@
<RDF:Seq about="urn:mozilla:overlays">
<RDF:li resource="chrome://messenger/content/messengercompose/messengercompose.xul"/>
<RDF:li resource="chrome://messenger/content/msgHdrViewOverlay.xul"/>
<RDF:li resource="chrome://messenger/content/mail3PaneWindowVertLayout.xul"/>
<RDF:li resource="chrome://messenger/content/messenger.xul"/>
<RDF:li resource="chrome://messenger/content/messageWindow.xul"/>
</RDF:Seq>
<RDF:Seq about="chrome://messenger/content/messengercompose/messengercompose.xul">
@ -30,4 +33,16 @@
<RDF:Seq about="chrome://messenger/content/msgHdrViewOverlay.xul">
<RDF:li>chrome://messenger-smime/content/msgHdrViewSMIMEOverlay.xul</RDF:li>
</RDF:Seq>
<RDF:Seq about="chrome://messenger/content/mail3PaneWindowVertLayout.xul">
<RDF:li>chrome://messenger-smime/content/msgReadSMIMEOverlay.xul</RDF:li>
</RDF:Seq>
<RDF:Seq about="chrome://messenger/content/messenger.xul">
<RDF:li>chrome://messenger-smime/content/msgReadSMIMEOverlay.xul</RDF:li>
</RDF:Seq>
<RDF:Seq about="chrome://messenger/content/messageWindow.xul">
<RDF:li>chrome://messenger-smime/content/msgReadSMIMEOverlay.xul</RDF:li>
</RDF:Seq>
</RDF:RDF>

5
mailnews/extensions/smime/resources/content/msgCompSMIMEOverlay.js
Просмотреть файл

@ -117,3 +117,8 @@ function setSecuritySettings()
document.getElementById("menu_securityNoEncryption").setAttribute("checked", !smimeCompFields.alwaysEncryptMessage);
document.getElementById("menu_securitySign").setAttribute("checked", smimeCompFields.signMessage);
}
function showMessageComposeSecurityStatus()
{
dump("showSecurityStatus when composing message not yet implemented\n");
}

3
mailnews/extensions/smime/resources/content/msgCompSMIMEOverlay.xul
Просмотреть файл

@ -42,9 +42,10 @@
accesskey="&menu_securityEncryptIfPossible.accesskey;" label="&menu_securityEncryptIfPossible.label;" disabled="true"/>
<menuseparator/>
<menuitem id="menu_securitySign" type="checkbox" accesskey="&menu_securitySign.accesskey;" label="&menu_securitySign.label;" oncommand="signMessage()"/>
<menuseparator/>
<menuitem id="menu_securityStatus" type="checkbox" accesskey="&menu_securityStatus.accesskey;" label="&menu_securityStatus.label;" oncommand="showMessageComposeSecurityStatus()"/>
</menupopup>
</menu>
</menupopup>
</overlay>

44
mailnews/extensions/smime/resources/content/msgHdrViewSMIMEOverlay.js
Просмотреть файл

@ -26,14 +26,31 @@ var gSignedUINode = null;
var gEncryptedUINode = null;
var gSMIMEContainer = null;
// manipulates some globals from msgReadSMIMEOverlay.js
const nsICMSMessageErrors = Components.interfaces.nsICMSMessageErrors;
var smimeHeaderSink =
{
signedStatus: function(aValidSignature)
maxWantedNesting: function()
{
return 1;
},
signedStatus: function(aNestingLevel, aSignatureStatus, aSignerCert)
{
if (aNestingLevel > 1) {
// we are not interested
return;
}
gSignatureStatus = aSignatureStatus;
gSignerCert = aSignerCert;
gSignedUINode.collapsed = false;
gSMIMEContainer.collapsed = false;
if (aValidSignature)
if (nsICMSMessageErrors.SUCCESS == aSignatureStatus)
{
gSignedUINode.value = "<signed>";
}
@ -46,12 +63,19 @@ var smimeHeaderSink =
gSignedUIVisible = true;
},
encryptionStatus: function(aValidEncryption)
encryptionStatus: function(aNestingLevel, aEncryptionStatus)
{
if (aNestingLevel > 1) {
// we are not interested
return;
}
gEncryptionStatus = aEncryptionStatus;
gEncryptedUINode.collapsed = false;
gSMIMEContainer.collapsed = false;
if (aValidEncryption)
if (nsICMSMessageErrors.SUCCESS == aEncryptionStatus)
{
gEncryptedUINode.value = "<encrypted>";
}
@ -63,6 +87,7 @@ var smimeHeaderSink =
gEncryptionUIVisible = true;
},
QueryInterface : function(iid)
{
if (iid.equals(Components.interfaces.nsIMsgSMIMEHeaderSink) || iid.equals(Components.interfaces.nsISupports))
@ -73,7 +98,12 @@ var smimeHeaderSink =
function onSMIMEStartHeaders()
{
gSMIMEContainer.collapsed = true;
gEncryptionStatus = -1;
gSignatureStatus = -1;
gSignerCert = null;
gSMIMEContainer.collapsed = true;
if (gEncryptionUIVisible)
{
@ -110,7 +140,3 @@ function msgHdrViewSMIMEOnLoad(event)
}
addEventListener('messagepane-loaded', msgHdrViewSMIMEOnLoad, true);
function showMessageSecurityInfo()
{
}

4
mailnews/extensions/smime/resources/content/msgHdrViewSMIMEOverlay.xul
Просмотреть файл

@ -29,8 +29,8 @@
<hbox id="expandedHeaderView">
<vbox id="smimeBox" insertafter="expandedHeaders">
<spacer flex="1"/>
<label id="encryptedText" onclick="showMessageSecurityInfo();" collapsed="true"/>
<label id="signedText" onclick="showMessageSecurityInfo();" collapsed="true"/>
<label id="encryptedText" onclick="showMessageReadSecurityInfo();" collapsed="true"/>
<label id="signedText" onclick="showMessageReadSecurityInfo();" collapsed="true"/>
<spacer flex="1"/>
</vbox>
</hbox>

108
mailnews/extensions/smime/resources/content/msgReadSMIMEOverlay.js Normal file
Просмотреть файл

@ -0,0 +1,108 @@
/* -*- Mode: Java; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Netscape Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2002
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
var gEncryptionStatus = -1;
var gSignatureStatus = -1;
var gSignerCert = null;
const nsPKIParamBlock = "@mozilla.org/security/pkiparamblock;1";
const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
function showMessageReadSecurityInfo()
{
var pkiParams = Components.classes[nsPKIParamBlock].createInstance(nsIPKIParamBlock);
// isupport array starts with index 1
pkiParams.setISupportAtIndex(1, gSignerCert);
var params = pkiParams.QueryInterface(Components.interfaces.nsIDialogParamBlock);
// int array starts with index 0, but that is used for window exit status
params.SetInt(1, gSignatureStatus);
params.SetInt(2, gEncryptionStatus);
window.openDialog('chrome://messenger-smime/content/msgReadSecurityInfo.xul',
'', 'chrome,resizable=1,modal=1,dialog=1', pkiParams );
}
var SecurityController =
{
supportsCommand: function(command)
{
switch ( command )
{
case "cmd_viewSecurityStatus":
return true;
default:
return false;
}
},
isCommandEnabled: function(command)
{
switch ( command )
{
case "cmd_viewSecurityStatus":
{
if (document.firstChild.getAttribute('windowtype') == "mail:messageWindow")
{
return ( gCurrentMessageUri != null);
}
else
{
if (GetNumSelectedMessages() > 0 && gDBView)
{
var enabled = new Object();
enabled.value = false;
var checkStatus = new Object();
gDBView.getCommandStatus(nsMsgViewCommandType.cmdRequiringMsgBody, enabled, checkStatus);
return enabled.value;
}
}
return false;
}
default:
return false;
}
return false;
}
};
top.controllers.appendController(SecurityController);

53
mailnews/extensions/smime/resources/content/msgReadSMIMEOverlay.xul Normal file
Просмотреть файл

@ -0,0 +1,53 @@
<?xml version="1.0"?>
<!-- ***** BEGIN LICENSE BLOCK *****
- Version: MPL 1.1/GPL 2.0/LGPL 2.1
-
- The contents of this file are subject to the Mozilla Public License Version
- 1.1 (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS IS" basis,
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- for the specific language governing rights and limitations under the
- License.
-
- The Original Code is Netscape Communicator.
-
- The Initial Developer of the Original Code is
- Netscape Communications Corporation.
- Portions created by the Initial Developer are Copyright (C) 2002
- the Initial Developer. All Rights Reserved.
-
- Contributor(s):
-
- Alternatively, the contents of this file may be used under the terms of
- either the GNU General Public License Version 2 or later (the "GPL"), or
- the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- in which case the provisions of the GPL or the LGPL are applicable instead
- of those above. If you wish to allow use of your version of this file only
- under the terms of either the GPL or the LGPL, and not to allow others to
- use your version of this file under the terms of the MPL, indicate your
- decision by deleting the provisions above and replace them with the notice
- and other provisions required by the LGPL or the GPL. If you do not delete
- the provisions above, a recipient may use your version of this file under
- the terms of any one of the MPL, the GPL or the LGPL.
-
- ***** END LICENSE BLOCK ***** -->
<!DOCTYPE overlay SYSTEM "chrome://messenger-smime/locale/msgReadSMIMEOverlay.dtd">
<overlay xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script language="JavaScript" src="chrome://messenger-smime/content/msgReadSMIMEOverlay.js"/>
<commandset id="mailViewMenuItems">
<command id="cmd_viewSecurityStatus" oncommand="showMessageReadSecurityInfo();" disabled="true"/>
</commandset>
<menupopup id="menu_View_Popup">
<menuitem insertafter="pageSourceMenuItem" label="&menu_securityStatus.label;"
accesskey="&menu_securityStatus.accesskey;" observes="cmd_viewSecurityStatus"/>
</menupopup>
</overlay>

247
mailnews/extensions/smime/resources/content/msgReadSecurityInfo.js Normal file
Просмотреть файл

@ -0,0 +1,247 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corp..
* Portions created by the Initial Developer are Copyright (C) 2002
* the Initial Developer. All Rights Reserved.
*
* Contributor(s): Kai Engert <kaie@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
const nsIX509Cert = Components.interfaces.nsIX509Cert;
const nsICMSMessageErrors = Components.interfaces.nsICMSMessageErrors;
var gSignerCert = null;
var gEncryptionCert = null;
var gSignatureStatus = -1;
var gEncryptionStatus = -1;
var params = null;
function setText(id, value) {
var element = document.getElementById(id);
if (!element)
return;
if (element.hasChildNodes())
element.removeChild(element.firstChild);
var textNode = document.createTextNode(value);
element.appendChild(textNode);
}
function onLoad()
{
var pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);
var isupport = pkiParams.getISupportAtIndex(1);
if (isupport) {
gSignerCert = isupport.QueryInterface(nsIX509Cert);
}
params = pkiParams.QueryInterface(nsIDialogParamBlock);
gSignatureStatus = params.GetInt(1);
gEncryptionStatus = params.GetInt(2);
var bundle = document.getElementById("bundle_smime_read_info");
if (bundle) {
var sigInfoLabel = null;
var sigInfoHeader = null;
var sigInfo = null;
var sigInfo_clueless = false;
switch (gSignatureStatus) {
case -1:
case nsICMSMessageErrors.VERIFY_NOT_SIGNED:
sigInfoLabel = "SINoneLabel";
sigInfo = "SINone";
break;
case nsICMSMessageErrors.SUCCESS:
sigInfoLabel = "SIValidLabel";
sigInfo = "SIValid";
break;
case nsICMSMessageErrors.VERIFY_BAD_SIGNATURE:
case nsICMSMessageErrors.VERIFY_DIGEST_MISMATCH:
sigInfoLabel = "SIInvalidLabel";
sigInfoHeader = "SIInvalidHeader";
sigInfo = "SIContentAltered";
break;
case nsICMSMessageErrors.VERIFY_UNKNOWN_ALGO:
case nsICMSMessageErrors.VERIFY_UNSUPPORTED_ALGO:
sigInfoLabel = "SIInvalidLabel";
sigInfoHeader = "SIInvalidHeader";
sigInfo = "SIInvalidCipher";
break;
case nsICMSMessageErrors.VERIFY_HEADER_MISMATCH:
sigInfoLabel = "SIInvalidLabel";
sigInfoHeader = "SIInvalidHeader";
sigInfo = "SIHeaderMismatch";
break;
case nsICMSMessageErrors.VERIFY_UNTRUSTED:
sigInfoLabel = "SIInvalidLabel";
sigInfoHeader = "SIInvalidHeader";
sigInfo = "SIUntrustedCA";
// XXX Need to extend to communicate better errors
// might also be:
// SIExpired SIRevoked SINotYetValid SIUnknownCA SIExpiredCA SIRevokedCA SINotYetValidCA
break;
case nsICMSMessageErrors.VERIFY_NO_CONTENT_INFO:
case nsICMSMessageErrors.VERIFY_BAD_DIGEST:
case nsICMSMessageErrors.VERIFY_NOCERT:
case nsICMSMessageErrors.VERIFY_ERROR_UNVERIFIED:
case nsICMSMessageErrors.VERIFY_ERROR_PROCESSING:
case nsICMSMessageErrors.VERIFY_MALFORMED_SIGNATURE:
sigInfoLabel = "SIInvalidLabel";
sigInfoHeader = "SIInvalidHeader";
sigInfo_clueless = true;
break;
}
document.getElementById("signatureLabel").value =
bundle.getString(sigInfoLabel);
if (sigInfoHeader) {
var l = document.getElementById("signatureLabel");
l.collapsed = false;
l.value = bundle.getString(sigInfoHeader);
}
var str;
if (sigInfo) {
str = bundle.getString(sigInfo);
}
else if (sigInfo_clueless) {
str = bundle.getString("SIClueless") + " " + gSignatureStatus;
}
setText("signatureExplanation", str);
var encInfoLabel = null;
var encInfoHeader = null;
var encInfo = null;
var encInfo_clueless = false;
switch (gEncryptionStatus) {
case -1:
encInfoLabel = "EINoneLabel";
encInfo = "EINone";
break;
case nsICMSMessageErrors.SUCCESS:
encInfoLabel = "EIValidLabel";
encInfo = "EIValid";
break;
}
document.getElementById("encryptionLabel").value =
bundle.getString(encInfoLabel);
if (encInfoHeader) {
var l = document.getElementById("encryptionLLabel");
l.collapsed = false;
l.value = bundle.getString(encInfoHeader);
}
var str;
if (encInfo) {
str = bundle.getString(encInfo);
}
else if (encInfo_clueless) {
str = bundle.getString("EIClueless") + " " + gEncryptionStatus;
}
setText("encryptionExplanation", str);
}
if (gSignerCert) {
document.getElementById("signatureCert").collapsed = false;
if (gSignerCert.subjectName) {
document.getElementById("signedBy").value = gSignerCert.commonName;
}
if (gSignerCert.emailAddress) {
document.getElementById("signerEmail").value = gSignerCert.emailAddress;
}
if (gSignerCert.issuerName) {
document.getElementById("sigCertIssuedBy").value = gSignerCert.issuerCommonName;
}
}
if (gEncryptionCert) {
document.getElementById("encryptionCert").collapsed = false;
if (gEncryptionCert.subjectName) {
document.getElementById("encryptedFor").value = gEncryptionCert.commonName;
}
if (gEncryptionCert.emailAddress) {
document.getElementById("recipientEmail").value = gEncryptionCert.emailAddress;
}
if (gEncryptionCert.issuerName) {
document.getElementById("encCertIssuedBy").value = gEncryptionCert.issuerCommonName;
}
}
params.SetInt(0,0); // set cancel return value
}
function viewSignatureCert()
{
if (gSignerCert) {
gSignerCert.view();
}
}
function viewEncryptionCert()
{
if (gEncryptionCert) {
gEncryptionCert.view();
}
}
function doOK()
{
params.SetInt(0,1);
window.close();
}
function doCancel()
{
params.SetInt(0,0);
window.close();
}

105
mailnews/extensions/smime/resources/content/msgReadSecurityInfo.xul Normal file
Просмотреть файл

@ -0,0 +1,105 @@
<?xml version="1.0"?>
<!-- ***** BEGIN LICENSE BLOCK *****
- Version: MPL 1.1/GPL 2.0/LGPL 2.1
-
- The contents of this file are subject to the Mozilla Public License Version
- 1.1 (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS IS" basis,
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- for the specific language governing rights and limitations under the
- License.
-
- The Original Code is Mozilla Communicator
-
- The Initial Developer of the Original Code is
- Netscape Communications Corp..
- Portions created by the Initial Developer are Copyright (C) 2002
- the Initial Developer. All Rights Reserved.
-
- Contributor(s): Kai Engert <kaie@netscape.com>
-
- Alternatively, the contents of this file may be used under the terms of
- either the GNU General Public License Version 2 or later (the "GPL"), or
- the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- in which case the provisions of the GPL or the LGPL are applicable instead
- of those above. If you wish to allow use of your version of this file only
- under the terms of either the GPL or the LGPL, and not to allow others to
- use your version of this file under the terms of the MPL, indicate your
- decision by deleting the provisions above and replace them with the notice
- and other provisions required by the LGPL or the GPL. If you do not delete
- the provisions above, a recipient may use your version of this file under
- the terms of any one of the MPL, the GPL or the LGPL.
-
- ***** END LICENSE BLOCK ***** -->
<?xml-sheet href="chrome://global/skin/" type="text/css"?>
<?xml-stylesheet href="chrome://messenger/skin/smime/msgReadSecurityInfo.css" type="text/css"?>
<?xul-overlay href="chrome://global/content/dialogOverlay.xul"?>
<!DOCTYPE window SYSTEM "chrome://messenger-smime/locale/msgReadSecurityInfo.dtd">
<window id="msgReadSecurityInfo" title="&status.label;"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
onload="onLoad();">
<script type="application/x-javascript" src="chrome://messenger-smime/content/msgReadSecurityInfo.js"/>
<stringbundle id="bundle_smime_read_info" src="chrome://messenger-smime/locale/msgSecurityInfo.properties"/>
<vbox id="outer_vbox">
<vbox flex="1">
<label id="signatureLabel"/>
<label id="signatureHeader" collapsed="true"/>
<description id="signatureExplanation"/>
<vbox id="signatureCert" collapsed="true">
<hbox>
<label id="signedByLabel">&signer.name;</label>
<description id="signedBy"/>
</hbox>
<hbox>
<label id="signerEmailLabel">&email.address;</label>
<description id="signerEmail"/>
</hbox>
<hbox>
<label id="sigCertIssuedByLabel">&issuer.name;</label>
<description id="sigCertIssuedBy"/>
</hbox>
<hbox>
<button id="signatureCertView" label="&signatureCert.label;"
oncommand="viewSignatureCert()"/>
</hbox>
</vbox>
<separator/>
<label id="encryptionLabel"/>
<label id="encryptionHeader" collapsed="true"/>
<description id="encryptionExplanation"/>
<vbox id="encryptionCert" collapsed="true">
<hbox>
<label id="encryptedForLabel">&recipient.name;</label>
<description id="encryptedFor"/>
</hbox>
<hbox>
<label id="recipientEmailLabel">&email.address;</label>
<description id="recipientEmail"/>
</hbox>
<hbox>
<label id="encCertIssuedByLabel">&issuer.name;</label>
<description id="encCertIssuedBy"/>
</hbox>
<hbox>
<button id="encryptionCertView" label="&encryptionCert.label;"
oncommand="viewEncryptionCert()"/>
</hbox>
</vbox>
</vbox>
<separator class="thin"/>
<keyset id="dialogKeys"/>
<hbox id="okCancelButtonsRight"/>
</vbox>
</window>

5
mailnews/extensions/smime/resources/locale/en-US/am-smime.properties
Просмотреть файл

@ -1,14 +1,9 @@
## S/MIME error strings.
NoSenderSigningCert=You requested to digitally sign this message, but the application failed to find the signing certificate you specified in your Mail/News account preferences or the certificate has expired.
NoSenderEncryptionCert=You requested to encrypt this message, but the application failed to find the encryption certificate you specified in your Mail/News account preferences or the certificate has expired.
MissingRecipientEncryptionCert=You requested to encrypt this message, but the application failed to find an encryption cert for %S.
SignNoSenderEncryptionCert=You requested to sign this message, but the application failed to find an encryption cert to include in the signed message or the certificate has expired.
## Strings used for in the prefs.
prefPanel-smime=Security
smimeCertPrompt=Select the certificate that you want to use:

3
mailnews/extensions/smime/resources/locale/en-US/msgCompSMIMEOverlay.dtd
Просмотреть файл

@ -14,3 +14,6 @@
<!ENTITY menu_securitySign.label "Digitally Sign">
<!ENTITY menu_securitySign.accesskey "D">
<!ENTITY menu_securityStatus.label "Message Security">
<!ENTITY menu_securityStatus.accesskey "M">

4
mailnews/extensions/smime/resources/locale/en-US/msgReadSMIMEOverlay.dtd Normal file
Просмотреть файл

@ -0,0 +1,4 @@
<!--LOCALIZATION NOTE msgReadSMIMEOverlay.dtd UI for s/mime hooks in message reading -->
<!ENTITY menu_securityStatus.label "Message Security Info">
<!ENTITY menu_securityStatus.accesskey "I">

10
mailnews/extensions/smime/resources/locale/en-US/msgReadSecurityInfo.dtd Normal file
Просмотреть файл

@ -0,0 +1,10 @@
<!--LOCALIZATION NOTE msgReadSecurityInfo.dtd UI for viewing security status when reading a received message -->
<!ENTITY status.label "Message Security">
<!ENTITY signatureCert.label "View Signature Certificate">
<!ENTITY encryptionCert.label "View Encryption Certificate">
<!ENTITY signer.name "Signed by:">
<!ENTITY recipient.name "Encrypted for:">
<!ENTITY email.address "E-Mail address:">
<!ENTITY issuer.name "Certificate issued by:">

67
mailnews/extensions/smime/resources/locale/en-US/msgSecurityInfo.properties Normal file
Просмотреть файл

@ -0,0 +1,67 @@
## Signature Information strings
SINoneLabel=Message Has No Digital Signature
SINone=This message does not include the sender's digital signature. The absence of a digital signature means that the message could have been sent by someone pretending to have this email address. It is also possible that the message has been altered while in transit over the network. However, it is unlikely that either event has occurred.
SIValidLabel=Message Is Signed
SIValid=This message includes a valid digital signature. The message has not been altered since it was sent.
SIInvalidLabel=Digital Signature Is Not Valid
SIInvalidHeader=This message includes a digital signature, but the signature is invalid.
SIContentAltered=The signature does not match the message content correctly. The message appears to have been altered after the sender signed it. You should not trust the validity of this message until you verify its contents with the sender.
SIHeaderMismatch=The signature does not match the message headers correctly. The message appears to have been altered after the sender signed it. You should not trust the validity of this message until you verify its contents with the sender.
SIExpired=The certificate used to signed the message appears to have expired. Make sure your computer's clock is set correctly.
SIRevoked=The certificate used to sign the message has been revoked. You should not trust the validity of this message until you verify its contents with the sender.
SINotYetValid=The certificate used to sign the message appears not be valid yet. Make sure your computer's clock is set correctly.
SIUnknownCA=The certificate used to sign the message was issued by an unknown certificate authority.
SIUntrustedCA=The certificate used to sign the message was issued by a certificate authority that you do not trust for issuing this kind of certificate.
SIExpiredCA=The certificate used to sign the message was issued by a certificate authority whose own certificate has expired. Make sure your computer's clock is set correctly.
SIRevokedCA=The certificate used to sign the message was issued by a certificate authority whose own certificate has been revoked. You should not trust the validity of this message until you verify its contents with the sender.
SINotYetValidCA=The certificate used to sign the message was issued by a certificate authority whose own certificate is not yet valid. Make sure your computer's clock is set correctly.
SIInvalidCipher=The message was signed using an encryption strength that this version of your software does not support.
SIClueless=There are unknown problems with this digital signature. You should not trust the validity of this message until you verify its contents with the sender.
## Encryption Information strings
EINoneLabel=Message Not Encrypted
EINone=This message was not encrypted before it was sent. Information sent over the Internet without encryption can be seen by other people while in transit.
EIValidLabel=Message Is Encrypted
EIValid=This message was encrypted before it was sent to you. Encryption makes it very difficult for other people to view information while it is traveling over the network.
EIInvalidLabel=Message Cannot Be Decrypted
EIInvalidHeader=This message was encrypted before it was sent to you, but it cannot be decrypted.
EIContentAltered=The message contents appear to have been altered during transmission.
EINoDecryptCert=The certificate used to encrypt the message cannot be found.
EIPasswordError=You did not enter your Master Password correctly.
EIInvalidCipher=The message was encrypted using an encryption strength that this version of your software does not support.
EIClueless=There are unknown problems with this encrypted message.
## Signing Power Information string
SPCanLabel=Message Can Be Signed
SPCanHeader=You have chosen to digitally sign this message before sending it.
SPCan=When other people receive your signed message, they can verify that the message comes from you and that it has not been altered since you signed it.
SPCannotLabel=Message Cannot Be Signed
SPCannotHeader=You cannot digitally sign this message.
SPNoCert=You have not specified a valid certificate for creating digital signatures.
SPNoSigCert=The certificate you have specified for signing messages cannot be used for that purpose.
SPNoValidCert=The certificate you have specified for signing messages is not yet valid. Make sure your computer's clock is set correctly.
SPExpiredCert=The certificate you have specified for signing messages has expired.
SPRevokedCert=The certificate you have specified for signing messages has been revoked.
## Encryption Power Information string
EPCanLabel=Message Can Be Encrypted
EPCanHeader=You have chose to encrypt this message before sending it.
EPCan=If you have chosen to save copies of your outgoing messages, this message will be encrypted before being saved.
EPCannotLabel=Message Cannot Be Encrypted
EPCannotHeader=This message cannot be encrypted.
EPRecipientUnknown=You have not entered any recipients.
EPNoCerts=You do not have valid certificates for the following recipients:
EPClueless=There are unknown problems with this message.

92
mailnews/mime/src/mimecms.cpp
Просмотреть файл

@ -100,6 +100,7 @@ typedef struct MimeCMSdata
MimeObject *self;
PRBool parent_is_encrypted_p;
PRBool parent_holds_stamp_p;
nsCOMPtr<nsIMsgSMIMEHeaderSink> smimeHeaderSink;
MimeCMSdata()
:output_fn(nsnull),
@ -369,6 +370,31 @@ MimeCMS_init(MimeObject *obj,
data->parent_holds_stamp_p =
mime_crypto_stamped_p (obj->parent->parent);
mime_stream_data *msd = (mime_stream_data *) (data->self->options->stream_closure);
if (msd)
{
nsIChannel *channel = msd->channel; // note the lack of ref counting...
if (channel)
{
nsCOMPtr<nsIURI> uri;
nsCOMPtr<nsIMsgWindow> msgWindow;
nsCOMPtr<nsIMsgHeaderSink> headerSink;
nsCOMPtr<nsIMsgMailNewsUrl> msgurl;
nsCOMPtr<nsISupports> securityInfo;
channel->GetURI(getter_AddRefs(uri));
if (uri)
msgurl = do_QueryInterface(uri);
if (msgurl)
msgurl->GetMsgWindow(getter_AddRefs(msgWindow));
if (msgWindow)
msgWindow->GetMsgHeaderSink(getter_AddRefs(headerSink));
if (headerSink)
headerSink->GetSecurityInfo(getter_AddRefs(securityInfo));
if (securityInfo)
data->smimeHeaderSink = do_QueryInterface(securityInfo);
} // if channel
} // if msd
return data;
}
@ -399,6 +425,19 @@ MimeCMS_eof (void *crypto_closure, PRBool abort_p)
return -1;
}
// if we are the child of the topmost message, aNestLevel == 1
int aNestLevel = 0;
if (data->self) {
MimeObject *walker = data->self;
while (walker) {
if (mime_typep(walker, (MimeObjectClass *) &mimeMessageClass)) {
++aNestLevel;
}
walker = walker->parent;
}
}
/* Hand an EOF to the crypto library. It may call data->output_fn.
(Today, the crypto library has no flushing to do, but maybe there
will be someday.)
@ -418,40 +457,27 @@ MimeCMS_eof (void *crypto_closure, PRBool abort_p)
if (NS_FAILED(rv))
data->verify_error = PR_GetError();
mime_stream_data *msd = (mime_stream_data *) (data->self->options->stream_closure);
if (msd)
{
nsIChannel *channel = msd->channel; // note the lack of ref counting...
if (channel)
PRInt32 maxNestLevel = 0;
if (data->smimeHeaderSink) {
data->smimeHeaderSink->MaxWantedNesting(&maxNestLevel);
if (aNestLevel >= maxNestLevel)
{
nsCOMPtr<nsIURI> uri;
nsCOMPtr<nsIMsgWindow> msgWindow;
nsCOMPtr<nsIMsgHeaderSink> headerSink;
nsCOMPtr<nsIMsgMailNewsUrl> msgurl;
nsCOMPtr<nsISupports> securityInfo;
nsCOMPtr<nsIMsgSMIMEHeaderSink> smimeHeaderSink;
channel->GetURI(getter_AddRefs(uri));
if (uri)
msgurl = do_QueryInterface(uri);
if (msgurl)
msgurl->GetMsgWindow(getter_AddRefs(msgWindow));
if (msgWindow)
msgWindow->GetMsgHeaderSink(getter_AddRefs(headerSink));
if (headerSink)
headerSink->GetSecurityInfo(getter_AddRefs(securityInfo));
if (securityInfo)
smimeHeaderSink = do_QueryInterface(securityInfo);
if (smimeHeaderSink)
{
smimeHeaderSink->EncryptionStatus(
data->ci_is_encrypted
&& !data->verify_error
&& !data->decode_error
&& NS_SUCCEEDED(rv)
);
}
} // if channel
} // if msd
data->smimeHeaderSink->EncryptionStatus(
aNestLevel,
(
data->ci_is_encrypted
&& !data->verify_error
&& !data->decode_error
&& NS_SUCCEEDED(rv)
)
?
nsICMSMessageErrors::SUCCESS
:
-1
);
}
}
data->decoder_context = 0;

98
mailnews/mime/src/mimemcms.cpp
Просмотреть файл

@ -39,6 +39,7 @@
#include "nsMimeTypes.h"
#include "nspr.h"
#include "nsMimeStringResources.h"
#include "mimemsg.h"
#include "mimemoz2.h"
#include "nsIURI.h"
#include "nsIMsgWindow.h"
@ -46,6 +47,7 @@
#include "nsIMimeMiscStatus.h"
#include "nsIMsgSMIMEHeaderSink.h"
#include "nsCOMPtr.h"
#include "nsIX509Cert.h"
#define MIME_SUPERCLASS mimeMultipartSignedClass
MimeDefClass(MimeMultipartSignedCMS, MimeMultipartSignedCMSClass,
@ -111,6 +113,7 @@ typedef struct MimeMultCMSdata
MimeObject *self;
PRBool parent_is_encrypted_p;
PRBool parent_holds_stamp_p;
nsCOMPtr<nsIMsgSMIMEHeaderSink> smimeHeaderSink;
MimeMultCMSdata()
:hash_type(0),
@ -249,6 +252,31 @@ MimeMultCMS_init (MimeObject *obj)
data->parent_holds_stamp_p =
mime_crypto_stamped_p (obj->parent->parent);
mime_stream_data *msd = (mime_stream_data *) (data->self->options->stream_closure);
if (msd)
{
nsIChannel *channel = msd->channel; // note the lack of ref counting...
if (channel)
{
nsCOMPtr<nsIURI> uri;
nsCOMPtr<nsIMsgWindow> msgWindow;
nsCOMPtr<nsIMsgHeaderSink> headerSink;
nsCOMPtr<nsIMsgMailNewsUrl> msgurl;
nsCOMPtr<nsISupports> securityInfo;
channel->GetURI(getter_AddRefs(uri));
if (uri)
msgurl = do_QueryInterface(uri);
if (msgurl)
msgurl->GetMsgWindow(getter_AddRefs(msgWindow));
if (msgWindow)
msgWindow->GetMsgHeaderSink(getter_AddRefs(headerSink));
if (headerSink)
headerSink->GetSecurityInfo(getter_AddRefs(securityInfo));
if (securityInfo)
data->smimeHeaderSink = do_QueryInterface(securityInfo);
} // if channel
} // if msd
return data;
}
@ -404,11 +432,32 @@ MimeMultCMS_generate (void *crypto_closure)
nsresult rv;
if (!data) return 0;
encrypted_p = data->parent_is_encrypted_p;
PRInt32 signature_status = -1;
nsCOMPtr<nsIX509Cert> signerCert;
// if we are the child of the topmost message, aNestLeve == 1
int aNestLevel = 0;
if (data->self) {
MimeObject *walker = data->self;
while (walker) {
if (mime_typep(walker, (MimeObjectClass *) &mimeMessageClass)) {
++aNestLevel;
}
walker = walker->parent;
}
}
if (data->content_info)
{
rv = data->content_info->VerifyDetachedSignature(data->item_data, data->item_len);
data->content_info->GetSignerCert(getter_AddRefs(signerCert));
if (NS_FAILED(rv)) {
if (NS_ERROR_MODULE_SECURITY == NS_ERROR_GET_MODULE(rv)) {
signature_status = NS_ERROR_GET_CODE(rv);
}
if (!data->verify_error) {
data->verify_error = PR_GetError();
}
@ -419,9 +468,16 @@ MimeMultCMS_generate (void *crypto_closure)
good_p = MimeCMSHeadersAndCertsMatch(data->self,
data->content_info,
&data->sender_addr);
if (!good_p && !data->verify_error) {
data->verify_error = -1;
// XXX Fix this data->verify_error = SEC_ERROR_CERT_ADDR_MISMATCH; XXX //
if (!good_p) {
signature_status = nsICMSMessageErrors::VERIFY_HEADER_MISMATCH;
if (!data->verify_error) {
data->verify_error = -1;
// XXX Fix this data->verify_error = SEC_ERROR_CERT_ADDR_MISMATCH; XXX //
}
}
else
{
signature_status = nsICMSMessageErrors::SUCCESS;
}
}
@ -449,35 +505,15 @@ MimeMultCMS_generate (void *crypto_closure)
*/
}
mime_stream_data *msd = (mime_stream_data *) (data->self->options->stream_closure);
if (msd)
{
nsIChannel *channel = msd->channel; // note the lack of ref counting...
if (channel)
PRInt32 maxNestLevel = 0;
if (data->smimeHeaderSink) {
data->smimeHeaderSink->MaxWantedNesting(&maxNestLevel);
if (aNestLevel >= maxNestLevel)
{
nsCOMPtr<nsIURI> uri;
nsCOMPtr<nsIMsgWindow> msgWindow;
nsCOMPtr<nsIMsgHeaderSink> headerSink;
nsCOMPtr<nsIMsgMailNewsUrl> msgurl;
nsCOMPtr<nsISupports> securityInfo;
nsCOMPtr<nsIMsgSMIMEHeaderSink> smimeHeaderSink;
channel->GetURI(getter_AddRefs(uri));
if (uri)
msgurl = do_QueryInterface(uri);
if (msgurl)
msgurl->GetMsgWindow(getter_AddRefs(msgWindow));
if (msgWindow)
msgWindow->GetMsgHeaderSink(getter_AddRefs(headerSink));
if (headerSink)
headerSink->GetSecurityInfo(getter_AddRefs(securityInfo));
if (securityInfo)
smimeHeaderSink = do_QueryInterface(securityInfo);
if (smimeHeaderSink)
{
smimeHeaderSink->SignedStatus(good_p);
}
} // if channel
} // if msd
data->smimeHeaderSink->SignedStatus(aNestLevel, signature_status, signerCert);
}
}
unverified_p = data->self->options->missing_parts;

74
security/manager/ssl/public/nsICMS.idl
Просмотреть файл

@ -80,12 +80,39 @@ interface nsICMSMessage : nsISupports
void contentIsEncrypted(out boolean aEncrypted);
void getSignerCommonName(out string aName);
void getSignerEmailAddress(out string aEmail);
void getSignerCert(out nsIX509Cert scert);
void getEncryptionCert(out nsIX509Cert ecert);
void verifySignature();
void verifyDetachedSignature(in UnsignedCharPtr aDigestData, in unsigned long aDigestDataLen);
void CreateEncrypted(in nsISupportsArray aRecipientCerts);
void CreateSigned(in nsIX509Cert scert, in nsIX509Cert ecert, in UnsignedCharPtr aDigestData, in unsigned long aDigestDataLen);
};
/**
* nsICMSMessageErrors
* Scriptable error constants for nsICMSMessage
*/
[scriptable,uuid(f2aec680-60a0-49f0-afe5-6cf1d3f15e0d)]
interface nsICMSMessageErrors : nsISupports
{
const long SUCCESS = 0;
const long VERIFY_NOT_SIGNED = 1024;
const long VERIFY_NO_CONTENT_INFO = 1025;
const long VERIFY_BAD_DIGEST = 1026;
const long VERIFY_NOCERT = 1028;
const long VERIFY_UNTRUSTED = 1029;
const long VERIFY_ERROR_UNVERIFIED = 1031;
const long VERIFY_ERROR_PROCESSING = 1032;
const long VERIFY_BAD_SIGNATURE = 1033;
const long VERIFY_DIGEST_MISMATCH = 1034;
const long VERIFY_UNKNOWN_ALGO = 1035;
const long VERIFY_UNSUPPORTED_ALGO = 1036;
const long VERIFY_MALFORMED_SIGNATURE = 1037;
const long VERIFY_HEADER_MISMATCH = 1038;
const long ENCRYPT_NO_BULK_ALG = 1056;
};
/**
* nsICMSDecoder
* Interface to decode an CMS message
@ -120,4 +147,51 @@ interface nsICMSEncoder : nsISupports
#define NS_CMSENCODER_CONTRACTID "@mozilla.org/nsCMSEncoder;1"
#define NS_CMSMESSAGE_CONTRACTID "@mozilla.org/nsCMSMessage;1"
#define NS_HASH_CONTRACTID "@mozilla.org/nsHash;1"
/**
* CMS specific nsresult error codes
*/
#define NS_ERROR_CMS_VERIFY_NOT_SIGNED \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_NOT_SIGNED)
#define NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_NO_CONTENT_INFO)
#define NS_ERROR_CMS_VERIFY_BAD_DIGEST \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_BAD_DIGEST)
#define NS_ERROR_CMS_VERIFY_NOCERT \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_NOCERT)
#define NS_ERROR_CMS_VERIFY_UNTRUSTED \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_UNTRUSTED)
#define NS_ERROR_CMS_VERIFY_ERROR_UNVERIFIED \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_ERROR_UNVERIFIED)
#define NS_ERROR_CMS_VERIFY_ERROR_PROCESSING \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_ERROR_PROCESSING)
#define NS_ERROR_CMS_VERIFY_BAD_SIGNATURE \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_BAD_SIGNATURE)
#define NS_ERROR_CMS_VERIFY_DIGEST_MISMATCH \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_DIGEST_MISMATCH)
#define NS_ERROR_CMS_VERIFY_UNKNOWN_ALGO \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_UNKNOWN_ALGO)
#define NS_ERROR_CMS_VERIFY_UNSUPPORTED_ALGO \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_UNSUPPORTED_ALGO)
#define NS_ERROR_CMS_VERIFY_MALFORMED_SIGNATURE \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_MALFORMED_SIGNATURE)
#define NS_ERROR_CMS_VERIFY_HEADER_MISMATCH \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::VERIFY_HEADER_MISMATCH)
#define NS_ERROR_CMS_ENCRYPT_NO_BULK_ALG \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, \
nsICMSMessageErrors::ENCRYPT_NO_BULK_ALG)
%}

103
security/manager/ssl/src/nsCMS.cpp
Просмотреть файл

@ -145,6 +145,45 @@ NS_IMETHODIMP nsCMSMessage::ContentIsSigned(int *)
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsCMSMessage::GetSignerCert(nsIX509Cert **scert)
{
if (!m_cmsMsg)
return NS_ERROR_FAILURE;
if (!NSS_CMSMessage_IsSigned(m_cmsMsg))
return NS_ERROR_FAILURE;
NSSCMSContentInfo *cinfo = NSS_CMSMessage_ContentLevel(m_cmsMsg, 0);
if (!cinfo)
return NS_ERROR_FAILURE;
NSSCMSSignedData *sigd = (NSSCMSSignedData*)NSS_CMSContentInfo_GetContent(cinfo);
if (!sigd)
return NS_ERROR_FAILURE;
PR_ASSERT(NSS_CMSSignedData_SignerInfoCount(sigd) > 0);
NSSCMSSignerInfo *si = NSS_CMSSignedData_GetSignerInfo(sigd, 0);
if (!si)
return NS_ERROR_FAILURE;
if (si->cert) {
*scert = new nsNSSCertificate(si->cert);
if (*scert) {
(*scert)->AddRef();
}
}
else {
*scert = nsnull;
}
return NS_OK;
}
NS_IMETHODIMP nsCMSMessage::GetEncryptionCert(nsIX509Cert **ecert)
{
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsCMSMessage::VerifyDetachedSignature(unsigned char* aDigestData, PRUint32 aDigestDataLen)
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature\n"));
@ -160,25 +199,29 @@ NS_IMETHODIMP nsCMSMessage::VerifyDetachedSignature(unsigned char* aDigestData,
if (NSS_CMSMessage_IsSigned(m_cmsMsg) == PR_FALSE) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - not signed\n"));
return NS_ERROR_FAILURE;
return NS_ERROR_CMS_VERIFY_NOT_SIGNED;
}
cinfo = NSS_CMSMessage_ContentLevel(m_cmsMsg, 0);
sigd = (NSSCMSSignedData*)NSS_CMSContentInfo_GetContent(cinfo);
if (sigd == nsnull) {
if (cinfo) {
sigd = (NSSCMSSignedData*)NSS_CMSContentInfo_GetContent(cinfo);
}
if (!sigd) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - no content info\n"));
rv = NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
goto loser;
}
if (NSS_CMSSignedData_SetDigestValue(sigd, SEC_OID_SHA1, &digest)) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - can't set digest value\n"));
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - bad digest\n"));
rv = NS_ERROR_CMS_VERIFY_BAD_DIGEST;
goto loser;
}
// Import certs //
// Import certs. Note that import failure is not a signature verification failure. //
if (NSS_CMSSignedData_ImportCerts(sigd, CERT_GetDefaultCertDB(), certUsageEmailSigner, PR_TRUE) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - can not import certs\n"));
goto loser;
}
nsigners = NSS_CMSSignedData_SignerInfoCount(sigd);
@ -188,21 +231,50 @@ NS_IMETHODIMP nsCMSMessage::VerifyDetachedSignature(unsigned char* aDigestData,
// We verify the first signer info, only //
if (NSS_CMSSignedData_VerifySignerInfo(sigd, 0, CERT_GetDefaultCertDB(), certUsageEmailSigner) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - unable to verify signature\n"));
#ifdef DEBUG
if (NSSCMSVS_SigningCertNotFound == si->verificationStatus) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - signing cert not found\n"));
rv = NS_ERROR_CMS_VERIFY_NOCERT;
}
else if(NSSCMSVS_SigningCertNotTrusted == si->verificationStatus) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - signing cert not trusted\n"));
rv = NS_ERROR_CMS_VERIFY_UNTRUSTED;
}
#endif
else if(NSSCMSVS_Unverified == si->verificationStatus) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - can not verify\n"));
rv = NS_ERROR_CMS_VERIFY_ERROR_UNVERIFIED;
}
else if(NSSCMSVS_ProcessingError == si->verificationStatus) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - processing error\n"));
rv = NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
}
else if(NSSCMSVS_BadSignature == si->verificationStatus) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - bad signature\n"));
rv = NS_ERROR_CMS_VERIFY_BAD_SIGNATURE;
}
else if(NSSCMSVS_DigestMismatch == si->verificationStatus) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - digest mismatch\n"));
rv = NS_ERROR_CMS_VERIFY_DIGEST_MISMATCH;
}
else if(NSSCMSVS_SignatureAlgorithmUnknown == si->verificationStatus) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - algo unknown\n"));
rv = NS_ERROR_CMS_VERIFY_UNKNOWN_ALGO;
}
else if(NSSCMSVS_SignatureAlgorithmUnsupported == si->verificationStatus) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - algo not supported\n"));
rv = NS_ERROR_CMS_VERIFY_UNSUPPORTED_ALGO;
}
else if(NSSCMSVS_MalformedSignature == si->verificationStatus) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - malformed signature\n"));
rv = NS_ERROR_CMS_VERIFY_MALFORMED_SIGNATURE;
}
goto loser;
}
// Save the profile //
// Save the profile. Note that save import failure is not a signature verification failure. //
if (NSS_SMIMESignerInfo_SaveSMIMEProfile(si) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::VerifyDetachedSignature - unable to save smime profile\n"));
goto loser;
}
rv = NS_OK;
@ -221,6 +293,7 @@ NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsISupportsArray * aRecipientCerts)
SECOidTag bulkAlgTag;
int keySize, i;
nsNSSCertificate *nssRecipientCert;
nsresult rv = NS_ERROR_FAILURE;
// Check the recipient certificates //
PRUint32 recipientCertCount;
@ -247,12 +320,14 @@ NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsISupportsArray * aRecipientCerts)
if (NSS_SMIMEUtil_FindBulkAlgForRecipients(recipientCerts, &bulkAlgTag,
&keySize) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't find bulk alg for recipients\n"));
rv = NS_ERROR_CMS_ENCRYPT_NO_BULK_ALG;
goto loser;
}
m_cmsMsg = NSS_CMSMessage_Create(NULL);
if (m_cmsMsg == nsnull) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create new cms message\n"));
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
@ -263,7 +338,7 @@ NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsISupportsArray * aRecipientCerts)
cinfo = NSS_CMSMessage_GetContentInfo(m_cmsMsg);
if (NSS_CMSContentInfo_SetContent_EnvelopedData(m_cmsMsg, cinfo, envd) != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't set content enveloped data\n"));
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create content enveloped data\n"));
goto loser;
}
@ -299,7 +374,7 @@ loser:
PORT_FreeArena(tmpPoolp, PR_FALSE);
}
return NS_ERROR_FAILURE;
return rv;
}
NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert* aEncryptCert, unsigned char* aDigestData, PRUint32 aDigestDataLen)
@ -309,6 +384,7 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
NSSCMSSignedData *sigd;
NSSCMSSignerInfo *signerinfo;
CERTCertificate *scert, *ecert;
nsresult rv = NS_ERROR_FAILURE;
/* Get the certs */
scert = NS_STATIC_CAST(nsNSSCertificate*, aSigningCert)->GetCert();
@ -320,6 +396,7 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
m_cmsMsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */
if (m_cmsMsg == NULL) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't create new message\n"));
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
@ -409,7 +486,7 @@ loser:
NSS_CMSMessage_Destroy(m_cmsMsg);
m_cmsMsg = nsnull;
}
return NS_ERROR_FAILURE;
return rv;
}
NS_IMPL_THREADSAFE_ISUPPORTS1(nsCMSDecoder, nsICMSDecoder)

1
themes/classic/jar.mn
Просмотреть файл

@ -253,6 +253,7 @@ classic.jar:
skin/classic/messenger/addressbook/icons/remote-addrbook-error.gif (messenger/addressbook/icons/remote-addrbook-error.gif)
skin/classic/messenger/addressbook/icons/abcard.gif (messenger/addressbook/icons/abcard.gif)
skin/classic/messenger/messengercompose/messengercompose.css (messenger/messengercompose/messengercompose.css)
skin/classic/messenger/smime/msgReadSecurityInfo.css (messenger/smime/msgReadSecurityInfo.css)
skin/classic/navigator/contents.rdf (navigator/contents.rdf)
skin/classic/navigator/navigator.css (navigator/navigator.css)
skin/classic/navigator/linkToolbar.css (navigator/linkToolbar.css)

69
themes/classic/messenger/smime/msgReadSecurityInfo.css Normal file
Просмотреть файл

@ -0,0 +1,69 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2002
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* ===== msgReadSecurityInfo.css ========================================
== Styles for the security info window when displaying received mail.
======================================================================= */
@import url("chrome://messenger/skin/");
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
#msgReadSecurityInfo {
width: 40em;
max-width: 50em;
}
#outer_vbox {
margin: 5px;
}
#signatureLabel {
font-weight: bold;
}
#signatureCert {
margin: 5px;
}
#encryptionLabel {
font-weight: bold;
}
#encryptionCert {
margin: 5px;
}

1
themes/modern/jar.mn
Просмотреть файл

@ -361,6 +361,7 @@ modern.jar:
skin/modern/messenger/icons/btn1.gif (messenger/icons/btn1.gif)
skin/modern/messenger/messengercompose/messengercompose.css (messenger/messengercompose/messengercompose.css)
skin/modern/messenger/messengercompose/icons/mast-msgcomp.gif (messenger/messengercompose/icons/mast-msgcomp.gif)
skin/modern/messenger/smime/msgReadSecurityInfo.css (messenger/smime/msgReadSecurityInfo.css)
skin/modern/navigator/contents.rdf (navigator/contents.rdf)
skin/modern/navigator/navigatorBindings.xml (navigator/navigatorBindings.xml)
skin/modern/navigator/linkToolbar.css (navigator/linkToolbar.css)

69
themes/modern/messenger/smime/msgReadSecurityInfo.css Normal file
Просмотреть файл

@ -0,0 +1,69 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2002
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* ===== msgReadSecurityInfo.css ========================================
== Styles for the security info window when displaying received mail.
======================================================================= */
@import url("chrome://messenger/skin/");
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
#msgReadSecurityInfo {
width: 40em;
max-width: 50em;
}
#outer_vbox {
margin: 5px;
}
#signatureLabel {
font-weight: bold;
}
#signatureCert {
margin: 5px;
}
#encryptionLabel {
font-weight: bold;
}
#encryptionCert {
margin: 5px;
}